Endpoint Watchlists
Endpoint watchlists serve two purposes:
- Consolidate alerts pulled from endpoint integrations into Secureworks® Taegis™ XDR
- Apply Secureworks Counter Threat Unit™ (CTU) curated watchlists to normalized endpoint telemetry
Alert Consolidation ⫘
XDR consolidates alerts from endpoint integrations into the following detector names:
- Carbon Black
- CB Cloud Endpoint
- CrowdStrike
- Microsoft Defender for Endpoint
- SentinelOne
Note
Red Cloak™ Endpoint Agent alerts are produced directly in XDR and display in the Secureworks® Taegis™ Watchlist detector.
XDR Watchlist ⫘
Regardless of which endpoint agent is utilized within an environment, XDR applies CTU curated watchlists to normalized endpoint telemetry. This watchlist identifies adversary tactics and techniques within normalized endpoint telemetry.
Detector Requirements ⫘