Cloud Watchlist
The Cloud Watchlist detector converts events sourced from security providers monitoring public cloud assets into Secureworks® Taegis™ XDR alerts. The converted alerts are assigned a severity and confidence based on the activity observed and XDR alert severity and confidence specifications. The original provider severity and confidence can also be referenced in the original event data as needed. The following integrations are currently handled by the Cloud Watchlist detector:
- Microsoft Graph Security
Examples of security threats that can be sourced from third party providers include:
- Atypical Travel
- Compromised Accounts
- Ransomware Activity
- Custom Alerts
Input(s) ⫘
Microsoft Graph Security
Schema ⫘
Third party Alerts
Input Field(s) ⫘
Field |
---|
provider |
sensor_type |
status |
title |
vendor_severity |
Outputs ⫘
Alerts pushed to the XDR Alert Database and XDR Dashboard.
Configuration Options ⫘
None
Detector Requirements ⫘
- Thirdparty Alerts