☰

🌙☀

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Taegis Docs Home
About XDR
Get Started
- Get Started with XDR
- Top 5 Tasks
Integrate with XDR
- Integration Overview
- Data Source Integration Definitions
- All Available Integrations
- Add Data Collectors
- Add Endpoint Agents
- Forward Data to XDR
- Create Custom Parsers
  - Overview
  - Syntax
  - Repeating Fields
  - Overriding and Extending Global Parsers
  - Supported Schemas
  - All Schemas
    - Antivirus
    - Auth
    - CloudAudit
    - DHCP
    - DNS
    - Email
    - Encrypt
    - FileMod
    - HTTP
    - Management Event
    - Netflow
    - NIDS
    - Process
    - Registry
    - Thirdparty
    - Types
Manage Integrations
Alerts, Events, and Investigations
- Alerts
- Events
- Investigations
- CyberChef
Dashboards
Search and Reports
- Search
- Reports
Automation
- Automation Overview
- Supported Playbooks
- Supported Connectors
- Playbooks
- Connectors
- Automation Authoring
  - Building Connector Definitions
  - Building Playbook Templates
  - Common Expression Language (CEL)
Threat Intelligence, Hunting, and Detection
- Threat Intelligence
- Threat Hunting
  - Hunting with Jupyter Notebooks
- Detectors
- Adversary Software Coverage
  - Adversary Software Coverage
  - Frequently Asked Questions
XDR Admin
- Your Account
- Tenant Settings
APIs, SDK, and Magic
- Using XDR GraphQL APIs
- API Authentication
- XDR Python SDK
- Taegis Magic Jupyter Integration
  - Overview
- Alerts API
  - Using the Alerts API
  - Alerts GraphQL API
- Assets API
- Audits API
  - Using the Audits API
  - Audits GraphQL API
- Automations APIs
- Bring Your Own Threat Intelligence API
  - Using the BYOTI API
  - BYOTI GraphQL API
- Collector APIs
- Investigations API
  - Using the Investigations API
  - Investigations GraphQL API
- Threat Intelligence API
  - Using the Threat Intelligence API
  - Threat Intelligence GraphQL API
- Using the Users GraphQL API
- Using the Tenants GraphQL API
- Using the Countermeasures API
- Using the File Upload API
Secureworks Products, Services, and Policies
- Managed iSensor
- ManagedXDR
- ManagedXDR Elite
  - Service Description
  - Onboarding Guide
- ManagedXDR for OT
- ManagedXDR Enhanced
  - Service Description
  - Onboarding Guide
- ManagedXDR–Managed iSensor Add-on
- Secureworks Professional Services
- Legal

Alert Triage Dashboard

dashboards alerts investigations widgets

Use the Alert Triage Dashboard to view activity in your environment and quickly assess possible ongoing threats or notifications of suspected deleterious actions.

Get to the Alert Triage Dashboard ⫘

From the Secureworks® Taegis™ XDR side menu bar, select Dashboards > Alert Triage.
The Dashboard displays.

Alert Triage Dashboard

Edit Dashboard Settings ⫘

Severity ⫘

Filter all Alert Triage Dashboard widgets by alert severity using the severity filter at the top of the dashboard. All are selected by default; deselect those you wish to exclude.

Dashboard Severity Filter

Date/Time ⫘

The Alert Triage Dashboard uses master date/time settings, which change the time period of all widgets at the same time.

Change the time period using the drop-down date/time picker at the top right of the dashboard. The default time period is 72 Hours, but choosing a custom time period overwrites it. The most recent time period selected becomes the new default.

Dashboard Date/Time Picker

Custom Alerts ⫘

To include alerts that match your custom alert rules, open Include Options at the top right and select Custom Alerts.

Dashboard Include Options

Refresh Dashboard ⫘

To refresh the data in all widgets of the Alert Triage Dashboard, select the Refresh Dashboard icon at the top right of the dashboard.

Refresh Dashboard

Widgets ⫘

The Alert Triage Dashboard includes the following widgets:

Recent Alerts ⫘

The Recent Alerts widget displays all alerts that are open and not related to an investigation. The title, create date and time, hostname, and MITRE ATT&CK framework category of each alert are displayed.

Tip

Recent Alerts gives you a method to focus and triage new alerts at a glance.

Recent Alerts Widget

Select any alert to open that alert’s details page.
The top five matching alerts are displayed. Page through to view more, or choose View All to see the entire matching list on the Alerts page.
Matching alerts are filtered according to the Alert Triage Dashboard Settings, such as severity, time range, and whether Custom Alerts are included.
Alerts are sorted from newest to oldest.
Once alerts are either added to an investigation or resolved, they are removed from the widget.
Refresh the page for the latest information.

Alerts by Detector ⫘

The Alerts By Detector widget gives you a quick overview of incoming alerts sorted by detector. This enables you to evaluate alerts from the perspective of alerts inflowing from Secureworks Taegis XDR and third party sources.

Tip

The Alerts By Detector widget gives you an easy-to-understand view of the various alerts coming in from both XDR Detectors and any third party detection sources you have configured. It allows you to see alert activity by detector to help you be aware of activity trends.

Alerts by Detector Widget

Looking for alerts that match your custom rules? Make sure you select Custom Alerts within the Include Options dashboard setting.
Detectors with a large number of alerts compared to others may be displayed with a broken bar to indicate that the bar is not to scale (as shown in the following Taegis Watchlist entry).

Broken Bar on Detector

Detectors are displayed alphabetically.

Recent Investigations ⫘

The Recent Investigations widget lists the five most recently active in-progress investigations. In addition to the investigation name, the widget displays the priority, severity, type, assignee, and when each investigation was last updated.

Tip

The Recent Investigations widget gives you a place to access your ongoing investigations, so you can get back to where you were working, hop over to an active investigation, or view all investigations.

Recent Investigations Widget

Select any investigation to open that investigation’s details page.
The top five most recent investigations are displayed. Choose View All to see the entire matching list on the Investigations page.

Top Concerns ⫘

The Top Concerns widget displays a list of users, domains, hosts, or titles with the most alerts. Select one of these options from the drop-down to view matching results. Each list is sorted by the number of related alerts.

Tip

The Top Concerns widget enables you to review alert data as it pertains to the related entity (user, domain, host, or title watchlist). Grouping alerts by these related entities enables you to focus on alerts currently impacting a particular target.

Top Concerns Widget

Use the drop-down menu to refresh the widget with a matching list.
Choose an item in the list to load a table of relevant alerts on the Alerts page.
Each entity in the list includes a breakdown of the number of alerts by severity, as well as the total number of alerts.

Threat Intelligence Reports ⫘

The Threat Intelligence Reports widget provides a list of the latest CTU™ Threat Intelligence Reports, with a search function that allows you to filter for specific topics or items.

Tip

The Threat Intelligence Reports widget allows you to stay up to date on the Threat Landscape as observed by Secureworks Security Researchers.

Threat Intelligence Reports Widget

Threat Intelligence Reports Pivot Search

Loads the most recent 50 published Intelligence Reports.
Supports infinite scroll, which allows you to continuously scroll back in time for previously published reports.
Allows searching through Intelligence Reports for topics of interest or indicators related to those topics.
Launch a Pivot Search from an Indicator within an Intelligence Report and search the last 30 days of Alerts and Events
See the following topics for more information about:
- Threat Intelligence Overview
- Threat Intelligence Reports

Export Options ⫘

Export Dashboard to PNG ⫘

To export the entire dashboard to a PNG image file, select Actions from the top right of the dashboard and choose Download as PNG. The file automatically downloads.

Export Dashboard to PNG

Export Dashboard Data ⫘

To export all data from the dashboard to a CSV or JSON file, select Actions from the top right of the dashboard and choose the Export Data CSV or JSON option.

Export Dashboard Data

Export Widgets to PNG ⫘

To export an individual widget to a PNG image file, select the vertical ellipsis from the top right of the desired widget and choose Download as PNG. The file automatically downloads.

Export Widget to PNG

To export widget data as a CSV or JSON file, select the vertical ellipsis from the top right of the desired widget and choose the Export Data CSV or JSON option.

Export Widget Data

Alert Triage Dashboard

Get to the Alert Triage Dashboard ⫘

Edit Dashboard Settings ⫘

Severity ⫘

Date/Time ⫘

Custom Alerts ⫘

Refresh Dashboard ⫘

Widgets ⫘

Recent Alerts ⫘

Alerts by Detector ⫘

Recent Investigations ⫘

Top Concerns ⫘

Threat Intelligence Reports ⫘

Export Options ⫘

Export Dashboard to PNG ⫘

Export Dashboard Data ⫘

Export Widgets to PNG ⫘

Export Widget Data ⫘

On this page: