Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Tactic Graphs™


The Secureworks® Taegis™ XDR Tactic Graphs™ Detector models adversary behavior in order to detect malicious behaviors by anticipating adversary tactics. Security applications typically identify threats using countermeasures that detect known malicious adversary actions and activities. When countermeasures block or detect these, the adversaries are forced to modify their tactics in order to continue to operate. It’s an arms race where threat actors and countermeasure developers are constantly iterating on their tactics and the countermeasures to stop them. The Secureworks® Taegis™ XDR Tactic Graphs™ Detector breaks this cycle through adversary behavior modeling.

Tactic Graphs™ Alert

Tactic Graphs™ Alert


The Events Timeline displays when available.

When tactics are identified in your environment Secureworks® Taegis™ XDR generates alerts which are displayed in your Secureworks® Taegis™ XDR tenant.

The Tactic Graphs™ Detector alerts contain the individual behaviors that were identified, and the order of the malicious behaviors.


Authentication events, Netflow records, Process events, Secureworks® Taegis™ XDR Alerts.


Tactic Graphs™ Detector alerts pushed to the Secureworks® Taegis™ XDR Alert Database and Secureworks® Taegis™ XDR Dashboard whenever a tactic is observed in your environment.


The Secureworks® Taegis™ XDR Tactic Graphs™ Detector has no MITRE Mapping.

Configuration Options

No configuration is required; Secureworks data scientists continuously tune and add tactics to the detector.

Detector Requirements


On this page: