XDR Customization Services
Professional Services Suppression Rules Custom Alert Rules Custom automations Custom Parsers
There are many opportunities to meet business-specific use cases using the customization options within Secureworks® Taegis™ XDR. Our highly skilled Secureworks® Professional Services consultants can create outcomes specific to your use cases, or alternatively guide, teach, and assist you in their creation. Some examples of where customers benefit from our custom capabilities are:
- Custom rule creation
- Custom connector and playbook creation
- Custom parser creation
- Report creation using XDR APIs
Custom Rules ⫘
Every organization is different and will have use cases that are pertinent to internal security or policy requirements that aren't natively alerted upon in XDR. Conversely, some native alerts may turn out to be benign or expected in your environment, such as authorized scanning activity. In either of the aforementioned situations, custom alerting or suppression rules can prove to be invaluable tools.
Custom detection rules allow XDR to alert on normalized events that would not typically become an alert, whereas suppression rules are leveraged to mark alerts as suppressed at the time of alert creation, which removes them from the Alert Triage Dashboard and prevents unnecessary investigation creation, helping reduce analyst alert fatigue.
Custom alerts typically require specific handling when they are generated, and so as part of a custom rule engagement, we will also identify and deploy standard XDR playbooks to support notifications to your personnel or create scheduled reports using XDR Advanced Search reporting features.
Tip
Rules cannot be created for alerts that are generated within XDR; they can only be created for events. See the "Are all schema fields available for custom alerts?" question in the FAQ for Custom Alert Rules.
Custom Automations ⫘
Many automation options exist within XDR, each designed with a specific outcome to provide efficacy and streamlining of enrichment, notifications, or proactive response actions for alerts and investigations. There may be times, though, where these playbooks do not meet the process or response outcome that is required, and this is where a custom automation engagement can assist.
Firstly, we will look to understand your requirements and explain how they can be achieved using XDR automations. Once agreed, we will create the new connectors to interact with your data sources and then create the playbooks that will conduct the required actions to achieve the process outcomes.
Tip
Your data source or cloud service does not need to be integrated with XDR to take advantage of automations.
Custom Integrations ⫘
The XDR catalog of integrations continues to expand, but if you have a business-critical service or asset that is not within our current list of supported data sources, we can create a custom integration.
A custom integration consists of two key phases:
- Getting event data into XDR (the transport method)
- Normalizing and parsing the data to optimize XDR detection and alerting options
Once event data is being consumed and the parser has been created, we will also create a number of custom rules to support additional business use cases and identify any XDR standard automations that could benefit notification of alert generation. This ensures that your new integration is providing maximum value for your XDR security monitoring.
Tip
See Custom Data Source Integration for more information on our Custom Parser service.
XDR API & Reporting ⫘
XDR has reporting capabilities that support operational needs via the Advanced Search or Executive Summary style reports in the report library. However, we know that businesses have additional reporting requirements that may need to be handled differently, and this is where XDR APIs can help. XDR has an extensive suite of APIs that can be used in multiple business use cases and we can provide guidance and support on how to fully use them.
We can also create reporting solutions using our APIs and widely available visualization tools like Microsoft Power BI. Our Professional Services consultants are experienced in creating custom reporting solutions for scenarios such as:
- Situational awareness solutions for Security Operations Centers
- Security Alert or Investigation Trending solutions for Security Leaders
- XDR-integrated data source reporting for Infrastructure Teams
Scheduling and Booking Information ⫘
To find out more or to book a customization engagement, contact your Account Manager or Customer Success Manager.