🌙

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Tactic Graphs

detectors

The Tactic Graphs™ Detector models adversary behavior in order to detect malicious behaviors by anticipating adversary tactics. Security applications typically identify threats using countermeasures that detect known malicious adversary actions and activities. When countermeasures block or detect these, the adversaries are forced to modify their tactics in order to continue to operate. It’s an arms race where threat actors and countermeasure developers are constantly iterating on their tactics and the countermeasures to stop them. The Secureworks® Taegis™ XDR Tactic Graphs Detector breaks this cycle through adversary behavior modeling.

Tactic Graphs Detector Alert

Tactic Graphs Detector Alert

Note

The Events Timeline displays when available.

When tactics are identified in your environment, XDR generates alerts that are displayed in your XDR tenant. The Tactic Graphs Detector alerts contain the individual behaviors that were identified, and the order of the malicious behaviors.

Requirements

This detector requires the following data sources, integrations, or schemas:

Inputs

Detections are from the following normalized sources:

Outputs

Alerts from this detector are pushed to the XDR Alert Database and Alert Triage Dashboard.

Configuration Options

This detector is enabled by default when the required data sources or integrations are available in the tenant.

MITRE ATT&CK Category

The XDR Tactic Graphs Detector has no single MITRE Mapping. Check the alert for the specific mapping.

Detector Testing

This detector does have a supported testing method.

See Tactic Graph Detector for testing information.

FROM alert WHERE metadata.creator.detector.detector_id='app:detect:tactic-detector'

References

 

On this page: