XDR Custom Data Source Integration

Professional Services Custom Data Source Integration Custom Parser Service

Service Overview ⫘

Secureworks will assist you with integrating the identified data source into Secureworks® Taegis™ XDR, thus enhancing the value of the information (data outputs) from XDR for your unique needs. The service includes the following:

• Provide one XDR Data Collection and Integration ("DCI") for custom parsing and ingesting data from one customer data source (e.g., log, endpoint telemetry) into XDR to enhance the value and usefulness of XDR to meet your unique needs.
• Integrate your data source according to the following limitations:
  • Up to eight unique event types will be parsed (e.g., logon, logoff, user add, user delete, config save, connection open, connection close, signature detected).
  • Data source should be in one of the following data structures: JSON, CEF, LEEF, CSV, Key-Value Pairs, or unstructured Syslog (with vendor documentation).
  • Up to three applicable schemas (e.g., schemas that exist in XDR such as Auth, DNS, Endpoint, HTTP, Netflow, NIDS); see the Detector Requirements section for the most current information.

Service Methodology ⫘

Preparation ⫘

A Secureworks consultant will work with you to define objectives and deliverables for the Service. Both you and Secureworks will review the high-level requirements for delivering the Service (including reviewing the questionnaire that was completed during the Sales process), introduce key personnel, designate respective POCs, and establish communication channels. This phase includes the following activities:

• Introductory Meeting
  • Discuss Customer's goals for the Integration and key challenges that need to be addressed
  • Agree upon the Service delivery schedule
  • Collect artifacts necessary to facilitate Integration design activities
    • Document purpose of the Integration and include the following:
      • Key objectives of the Integration
      • Risks associated with the Integration
      • Audience who will be analyzing the data outputs related to the Integration
• Analyze Data:
  • Collect and review sample logs
  • Review data transformation requirements
  • Review data output expectations

Design and Implementation ⫘

Secureworks will document the design requirements that will enable successful Integration with XDR. This phase includes the following activities:

• Discuss Integration design:
  • Confirm feasibility of the Integration with XDR development team and modify as necessary
  • Communicate any limitations
• Implement design:
  • Implement the Integration per the agreed-to design. Any issues will be tracked and addressed

Quality Evaluation and Wrap-Up ⫘

Secureworks will evaluate the Integration through sampling, review of steps completed during the DCI Integration, and/or automated techniques, and address defects observed by Customer and Secureworks. Elements to evaluate, as related to the design specifications, include the following:

• Adequacy
• Completeness
• Accuracy
• Effectiveness

Provided that the quality checks are completed satisfactorily, the Integration documentation will be completed and provided to customer. This document will contain:

• Data Integration Strategy and Requirements specification
• Design specifications
• Quality checklist

Within two weeks after the engagement has completed, Secureworks will provide an engagement PDF containing the following:

• Customer requirements
• Summary of created Rules and Automations
• Recommendations for further integrations into XDR

Outcome ⫘

• One XDR DCI for parsing and ingesting data from one customer data source (e.g., log, endpoint telemetry).
• Data source will normalize event data against appropriate XDR schemas and allow for:
  • Structured searching
  • Custom alerting

Scheduling and Booking Information ⫘

To find out more or to book a Custom Integration, contact your Account Manager or Customer Success Manager.