NIDS
The Network Intrusion Detection Systems (NIDS) detector collects and normalizes Intrusion Detection and Prevention (IDP) events from third-party data sources. As part of the normalization process, the events are converted into an alert and assigned a severity and confidence based on the activity observed. The resulting alerts are written to the Secureworks® Taegis™ XDR alert database and published to the dashboard for additional review and analysis. The following integrations are currently handled by the NIDS detector:
- Cisco Firepower Threat Defense (FTD)
- Cisco Meraki
- Corelight
- Palo Alto Threat Events
- Secureworks iSensor®
- Suricata
In addition, the network telemetry collected by the supported integrations is available to the following XDR detectors:
- Domain Generation Algorithms
- Stolen Credentials
- Tactic Graphs™ Detector
- Punycode Detector
- IP Watchlist
NIDS Alert
Inputs ⫘
Intrusion Detection and Prevention events from third-party data sources ingested and normalized into XDR.
Outputs ⫘
NIDS alerts pushed to the XDR Alert Database and XDR Dashboard.
MITRE ATT&CK Category ⫘
MITRE mapping is based on alerting data provided by relevant device(s).
Detector Requirements ⫘
- NIDS