☰

🌙☀

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Taegis Docs Home
About XDR
Get Started
- Get Started with XDR
- Top 5 Tasks
Integrate with XDR
- Integration Overview
- Data Source Integration Definitions
- All Available Integrations
- Add Data Collectors
- Add Endpoint Agents
- Forward Data to XDR
- Create Custom Parsers
  - Overview
  - Syntax
  - Repeating Fields
  - Overriding and Extending Global Parsers
  - Supported Schemas
  - All Schemas
    - Antivirus
    - Auth
    - CloudAudit
    - DHCP
    - DNS
    - Email
    - Encrypt
    - FileMod
    - HTTP
    - Management Event
    - Netflow
    - NIDS
    - Process
    - Registry
    - Thirdparty
    - Types
Manage Integrations
Alerts, Events, and Investigations
- Alerts
- Events
- Investigations
- CyberChef
Dashboards
Search and Reports
- Search
- Reports
Automation
- Automation Overview
- Supported Playbooks
- Supported Connectors
- Playbooks
- Connectors
- Automation Authoring
  - Building Connector Definitions
  - Building Playbook Templates
  - Common Expression Language (CEL)
Threat Intelligence, Hunting, and Detection
- Threat Intelligence
- Threat Hunting
  - Hunting with Jupyter Notebooks
- Detectors
- Adversary Software Coverage
  - Adversary Software Coverage
  - Frequently Asked Questions
XDR Admin
- Your Account
- Tenant Settings
APIs, SDK, and Magic
- Using XDR GraphQL APIs
- API Authentication
- XDR Python SDK
- Taegis Magic Jupyter Integration
  - Overview
- Alerts API
  - Using the Alerts API
  - Alerts GraphQL API
- Assets API
- Audits API
  - Using the Audits API
  - Audits GraphQL API
- Automations APIs
- Bring Your Own Threat Intelligence API
  - Using the BYOTI API
  - BYOTI GraphQL API
- Collector APIs
- Investigations API
  - Using the Investigations API
  - Investigations GraphQL API
- Threat Intelligence API
  - Using the Threat Intelligence API
  - Threat Intelligence GraphQL API
- Using the Users GraphQL API
- Using the Tenants GraphQL API
- Using the Countermeasures API
- Using the File Upload API
Secureworks Products, Services, and Policies
- Managed iSensor
- ManagedXDR
- ManagedXDR Elite
  - Service Description
  - Onboarding Guide
- ManagedXDR for OT
- ManagedXDR Enhanced
  - Service Description
  - Onboarding Guide
- ManagedXDR–Managed iSensor Add-on
- Secureworks Professional Services
- Legal

Red Cloak& Endpoint Agent Changelog

integrations endpoints red cloak secureworks edr

Red Cloak Endpoint Agent for Windows

Version	Date	Change
2.8.5.0	1 Mar 2022	Fix Cross sign certificate for Windows agent drivers Updates from the 2.8.4.0 agent included in this release: Fix for Inspector scan results that were expiring prematurely, thus creating a blind spot for certain rule results Renewed signing certificate Ability to upgrade Red Cloak™ Endpoint Agent if Taegis NGAV Agent is already installed
2.8.3.0	24 Mar 2021	Fix for digital signature errors when upgrading the Red Cloak Agent on older Windows Operating Systems Updates from the 2.8.2.0 agent included in this release: Ability to exclude files and folders from being scanned by the Procwall module, with configuration assistance from Secureworks Performance and storage improvements by purging duplicate events Better detection for PID Spoofing Stability and security improvements from upgraded toolset NOTE: After Red Cloak upgrade/installation, endpoints may not reboot even if there were reboots pending.
2.8.1.0	18 Sept 2020	Ignition module is now removed during a remote uninstall of the agent: All relevant registry entries and files are now removed during an uninstall of the agent The ’rcnotify’ process is now stopped and removed during an uninstall of the agent
2.8.0.0	16 Sept 2020	NOTE: We are making changes to improve our version control, and are therefore labeling our latest Windows Red Cloak Endpoint Agent as version 2.8.x.x. Stability of the Procwall and Cyclorama modules improved Stability and resilience of the Ignition module while performing agent updates improved in cases when another msiexec process is running Ignition module will now perform a CRL (Certificate Revocation Lists) cache refresh if it encounters an expired certificate during the agent update process Mukluk module’s ability to delete host files is now restricted to just Secureworks® Taegis™ XDR files
2.1.5.0	28 Jan 2020	Stability/Performance improvements to Inspector, Lacuna, and Groundling modules Improvements to Ignition Compatibility with SHA2 signed MSIEXEC.exe
2.1.4.0	05 Dec 2019	Red Cloak Endpoint Agent now supports upgrading agents on Windows endpoints from within the Red Cloak Endpoint Agent system MITRE Eval fix from 2.0.7.10 release Release now signed by SHA256 certificate only
2.0.7.10	03 Dec 2019	Fixes for Procwall
2.0.7.9	27 Oct 2019	Performance improvement and able to gather more telemetry from Entwine without dropping predicates
2.0.7.8	14 Oct 2019	Logging level service improvement Add IP address safelisting capability for Hostel Detect parent create time for a process correctly during scan
2.0.7.7	13 Aug 2019	Inspector changes for IR/TTH engagements Bug fixes
2.0.7.6	19 Jul 2019	Support for Windows Server 2019 TLS 1.2 Upgrade Critical bug fixes/improvements
2.0.7.5	11 Jun 2019	RCE-414: Mukluk should consider page file bytes during calculation of memory utilization by modules
2.0.7.4	24 Apr 2019	Self-recovery mechanism in case of deadlocks in agent 2.0 modules Bug fixes

Red Cloak Endpoint Agent for Linux

Version	Date	Change
1.2.15.0	22 Feb 2021	RHEL/CentOS 7.9 and 8.3 now supported Upon upgrade, Red Cloak Linux Agent service no longer re-enables if the service was disabled prior to upgrade A bug where after the `service redcloak stop` command is run, it doesn't return to the command prompt fixed A bug where the Procwall module does not operate correctly if auditd is restarted fixed
1.2.13.0	29 Sept 2020	Ubuntu 16.04, 18.04, and 20.04 now supported .DEB agent package now included for version 1.2.13.0 and later to install on supported Ubuntu devices Oracle Linux 6.4 to 6.10, 7.0 to 7.8, and 8.0 to 8.2 now supported
1.2.12.0	16 Sept 2020	Dependency issue reported in the recently pulled 1.2.10.0 release fixed Agent now installed under /opt instead of /var and can also be relocated to your desired path Lacuna module now captures traffic only on physical interfaces 32-bit packages installed by the 1.2.10.0 agent can be removed by running the 'rc_clean_32bitpkgs.run' script, included along with instructions in this .zip file A bug where Linux port 22 local_port netflows were not being seen by the agent fixed A bug where source and destination ports and IPs were being swapped fixed RHEL/CentOS 8.0 and 8.1 are now supported RedHat Certified Partner from RHEL 8.0 onwards. View details on this accomplishment in the Red Hat Ecosystem Catalog
1.2.9.0	24 Mar 2020	The following changes have been made to the Lacuna module resulting in significant performance improvements: Avoid capturing duplicate NetFlows sourcing from containers (e.g. Docker) Improved the indexing of NetFlows, allowing better tracking and capturing Created an alternate method to lookup, and associate, process IDs (PID lookup) with netflow telemetry
1.2.8.0	25 Oct 2019	Performance improvements to both Lacuna and Procwall
1.2.7.0	11 Oct 2019	Improvement in Lacuna performance by altering PID Lookup algorithm and DNS Query Support DNS type TXT records. Detect parent create time for a process correctly during scan Red Cloak Endpoint Agent will communicate via TLS v1.2+.
1.2.6.1	08 May 2019	Added more logging Bug fixes
1.2.6.0	07 Feb 2019	Bug Fixes