Endpoint watchlists serve two purposes:
- Consolidate alerts pulled from endpoint integrations into Secureworks® Taegis™ XDR
- Apply Secureworks CTU™ curated watchlists to normalized endpoint telemetry
Alert Consolidation ⫘
Secureworks® Taegis™ XDR consolidates alerts from endpoint integrations into the following detector names:
- Carbon Black
- CB Cloud Endpoint
- Microsoft Defender for Endpoint
Red Cloak™ Endpoint Agent alerts are produced directly in Secureworks® Taegis™ XDR and display in the Taegis™ Watchlist detector.
Secureworks® Taegis™ XDR Watchlist ⫘
Regardless of which endpoint agent is utilized within an environment, Secureworks® Taegis™ XDR applies CTU curated watchlists to normalized endpoint telemetry. This watchlist identifies adversary tactics and techniques within normalized endpoint telemetry.
Detector Requirements ⫘