🌙

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Integration Overview

integrations data collectors data sources endpoint agents telemetry


XDR Telemetry Flowchart

There are three types of data that can be integrated with Secureworks® Taegis™ XDR:

There are many ways to configure your security data flow with XDR, depending on the types of data sources you plan to integrate. The chart below illustrates how different data types flow into the XDR data lake.

XDR Telemetry Flowchart

XDR Telemetry Flowchart

Some possible configurations include the following. See Data Sources for more information.

Syslog Data Source → Data Collector → XDR

Set up a data collector in your environment, then set up your syslog data source to feed to the collector directly.

Cloud Data Source → XDR

Configure cloud data sources to forward directly to Taegis XDR without need of a data collector.

SIEM → Data Collector → XDR

Feed security data into a SIEM or other data server, then configure the SIEM or data server to forward to the data collector.

Integrate with XDR

Data Collectors

Data collectors receive and forward syslog telemetry to the XDR data lake. XDR supports unlimited data collectors to acquire telemetry and logs from traditional security controls.

The general workflow for connecting a data collector to XDR is as follows:

  1. Install Collector — Add the XDR Collector to XDR through the Integrations panel.
  2. Configure Collector — Give XDR the appropriate credentials to access the data source.
  3. Configure Firewall — Enable the data to pass the firewall.
  4. Authorize Access — XDR needs permissions from the data collector to integrate; make sure it is authorized with the data source.
  5. Complete Setup — Finish the process and start feeding data into XDR.

Consider the following when determining collector quantity and placement:

Data collector integration guides:

Endpoint Agents

Important

Secureworks requires one of these EDR agents for every XDR deployment.

XDR supports multiple EDR agents, including:

Note

Secureworks does not recommend integrating two endpoint agents into Taegis with the exception of Red Cloak Endpoint Agent with Taegis NGAV. Running multiple endpoint agents may result in duplicate telemetry, duplicate alerts, and/or agent performance issues.

Data Sources

There are multiple ways to integrate data sources into XDR. Some methods utilize the data collector, while others rely on an API connection to an external platform.

At the highest level, data sources can be integrated with XDR via a Secureworks Optimized Integration or a Custom Integration:

Secureworks Optimized Integration

This is an end-to-end integration targeting a data source and ingest path where the downstream outcomes such as normalization, search, and alerting have been predetermined, tested, and documented by XDR.

Start here to determine if the data source you wish to integrate has already been optimized by Secureworks with a set of tested instructions to follow. For a full list of Secureworks Optimized Integrations, see:

Custom Integration

This is an integration where only the transport of data from a data source into XDR is guaranteed; downstream outcomes such as normalization, search, and alerting have not been tested and may require additional work beyond ingest to be achieved.

If the data source you wish to integrate with XDR has not yet been optimized by Secureworks, or you wish to explore additional options for integration, there are several available custom transport methods you can use. For more information, see:

Manage Existing Integrations

To confirm logs have been received as expected, as well as delete or view the status of existing integrations, see the following topics:

 

On this page: