Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Secureworks® Taegis™ ManagedXDR for OT


The Taegis™ ManagedXDR for OT Service (“Service”) provides Customer with access to a team of security professionals (the (“OT Specialist Team”), herein referred to as the (“Specialist Team”)) to conduct in-depth analysis for investigations as well as orchestrated response and remediation related to Customer’s OT Environment.

The Specialist Team is available 24x7 via chat, email, and ticket. Customer must purchase the Taegis™ ManagedXDR service (“ManagedXDR”) in conjunction with this Service. For more information, see the ManagedXDR service description. As part of ManagedXDR, the ManagedXDR Security Analysts will review and investigate Threats detected within Customer’s Taegis™ XDR (“XDR”) tenant(s). Threats requiring further analysis as determined by Secureworks will result in creation of an Investigation within XDR. The Specialist Team will conduct additional analyses of investigations identified in XDR related to assets associated with Customer’s OT environment. After analysis is completed for each Investigation, the Specialist Team will take appropriate action based on the documentation developed during Onboarding.

All capitalized words and phrases shall have the meanings set forth herein, as defined in the Glossary, or within the Secureworks-applicable agreement, such as the Customer Relationship Agreement.

Service Components

24x7 Access to OT Specialist Team

Customer will have access to the OT Specialist Team 24x7 via methods described above. From a remote location, the Specialist Team will conduct work on Customer’s behalf and support Customer as defined herein. The Specialist Team will communicate with Customer through email and Secureworks Ticketing System for support related to the activities described herein. The Specialist Team will also communicate with Customer through telephone solely for OT related investigations deemed by Secureworks to be High or Critical.

Threat Investigations

The Specialist Team will conduct Threat Investigations aligned to the following categories:

For all Investigations, upon confirmation of a Threat by the Specialist Team, the Specialist Team will help orchestrate responses and remediation with Customer, which includes communicating with responsible stakeholders and advising Customer about appropriate actions.


The Specialist Team will focus solely on Cybersecurity Threats identified or validated by Taegis™ XDR. Events generated by Customer OT Monitoring Technology related to SCADA alerts, vulnerability scanning, or patching are not considered Threats by this service and will not be investigated. Such out-of-scope events may be data points included in the investigation of a Cybersecurity Threat.

Investigation Procedures

The Specialist Team will primarily operate within Taegis™ XDR as well as Secureworks internal tools. The Specialist Team will investigate all Taegis™ XDR alerts determined by Secureworks teams to be Threats. The Specialist Team will perform investigations based on Secureworks best practices, the initial findings of Managed XDR Security Analysts, and business context provided by the Customer during Onboarding and in an on-going fashion, as well as follow the escalation procedures for OT related Threats that will be developed by Customer and Secureworks during Onboarding. Additionally, the Specialist Team will directly access Customer’s supported OT Monitoring Technology, as needed, to enhance their investigations. Access for the Specialist Team to such platforms must be provided and maintained by the Customer. Customer acknowledges that not providing or maintaining this access for the Specialist Team limits the service that the Specialist Team can provide until the access is restored. The Specialist Team will use the Customer’s OT Monitoring Technology to conduct analyses, identify additional business context, and determine their recommendations.


The Specialist Team does not conduct any activities related to managing Customer’s systems and tools (e.g., no software license or platform/configuration management).

Service Phases

There are two primary phases for delivering the Service: Onboarding and Steady State.


This phase will be managed by an assigned Program Manager (“PM”). The PM will coordinate the activities that must be completed during this phase. Secureworks will guide Customer through multiple activities to help ensure that the Specialist Team has the access, familiarity, and context needed to deliver the Service to Customer. Onboarding is expected to be completed within 6-8 weeks; timeline will be based on dependencies and the project plan that will be agreed-upon during Onboarding.

Steady State

Steady State commences when the Onboarding Checklist is completed and Customer has satisfied all Steady State requirements for the standard ManagedXDR service, which must accompany this Service (see ManagedXDR Onboarding Guide). During Steady State, the Specialist Team will conduct investigations and apply Customer’s business context based on their knowledge of OT security and information from Customer’s supported OT Monitoring Technology. When the Specialist Team confirms a Threat, they will advise on response and remediation for Customer and will collaborate with Customer-designated personnel as appropriate.

The table below indicates timing and activities conducted by Secureworks during the Service Phases. Please note that timing is approximate and predicated on Customer performing its responsibilities described herein.

Phase Activities
Onboarding Timing: Upon start of Services Term

  • Ensure that the Specialist Team can access and use Customer’s Monitoring Technology.
  • Discuss and explain Specialist Team workflows and investigation strategies.
  • Discuss and document escalation processes for OT environment.
  • Discuss and implement Taegis custom alert and suppression rules.
  • Discuss OT Monitoring Technology tuning.
  • Discuss Endpoint tagging and Taegis Data Collector labelling for OT Environment
  • Complete Onboarding Checklist to verify readiness for transitioning to Steady State.
Steady State Timing: 6-8 weeks after Onboarding begins

  • All Taegis™ ManagedXDR investigations and Taegis(tm) XDR observed alerts from Customer OT Environment are reviewed by Specialist Team for OT risk
  • Engage Customer as needed for orchestrated response and remediation activities

Customer Obligations

Customer is required to perform the obligations listed below and acknowledges and agrees that the ability of Secureworks to perform its obligations hereunder are dependent on Customer’s compliance with these obligations. Noncompliance with Customer obligations relative to this Service may result in limitations and reduced service capabilities or suspension of managed components of the Service.

Customer will do the following:

Additional Information

Billing for the Service begins at the same time as billing for Taegis™ XDR. Contact account manager or refer to the official terms as stated on Customer’s Transaction Document from purchase for the most up-to-date details. See the documentation within Taegis™ XDR for information about compatible browsers, Integrations, detectors, dashboards, and training.

Warranty Exclusion

While the Service is intended to reduce risk, it is impossible to completely eliminate risk, and therefore Secureworks makes no guarantee that intrusion, compromises, or any other unauthorized activity will not occur on Customer’s systems.


Term Definition
Alert Prioritized occurrences of suspicious or malicious behavior detected by a detector in Taegis™ XDR.
Investigation A central location within Taegis™ XDR that is used to collect evidence, analysis, and recommendations related to a Threat that may be targeting an asset in a Customer’s IT environment. Investigations are categorized into types, such as Security and Incident Response.
Parties Customer and Secureworks are referenced jointly using this term.
Security Analyst A Secureworks security expert who analyzes alerts deemed High and Critical for customers, and creates and escalates Investigations.
Note: A Security Analyst may also be referred to as a ManagedXDR analyst or an MXDR analyst across other Secureworks documentation.
Services Term Period of time identified in the Transaction Document during which Services will be delivered to Customer.
Threat Any activity identified by Taegis™ XDR that may cause harm to an asset in a Customer’s IT environment.


On this page: