🌙
 

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Integration Overview

integrations data collectors data sources endpoint agents telemetry


Taegis™ XDR Telemetry Flowchart

There are three types of data that can be integrated with Taegis™ XDR:

There are many ways to configure your security data flow with Taegis™ XDR, depending on the types of data sources you plan to integrate. The chart below illustrates how different data types flow into the Taegis™ XDR data lake.

Taegis™ XDR Telemetry Flowchart

Taegis™ XDR Telemetry Flowchart

Some possible configurations include:

Syslog Data Source → Data Collector → Taegis™ XDR

Set up a data collector in your environment, then set up your syslog data source to feed to the collector directly.

Cloud Data Source → Taegis™ XDR

Configure cloud data sources to forward directly to Taegis XDR without need of a data collector.

SIEM → Data Collector → Taegis™ XDR

Feed security data into a SIEM or other data server, then configure the SIEM or data server to forward to the data collector.

Available Integration Guides

Data Collectors

Data collectors receive and forward telemetry to the Taegis™ XDR data lake. Taegis™ XDR supports unlimited data collectors to acquire telemetry and logs from traditional security controls.

The general workflow for connecting a data collector to Taegis™ XDR is as follows:

  1. Install Collector — Add the Taegis™ XDR Collector to Taegis™ XDR through the Integrations panel.
  2. Configure Collector — Give Taegis™ XDR the appropriate credentials to access the data source.
  3. Configure Firewall — Enable the data to pass the firewall.
  4. Authorize Access — Taegis™ XDR needs permissions from the data collector to integrate; make sure it is authorized with the data source.
  5. Complete Setup — Finish the process and start feeding data into Taegis™ XDR.

Consider the following when determining collector quantity and placement:

Data collector integration guides:

Endpoint Agents

Important

Secureworks requires one of these EDR agents for every Taegis™ XDR deployment.

Taegis™ XDR supports multiple EDR agents, including:

Note

Secureworks does not recommend integrating two endpoint agents into Taegis with the exception of Red Cloak™ Endpoint Agent with Secureworks® Taegis™ NGAV. Running multiple endpoint agents may result in duplicate telemetry, duplicate alerts, and/or agent performance issues.

Data Sources

Once you’ve successfully deployed your data collectors, you are ready to forward data to the collectors. Data collectors receive telemetry and logs from your data sources via syslog protocols on UDP port 514 and TCP port 601.

Refer to the appropriate integration guide for guidance on configuring popular security controls to maximize their visibility and value to Taegis XDR.

Manage Existing Integrations

To confirm logs have been received as expected, as well as delete or view the status of existing integrations, see the following topics:

 

On this page: