Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Corelight Integration Guide

integrations network corelight

The Corelight Sensor should be configured to send logs via syslog to the Taegis™ XDR Collector. Please follow the instructions in the documentation provided by Corelight (account required) to export to syslog.

Connectivity Requirements

Source Destination Port/Protocol
Corelight Sensor Management IP Taegis™ XDR Collector (mgmt IP) TCP/601

Data Provided from Integration

  Antivirus Auth DHCP DNS Email Encrypt Filemod HTTP Management Netflow NIDS Process Thirdparty
Corelight (Zeek)   D Y D   D   D   D D, V    

Y = Normalized | D = Out-of-the-Box Detections | V = Vendor-Specific Detections


Taegis™ XDR detectors are not guaranteed to be triggered, even if a data source's logs are normalized to a schema associated with a given detector. However, you can create Custom Alert Rules to generate alerts based on normalized data from a data source.

Supported Corelight Logs

The following Corelight log types are supported by Secureworks® Taegis™ XDR.


Events from log types not listed here are ignored.

Configuration Instructions

To configure the Corelight Sensor to send logs to Secureworks® Taegis™ XDR via syslog, follow the instructions provided by Corelight to export to syslog.

Consider the following requirements when completing the configuration steps:

Corelight Configuration

Corelight Configuration


On this page: