🌙
 

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Taegis™ Watchlist

detectors


The Taegis™ Watchlist detector applies a Secureworks CTU™ curated ruleset to detect threats. This watchlist applies to normalized telemetry sourced from any ingested data source.

These rules concentrate on normalized endpoint telemetry, but also contain converted IDS rules applied to HTTP/DNS events, and several others.

Note

On June 8th, 2023, the TDR Watchlist detector was renamed to Taegis Watchlist. Alerts produced prior to this date have the detector name TDR Watchlist enriched on their alert detail and alert JSON view.

Inputs

All telemetry normalized into Secureworks® Taegis™ XDR schemas.

Outputs

Taegis Watchlist alerts pushed to the Secureworks® Taegis™ XDR Alert Database and Secureworks® Taegis™ XDR Dashboard.

MITRE ATT&CK Category

MITRE mapping is based on the relevant watchlist.

 

On this page: