🌙
 

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

IP Watchlist

detectors


The IP Watchlist Detector uses a Secureworks CTU™ Threat Intelligence curated list of suspicious IP addresses and compares them to Netflow telemetry collected via supported endpoint and syslog data sources. When a suspicious IP is identified in tenant telemetry an alert is generated. The alert contains the list the suspicious IP was sourced from and the reason it is suspicious within the Alert Description.

Note

The Secureworks iSensor automatically downloads the list of Secureworks malicious IP addresses and uses them within the reputation preprocessor to detect malicious traffic in real-time.

IP watchlist Alert

IP Watchlist Alert

Inputs

Netflow Source and Destination IP events, Endpoint Netflow events

Outputs

Malicious IP Alerts pushed to the Secureworks® Taegis™ XDR Alert Database and Secureworks® Taegis™ XDR Dashboard

MITRE ATT&CK Category

The IP Watchlist Detector has no MITRE Mapping.

Detector Requirements

 

On this page: