Taegis Watchlist
The Secureworks® Taegis™ Watchlist detector applies a Secureworks Counter Threat Unit™ (CTU) curated ruleset to detect threats. This watchlist applies to normalized telemetry sourced from any ingested data source.
These rules concentrate on normalized endpoint telemetry, but also contain converted IDS rules applied to HTTP/DNS events, and several others.
Note
On June 8th, 2023, the TDR Watchlist detector was renamed to Taegis Watchlist. Alerts produced prior to this date have the detector name TDR Watchlist enriched on their alert detail and alert JSON view.
Inputs ⫘
All telemetry normalized into Secureworks® Taegis™ XDR schemas.
Outputs ⫘
Taegis Watchlist alerts pushed to the XDR Alert Database and XDR Dashboard.
MITRE ATT&CK Category ⫘
MITRE mapping is based on the relevant watchlist.