To view your organization’s current integrated iSensors, monitor their health, and manage their rules and registration, select Integrations → iSensors from the Secureworks® Taegis™ XDR left-hand side navigation.
This page displays the iSensors that your organization has configured in a summary card or table view.
Adjust the Page View ⫘
Switch between the summary card view and the table view of iSensors using the buttons at the top of the page.
Alter iSensor View
View iSensor Status and Health ⫘
The iSensors page displays quick-view information about each iSensor’s current status and recent activity:
- Status — The current health status of the iSensor:
|The iSensor has reported in and is deployed and healthy.
|The iSensor has not reported in recently or has failed to deploy correctly.
|The iSensor was previously provisioned but has not reported in recently.
|The iSensor has not yet been deployed.
- Mode — The current iSensor traffic processing mode:
|The iSensor traffic passes through and will block traffic when alerted to do so.
|The iSensor traffic passes through and will not block traffic when alerted to do so.
|The iSensor will inspect traffic but the traffic will not pass through the iSensor.
- Rule Set — The current set of rules configured on the iSensor with version:
|This rule set is designed to favor device performance over the security controls.
|This rule set is designed to favor security controls over device performance.
|This rules set is designed to balance the security needs and performance characteristics.
Run the iSensor Change Management Report for detailed information about signature and rule set updates made for each iSensor in your tenant. For more information, see iSensor Change Management Report.
View Detailed iSensor Information ⫘
Select a card from the summary card view or the iSensor name from the table view to open additional details about the iSensor.
Detailed iSensor Information
The top section displays information about the iSensor, such as its name, IP address,
status, mode, rule set in use,
To change any of the values such as
EXTERNAL_NET, contact support.
Allow and Block Tabs ⫘
The Allow and Block tabs display a list of firewall rules configured on the iSensor. Allow rules allow traffic to pass while Block rules block traffic.
Select one or more rules from the list and then choose the Actions menu to Delete or Export to CSV the selected rules.
iSensor Allow/Block Actions
Add Allow or Block ⫘
To add a new Allow or Block rule to the iSensor:
- Select Add Allow or Add Block; the Add Allow/Block Rule form displays.
Add iSensor Block Rule
- Enter at least one Source or Destination address or range.
- The Ports are Destination checkbox is checked by default; uncheck this option if the port definitions for the rule are source ports.
- Specify the ports for the rule: All (default), a single port, a range of ports, or multiple ports separated by commas.
- Select the desired protocol, or leave at the default of all protocols.
- Select the desired time frame the rule is to be in effect, or leave at the default of always in effect.
- Select Deploy Rule to save the rule and attempt to deploy the rule to the iSensor.
Registration Tab ⫘
The Registration tab displays the current Registration Key and the Status of that key.
If the key is expired, select the Actions menu and choose Reactivate Key to reactivate the key for use with this iSensor.
Select the Actions menu and choose Download to download the open source files that are used on the iSensor, and if the device is a virtual device, the virtual device for setup.
iSensor Registration Actions
You must be a Tenant Administrator to make changes to an iSensor.
Making changes to the Secureworks iSensor® configuration of a live iSensor carries the risk of rendering the iSensor inoperable and/or allowing or blocking certain traffic on your network. The Secureworks iSensor® will make every attempt possible to rollback to the previous configuration when a configuration change is unsuccessful. Secureworks iSensor® configuration changes should be treated with the same level of caution used for any other kind of change in your environment according to your risk and change management guidelines. You should always be prepared to redeploy to the device.