Tactic Graphs
The Tactic Graphs™ Detector models adversary behavior in order to detect malicious behaviors by anticipating adversary tactics. Security applications typically identify threats using countermeasures that detect known malicious adversary actions and activities. When countermeasures block or detect these, the adversaries are forced to modify their tactics in order to continue to operate. It’s an arms race where threat actors and countermeasure developers are constantly iterating on their tactics and the countermeasures to stop them. The Secureworks® Taegis™ XDR Tactic Graphs Detector breaks this cycle through adversary behavior modeling.
Tactic Graphs Detector Alert
Note
The Events Timeline displays when available.
When tactics are identified in your environment, XDR generates alerts that are displayed in your XDR tenant. The Tactic Graphs Detector alerts contain the individual behaviors that were identified, and the order of the malicious behaviors.
Requirements ⫘
This detector requires the following data sources, integrations, or schemas:
- Authentication events
- Netflow records
- Process events
- XDR Alerts
Inputs ⫘
Detections are from the following normalized sources:
- Alerts, Auth, DNS, NIDS, Netflow, Process
Outputs ⫘
Alerts from this detector are pushed to the XDR Alert Database and Alert Triage Dashboard.
Configuration Options ⫘
This detector is enabled by default when the required data sources or integrations are available in the tenant.
MITRE ATT&CK Category ⫘
The XDR Tactic Graphs Detector has no single MITRE Mapping. Check the alert for the specific mapping.
Detector Testing ⫘
This detector does have a supported testing method.
See Tactic Graph Detector for testing information.
FROM alert WHERE metadata.creator.detector.detector_id='app:detect:tactic-detector'
References ⫘