XDR Remote Training

Professional Services Remote Training Administrator Training Analyst Training Custom Parser Training Advanced Search & Reporting Training Scenario Based Training

Service Overview ⫘

While Secureworks provides a wealth of self-directed training, we know that some of our customers prefer, or learn best from, live hands-on personal training. In these occasions, our Secureworks® Professional Services team is here to help you achieve your Secureworks® Taegis™ education goals and mentor you at your pace, based on your level of knowledge and expertise. Our training sessions are extremely valuable both during your initial adoption of Taegis to accelerate time to value, and during steady state operations when business activities affecting people, process, or technology can affect your Taegis deployment.

There are currently five instructor-led remote training options available for Secureworks® Taegis™ XDR:

• XDR Administrator Training
• XDR Analyst Training
• XDR Custom Integration Training
• XDR Advanced Search and Reporting Training
• XDR Scenario Based Training

All of our training packages also include up to four hours of Taegis consultancy to provide recommendations and help enable new features and functionality in your XDR tenant to strengthen your security posture or streamline your operational processes.

Taegis Remote Training Offering ⫘

Our training offering currently consists of the following elements:

• Up to four hours of general Taegis consultancy

And a choice of two of the following training sessions:

• Administrator Training
• Analyst Training
• Custom Integration Training
• Advanced Search and Reporting Training

Or one of the following training sessions:

• Scenario Based Training

Remote Training Curriculums ⫘

As Taegis continues to evolve, so do our training options. The following sections provide examples of the course structures that we currently provide, but can change based on new Taegis features and functionality.

XDR Administrator Training ⫘

The XDR Administrator Training Session is designed to ensure that new customers and new operatives of the XDR application are informed and able to successfully conduct the onboarding of integrations and maximize functionality usage to expedite return on investment.

• Overview of XDR, its detectors, and architecture
• Communicating with Secureworks experts
• XDR Dashboards
• User, auditing, and tenant settings
• Deploying data collectors
• Integrating data sources
• Deploying and managing Taegis Endpoint Agents
• Custom Parser overview
• Automations overview
• XDR search overview
• Introduction to XDR APIs, SDK, and Taegis Magic

XDR Analyst Training ⫘

The XDR Analyst Training Session is designed to provide new security personnel with insight of events, alerts, and investigations, and recommendations on how to handle them. For existing customers, these sessions also prove valuable to refresh existing understanding and insight into new features provided to benefit security investigations.

• Overview of XDR, its detectors, and architecture
• MITRE ATT&CK Framework Overview and XDR applicability
• Communicating with Secureworks experts
• Operating model explanation for XDR
• Events and Schemas
• Working with alerts in XDR
• Suppressing alerts in XDR
• XDR filtering and search options
• Working with investigations in XDR
• Utilizing Auto Investigations
• Report creation
• Custom Rule creation

XDR Custom Integration Training ⫘

While our consultants can build custom parsers for you, we also know that organizations want to be able to develop and hone these abilities themselves. The Custom Integration training sessions are designed to give you insight into how to build custom integrations and ensure that your resources are given the knowledge they need.

• Overview of XDR schemas
• Syslog data formats
• Recommended methodology for Custom Parser creation
• Sampling and analyzing events
• Creating Parent & Standalone Parsers
• Creating Child Parsers
• Creating Custom Alerts

XDR Advanced Search & Reporting Training ⫘

With the Taegis 12-month data retention capability, multiple teams within organizations, including analysts, auditors, and managers, can benefit from the information held within XDR. The chief method of interrogating this data is via the Advanced Search function and these training sessions are aimed at ensuring that your operatives are equipped with the knowledge they need to find and use the data quickly and efficiently.

• Recap on XDR schemas and detectors
• Using the Advanced Search
  • Data validation (integration use-case)
  • SecOps triage (analyst use-case)
• Explaining Logical Types
• Creating a search query with Schema Types
  • Build with Me
  • Statements & Conditions
• Understanding Operators and when to use them
• Creating Aggregated searches
• Using the query language for reporting
• Search History & Saved Searches

As an addition to this session, we will also host a two-hour session to assist you with in-platform report creation using the Advanced Search function.

XDR Scenario Based Training ⫘

These sessions provide an interactive training workshop that focuses on learning how to effectively consume data and information stored within XDR. Each customized session is designed to address challenges experienced by your security personnel through interactive discussion and execution of activities utilizing real data within your tenant to demonstrate the following:

• Use of XDR schemas and its relevance in searching
• How MITRE ATT&CK can benefit Security Operations
• How XDR alerts and events align to the MITRE ATT&CK framework
• How to utilize the XDR advanced search to find key alerts and events
• How to create and update investigations
• How to create Custom Alert rules based on events of interest
• How to suppress noise or false positive alerts

Scheduling and Booking Information ⫘

To find out more or to book an XDR training session, contact your Account Manager or Customer Success Manager.