Watchlists
Secureworks® Taegis™ XDR has a number of watchlist detectors which gather watchlist alerts from third party data sources and normalize and forward them to the Secureworks® Taegis™ XDR Dashboard and Secureworks® Taegis™ XDR Alert Database. A typical Secureworks® Taegis™ XDR account will have Red Cloak™ Endpoint Agent Watchlist alerts, iSensor, and IP watchlist alerts.
Red Cloak™ Endpoint Agent Watchlist ⫘
Red Cloak™ Endpoint Agent Watchlist alerts are presented in Secureworks® Taegis™ XDR from the Red Cloak™ Endpoint Agent Watchlist detector. The severity levels are translated from the Red Cloak™ Endpoint Agent Watchlist to one of Info, Low, Medium, High, or Critical.
Alerts from these watchlists do not currently pull in the underlying events.
Cloud Watchlist ⫘
Watchlist alerts from external cloud security providers display in Secureworks® Taegis™ XDR from the following Secureworks® Taegis™ XDR detectors:
- AWS GuardDuty
- Cloud Watchlist
Note
Alerts from AWS GuardDuty do not currently pull in the underlying events.
Inputs ⫘
Watchlist alerts from third-party data sources ingested and normalized into Secureworks® Taegis™ XDR.
Outputs ⫘
Watchlist alerts pushed to the Secureworks® Taegis™ XDR Alert Database and Secureworks® Taegis™ XDR Dashboard.
MITRE ATT&CK Category ⫘
MITRE mapping is based on the relevant watchlist.