Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Taegis™ Watchlist


The Taegis™ Watchlist detector applies a Secureworks CTU™ curated ruleset to detect threats. This watchlist applies to normalized telemetry sourced from any ingested data source.

These rules concentrate on normalized endpoint telemetry, but also contain converted IDS rules applied to HTTP/DNS events, and several others.


On June 8th, 2023, the TDR Watchlist detector was renamed to Taegis Watchlist. Alerts produced prior to this date have the detector name TDR Watchlist enriched on their alert detail and alert JSON view.


All telemetry normalized into Secureworks® Taegis™ XDR schemas.


Taegis Watchlist alerts pushed to the Secureworks® Taegis™ XDR Alert Database and Secureworks® Taegis™ XDR Dashboard.


MITRE mapping is based on the relevant watchlist.


On this page: