🌙
 

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Secureworks Taegis Glossary

Note

The definitions used in this glossary and throughout the Secureworks® Taegis™ XDR documentation site are for the purposes of using the Taegis™ XDR application. For legal definitions, please refer to the Secureworks service descriptions applicable to your organization.

agent

A device in your organization’s network that Taegis XDR is aware of and monitors for reporting and alerts.

alert

A notification in Taegis XDR created from event(s) from a detector informing you of activity that may need to be investigated further.

API

Application Programming Interface. A set of software functions made available to customers by the Taegis platform that allows for programmatic access to different capabilities within the platform for purposes of integrating with customer or 3rd party software generally used for automation, reporting, etc.

collector

On-premise and cloud-based (virtual) devices that Taegis XDR uses to gather logs.

confidence

A measure of how confident our systems are that an alert is accurate and represents malicious activity, ranging from 1-100. The higher the score, the more confident we are that the alert indicates genuine malicious activity.

connection

In Automation, an instance of a connector that you configure. The connection provides the method that Taegis XDR uses to authenticate to an IT tool within your environment, as well as the URL it should authenticate to.

connector

In Automation, the definition that defines how Taegis XDR communicates with external IT tools, allowing a playbook to execute API calls that are published by a vendor.

CTU Countermeasures

Rulesets that can be deployed to Snort-based sensors and Suricata-based sensors.

data source

The sensors in your network that send telemetry to Taegis XDR.

detector

The devices in your network that continuously monitor your environment data for malicious activity.

edge

In Entity Graph, the directional line representing the relationship or activity between entities.

EDR

Endpoint Detection & Response

endpoint

The devices in your organization’s network that Taegis XDR is aware of and monitors for reporting and alerts. Includes any end-user computing instance (e.g., notebook, laptop, workstation, VDI instance), physical server, virtual server, or computing workload (any installation of a server OS, e.g., Linux, Unix, macOS, Windows).

entity

Data extracted from the events that are part of an investigation that played a role in the incident, including but not limited to usernames, hostnames, IP addresses, and files.

event

A single security-related occurrence on your network.

integration

A collector, API, or data source that is integrated with Taegis XDR.

investigation

The gathered alerts, events, agents, and other data regarding a potential security incident, which you and other members of your organization work to resolve.

MITRE ATT&CK Framework

MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the cybersecurity product and service community.

multi-factor authentication

(MFA) The use of multiple types of authentication to verify a user’s identity for login (e.g. username/password + mobile phone security token).

node

In Entity Graph, the representation of an entity associated with an investigation.

normalized event

A raw event that has been parsed into a database schema, which facilitates common activities such as search, security detections, and other activities.

playbook

In Automation, the definition that defines what actions to take and when to take them using one or more configured connections.

priority

In Investigations, the importance and potential impact to your organization of an investigation’s activities.

query language

An advanced tool in Taegis XDR used to craft searches for alerts and events available in your tenant.

research

Alerts prefixed with RESEARCH are generated by detectors / features in the research development stage. This stage is used measure precision and recall. Documentation is updated at later stages.

rule

A pattern match for generated alerts (alert suppression rules) or ingested events (custom alert rules). Upon successful match, the associated action is performed (e.g., suppress alert or create new alert).

severity

In alerts, a measure of how much of a potential threat some activity poses to your environment. The severity score ranges from 0-1. The higher the score, the bigger the potential threat posed by the activity. Severity is also represented by text labels as Info (0-0.199...), Low (0.2 to 0.399...), Medium (0.4 - 0.599...), High (0.6 - 0.799...), and Critical (0.8-1).

Tactic Graphs™

A trademarked name for Taegis™ XDR’s correlation engine that can pattern match across multiple telemetry sources or alerts to create new detections.

Taegis

The platform that supports Secureworks applications such as XDR, ManagedXDR, and VDR.

Taegis™ ManagedXDR

(Taegis Managed Extended Detection and Response) A fully managed solution delivered through our Taegis security analytics and operations platform, providing advanced threat hunting, detection and rapid response across endpoint, network, and cloud environments.

Taegis™ ManagedXDR Elite

(Taegis Managed Extended Detection and Response Elite) A fully managed solution that includes a dedicated Secureworks expert to perform proactive and iterative threat hunting across your endpoint, network, and cloud environments, and bi-weekly updates on your organization's exposure to targeted threats.

Taegis™ XDR

(Taegis Extended Detection and Response) An advanced security analytics tool that enables you to detect advanced threats, trust your alerts, streamline and collaborate on investigations, and automate the right action.

telemetry

The collection of real-time data pushing continuously from network devices, such as routers, firewalls, and switches, to one or more centralized locations for storage, processing, and analysis.

tenant

An environment on the Taegis platform that aggregates telemetry from many endpoints into a single holistic view. Most customers have one tenant; those with large-scale needs may require multiple tenants.

threat intelligence

Data produced, analyzed, and validated by our 70+ Counter Threat Unit™ researchers and automatically correlated against your telemetry to ensure you are protected from the latest threats and adversary behaviors.

watchlist

A general term for a group of detection rules which create alerts in Taegis XDR. These groups of rules apply to a specific set of telemetry or ingest sources (e.g., IP Watchlist matches Netflow, Domain Watchlist matches DNSquery, etc.).

widget

A dashboard element that displays a snapshot of defined metrics.

 

On this page: