🌙
 

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Secureworks® Taegis™ ManagedXDR Essentials

Note

Other documentation available at https://docs.ctpx.secureworks.com that references ManagedXDR or ManagedXDR Elite is not applicable to this Service. Please see below for the service description that is applicable to the ManagedXDR Essentials service only.

Overview

The Secureworks® Taegis™ ManagedXDR Essentials Service (“Service”) provides Customer with security monitoring and Investigations within Secureworks® Taegis™ XDR (“XDR”) 24 hours a day, 7 days a week (“24x7”). The Service includes Threat detection and Investigations, Threat and proactive response actions, 24x7 access to Secureworks® Security Analysts from within XDR, and additional support and features as described below. All capitalized words and phrases shall have the meanings set forth herein, as defined in the Glossary, or within the Secureworks-applicable agreement, such as the Customer Relationship Agreement.

Note

Endpoint” and “asset” are used interchangeably in this service description.

Service Components

24x7 Access to Security Analysts

Security Analysts are available 24x7 through the Taegis™ XDR in-application chat or ticket system, or through telephone.

Secureworks Services for Taegis ManagedXDR

Secureworks® Taegis™ ManagedXDR customers are entitled to purchase Service Units—upon initial ordering of the Secureworks® Taegis™ ManagedXDR subscription or at any time during the Services Term—for an additional fee. Service Units can be used for Proactive Services or Emergency Incident Response (“EIR”). See the Addendum ‐ Secureworks Services for Taegis ManagedXDR and the Secureworks Services Catalog for information.

Threat Detection and Investigations

Secureworks will review and investigate Threats detected within Taegis™ XDR. Threats requiring further analysis as determined by Secureworks will result in creation of an Investigation within Taegis™ XDR. Secureworks will notify Customer through Taegis™ XDR, email, or supported integrations after enough evidence is collected and a Threat is deemed malicious, or if Secureworks requires further input from Customer to proceed with the Investigation.

Secureworks makes routine updates and changes to Taegis to proactively improve the services and Taegis experience for all customers; therefore, Customer may see customized suppression rules, event filter modifications, and alert tuning in XDR that is designed to minimize low value alerts and focus time on high value alerts.

Threat Response Actions

Secureworks will perform supported Threat response actions within Taegis™ XDR on behalf of Customer, after receiving authorization from Customer. The most current list of supported actions can be provided to Customer upon request. For some supported actions, Customer may optionally authorize Secureworks to perform proactive response actions using Customer-created playbooks within Taegis™ XDR.

Remote Incident Response (“RIR”)

A threat to Customer’s environment may be identified that requires RIR support. Secureworks will determine if RIR is required, continue analysis of the threat as necessary, and communicate with Customer. Communication between Customer and Secureworks for RIR may be through the XDR in-application chat, ticketing system, telephone, and/or IR Hotline. RIR is limited to examination of hosts and infrastructure that have data sources actively integrated with Taegis™ XDR. Additional data that is not within Taegis™ XDR may be gathered and analyzed as part of providing RIR support.

RIR includes the following:

Secureworks will provide up to 40 hours of RIR to Customer annually. Should more than 40 hours be required in any year during the Services Term, Customer can approve additional hours through email as indicated below. Any unused hours at the end of each year of Customer’s Services Term expire.

If Customer has previously purchased Emergency Incident Response Hours (“EIR Hours”) or Service Units directly from Secureworks, then Customer may purchase additional EIR hours or Service Units at the previously agreed rate in the most recent Transaction Document. Customer’s approval for EIR Hours and Service Units shall be sent through email to irservices@secureworks.com. Customer acknowledges and agrees that receipt of such email will be from a Customer representative authorized to commit Customer to the purchase of additional Service Units and/or EIR Hours and email notification is binding upon Customer. Total Fees for Service Units are 100% billable upon Customer’s approval through email. Total Fees for EIR Hours are billed monthly in arrears as hours are consumed.

Additional Incident Response services are available for purchase, including but not limited to the following:

Notes: * Customer acknowledges and agrees that if Purchase Orders (P.O.s) are required for the transaction with Secureworks to extend or add to the originally purchased Service(s), then an updated P.O. will be issued to Secureworks for the extended/added Service(s) specified in the Transaction Document. Secureworks may terminate the Service(s) and/or Engagement as applicable and, notwithstanding the foregoing, Customer acknowledges and agrees that it remains responsible for any additional work performed by Secureworks until such P.O. is received. * If you purchased ManagedXDR through a Secureworks partner, then you must contact that partner for all additional purchases, such as RIR hours.

Secureworks Threat Intelligence

XDR is powered by Secureworks Threat Intelligence. Customer’s network and endpoint telemetry is continually compared against network, endpoint, and behavioral indicators to identify threats within Customer’s IT environment.

Essentials Security Protection Report

Secureworks will provide an Essentials Security Protection Report to Customer through email each quarter. The report will contain security information such as alert types and trends, investigations, and Threat Intelligence as well as programmatic elements including utilization and success criteria.

Service Phases

There are two primary phases for delivering the Service: Onboarding and Steady State.

Onboarding

Prior to onboarding and deployment, Secureworks will activate Customer’s Service by provisioning access to Customer’s instance of XDR, which will also provide Customer with access to: 1) online documentation; and 2) instructions to access and deploy the Taegis/Red Cloak Endpoint Agent.

Customer is responsible for deployment of the Taegis/Red Cloak Endpoint Agent or other supported third-party Endpoint Agent, as well as the XDR Collector in Customer’s environment. Instructions for downloading the XDR Collector are located in the online documentation. Secureworks will assist Customer remotely through teleconference with questions during this process, as needed.

Onboarding Training Preview

While Secureworks considers onboarding complete and the Security Investigation service level set forth below to apply when Customer has deployed at least 40% of its Licensed Volume (e.g., deployed compatible Endpoint Agents to endpoints), Secureworks highly recommends that Customer completely deploy the Red Cloak™ Endpoint Agent (or other compatible Endpoint Agent) on all endpoints—up to Customer’s Licensed Volume—to maximize the effectiveness of the ManagedXDR Essentials service. Until completely deployed, Customer understands, agrees, and accepts the risk that the ManagedXDR Essentials service will have reduced capabilities for Customer’s environment. See the ManagedXDR Essentials Onboarding Guide for more details about these limitations.

Steady State

Steady State monitoring for Customer’s environment commences when Customer has deployed at least 40% of its Licensed Volume (i.e., deployed compatible Endpoint Agents to endpoints).

Phase Activities
Onboarding Timing: From XDR activation until Steady State begins

Collect details about Customer including the following:
  • IT environment
  • Endpoint Agents deployed
  • XDR integrations
  • Primary points of contact and other users
  • Physical locations
  • Critical assets (endpoints) and high-value targets

Facilitate the ManagedXDR Essentials Commencement teleconference to discuss with Customer the following:
  • XDR
  • ManagedXDR Essentials service deliverables
  • Alert triage and Investigations
  • Success criteria and quarterly Essentials Security Protection Report
Quarterly Automated Essentials Security Protection Report Timing: Quarterly; you will receive a report in PDF format through email containing the following
  • Current topics related to the Threat landscape
  • Summary of Investigations and Alert trends

Customer Obligations

Customer is required to perform the obligations listed below, and acknowledges and agrees that the ability of Secureworks to perform its obligations hereunder, including meeting the Service Level Agreements (“SLAs”) listed further below, are dependent on Customer’s compliance with these obligations. Noncompliance with Customer obligations relative to this Service may result in limitations and reduced service capabilities, suspension of managed components of the Service and/or SLAs, or a transition to monitor-only components of the Service.

Customer will do the following:

Service Level Agreements (“SLAs”)

The ability of Secureworks to perform an Investigation and decide whether a Threat is malicious is dependent on a compatible Endpoint Agent being installed on a licensed endpoint in Customer’s IT environment. The service levels below apply to endpoints that are licensed as part of the Service and are actively communicating with the Secureworks infrastructure.

Note

The only type of Investigation for which Secureworks provides an SLA is the Security Investigation; no SLA is provided for any other type of Investigation.

Service Level Definition Measure Target Credit
Security Investigation Secureworks will monitor XDR for Threats.

When malicious activity is detected, Secureworks will perform an Investigation, provide an analysis, and notify Customer.

Secureworks will notify Customer electronically which may include using XDR, email, or supported integrations.

Subsequent related activity identified as part of the ongoing Investigation or monitoring will be appended to an existing Investigation.
Time from Investigation-created timestamp to Customer-notified timestamp as measured by Secureworks Less than 60 minutes 1/100th of the monthly Service fee if difference between the timestamps is 60-240 minutes

1/30th of the monthly Service fee if difference between the timestamps is greater than 240 minutes

Maximum of one credit will be given per calendar day (based on US Eastern time zone)
Service Level Definition Credit
Remote IR Urgent requests for Remote IR submitted through the IR Hotline, the XDR in-application chat, or the ticketing system within XDR will be acknowledged by the Secureworks team within four (4) hours. 1/100th of the monthly Service fee for each calendar day (based on US Eastern time zone) that the SLA is not met

Warranty Exclusion

While this Service is intended to reduce risk, it is impossible to completely eliminate risk, and therefore Secureworks makes no guarantee that intrusion, compromises, or any other unauthorized activity will not occur on Customer’s network.

Additional Information

Billing for the Service begins at the same time as billing for XDR, which occurs when the login credentials for XDR are sent to Customer through email. Contact account manager or refer to the official terms as stated on Customer’s Transaction Document from purchase for the most up-to-date details.

See the documentation within XDR (https://docs.ctpx.secureworks.com/) for information about compatible browsers, integrations, detectors, dashboards, and training. Other information is also available, including release notes.

Glossary

Term Definition
Alert Prioritized occurrences of suspicious or malicious behavior detected by a detector in XDR.
Endpoint Agent An application installed on an endpoint that is used to gather and send information about activities and operating system details of the endpoint to XDR for analysis and detection of Threats.

Use this link to access the list of Endpoint Agents that are compatible with XDR: https://docs.ctpx.secureworks.com/at_a_glance/#endpoints.
Integration Application Programming Interface (“API”) calls or other software scripts for conducting the agreed-upon Services for the connected technology.
Investigation A central location within XDR that is used to collect evidence, analysis, and recommendations related to a Threat that may be targeting an asset in a Customer’s IT environment. Investigations are categorized into types, such as Security and Incident Response.
Security Analyst A Secureworks security expert who analyzes alerts deemed High and Critical for customers, and creates and escalates Investigations.
Note: A Security Analyst may also be referred to as a ManagedXDR analyst or an MXDR analyst across other Secureworks documentation.
Security Incident A XDR-generated circumstance in which a compromise or suspected compromise has occurred involving a Customer’s environment.
Security Investigation A type of Investigation that is conducted for a Critical or High alert or event in XDR after a Security Analyst completes preliminary investigative procedures to determine whether a Threat is valid.
Service Level Agreements (“SLAs”) A binding agreement to meet defined Service delivery standards.
Services Term Period of time identified in the Transaction Document during which Services will be delivered to Customer.
Threat Any activity identified by XDR that may cause harm to an asset in a Customer’s IT environment.

 

On this page: