🌙
 

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Secureworks® Taegis™ XDR 3.3.5.2

Thursday, February 29th, 2024

Features

Cato Networks Integration Added

Taegis™ XDR can now ingest and normalize data from Cato Networks. For more information, see the Cato Networks Integration Guide.

Secureworks® Taegis™ XDR 3.3.5.1

Thursday, February 22nd, 2024

Features

Windows Taegis™ Endpoint Agent Advanced Kernel Telemetry Setting

The Advanced Kernel Telemetry setting for Windows Taegis™ Endpoint Agents is now disabled by default both at a tenant level and in new groups to prevent compatibility issues on Windows endpoints with other security products. You can now configure this setting at a tenant level in Agent Settings and at a group level in Group Configuration.

Cloudflare Integration Added

Taegis™ XDR can now ingest and normalize data from Cloudflare. For more information, see the Cloudflare Integration Guide.

Secureworks® Taegis™ XDR 3.3.5

Thursday, February 15th, 2024

Features

Automations Connections Redesign

Automations > Connections in XDR has been renamed to Automations > Connectors. The page has also been redesigned to streamline configured connections in a Connections tab and connector templates in a Connector Library tab. For more information, see Configured Connections and Connector Library.

Export Dashboard and Widget Data

For users opted in to Preview mode, you can now export dashboard and widget data to CSV and JSON files. For more information, see the Export Data section on Alert Triage, Security Posture, ManagedXDR, and My Dashboards.

Fixes

Date Picker Custom Range Not Scrolling

The Custom Range tab of date pickers throughout XDR were not scrolling correctly. This has been fixed.

Pasting into Suppression Rule Fields Overwriting Content

Pasting text into certain fields when configuring a suppression rule was overwriting all content already present in the field. This has been fixed.

Docs

Log In to Secureworks® Taegis™ XDR Updated

The login instructions have been updated to reflect changes for users opted in to Preview mode, which will soon become the default login experience.

Secureworks® Taegis™ XDR 3.3.4.1

Tuesday, February 13th, 2024

Features

Google Cloud Platform Integration Added

Taegis™ XDR can now ingest and normalize data from Google Cloud Platform (GCP). For more information, see the Google Cloud Platform Integration Guide.

Nozomi Guardian Integration Added

Taegis™ XDR can now ingest and normalize data from Nozomi Guardian for tenants with Taegis™ XDR for OT. For more information, see the Nozomi Guardian Integration Guide.

Secureworks® Taegis™ XDR 3.3.4

Thursday, February 8th, 2024

Features

Taegis™ XDR Mobile App

A new mobile experience for Taegis™ XDR users is now available. For a feature overview video and installation information, see Taegis™ XDR Mobile App.

iSensor Change Management Report Template

Customers with iSensors can now create iSensor Change Management Reports that display detailed information about signature and ruleset updates made for each iSensor. For more information, see iSensor Change Management Report.

Investigations Table Filters Menu Preference

The investigations table now stores the open and close state of the filters menu as a user preference when you navigate from the page. For more information, see Filter Investigations.

Secureworks® Taegis™ XDR 3.3.3

Thursday, February 1st, 2024

Features

Custom Alerts and Filter Options Renamed

On the Alert Triage Dashboard and Alerts page, My Alerts are now named Custom Alerts and Alert Options is now called Include Options. Additionally, the labels within Include Options have been updated and a tooltip is now included. Note that previous preferences for Include Options will not persist. Toggle the options to re-save your preferences. For more information, see Alert Triage Dashboard and Filter for Alerts.

Threat Score Added to Alerts Table of Entity Graph

For users opted in to Preview mode, the Alerts table within Entity Graph has been updated with a column for Threat Score. For more information, see Entity Graph Alerts Tab and Threat Score.

Automations Connections Redesign

In a coming release, Automations > Connections in XDR will be renamed to Automations > Connectors. The page will also be redesigned to streamline configured connections in a Configured tab and connector templates in a Templates tab of one page. This will replace the current separate Connector Library location of templates. This change is currently scheduled for February 15th. For more information, see Configured Connections and Connector Library.

Docs

Windows Taegis™ Endpoint Agent Known Compatibility Issues

Taegis™ Endpoint Agent Known Issues has been updated with information on the interoperability of the Windows agent with other security products.

Secureworks® Taegis™ XDR 3.3.2

Thursday, January 25th, 2024

Features

Data Collector Performance and Maintenance Tabs

Data Collector details now include two new tabs. The Performance tab presents insightful data about the collector throughput and overall performance. The Maintenance tab presents information on upcoming and completed service maintenance and the ability to configure a maintenance window that fits your schedule for future maintenance. For more information, see Manage Data Collectors.

Archive and Restore Multiple Investigations

The ability to archive and restore multiple investigations at once has been added to the Investigations table. For more information, see Archive Investigations and Restore Archived Investigations.

View Tags on Investigations Table

A Tags column is now available to add to the Investigations table to quickly view the tags that have been added to each investigation. For more information, see Filter Investigations.

Create Advanced Suppression Rules from Query Language

For users opted in to Preview mode, advanced suppression rules can now be created to match on an alert's underlying event data using Query Language, leveraging elements such as process.commandline, process, parent_image_path, and other event schemas. For more information, see Alert Suppression Rules.

Fixes

Endpoint Agent Details Alerts Not Loading

Alerts were not loading in the Endpoint Agent detailed view. This has been fixed.

Archived Investigations Incorrectly Displaying in Table

Older archived investigations were displaying in the Investigations table with the Only Show Archived filter toggled off. This has been fixed.

Share links for alert suppression and custom alert rules were redirecting to the landing page rather than the rule. This has been fixed.

Docs

New User Walkthrough Added to Taegis™ Endpoint Agent Introduction

The Taegis™ Endpoint Agent Introduction has been redesigned to include a new user walkthrough to guide your experience with the agent and assist with installation, troubleshooting, and use of the Taegis™ Endpoint Agent.

Windows Taegis™ Endpoint Agent Migrator PowerShell Script Updated

The PowerShell script for Windows agent installations has been updated at Install Windows Taegis™ Endpoint Agent Using PowerShell Script.

Secureworks® Taegis™ XDR 3.3.1

Thursday, January 18th, 2024

Features

Windows Taegis™ Endpoint Agent Migrator PowerShell Script

A PowerShell script that automates the validation of prerequisites for the Windows Taegis™ Endpoint Agent is now available. The script can be used for migrations from Red Cloak™ Endpoint Agent to Taegis™ Endpoint Agent, or for brand new installations. For more information, see Install Windows Taegis™ Endpoint Agent Using PowerShell Script.

Windows Taegis™ Endpoint Agent Advanced Kernel Telemetry Setting

For users opted in to Preview mode, Advanced Kernel Telemetry for Windows Taegis™ Endpoint Agents can now be disabled at the tenant level if you are experiencing compatibility issues with third-party security products. For more information, see Agent Settings.

Secureworks® Taegis™ XDR 3.3

Thursday, January 11th, 2024

Features

Enhanced Investigations Table

The Investigations table in XDR has been redesigned with streamlined navigation, enhanced filters, and quick access actions. For more information, see Work an Investigation.

Entities Added to Investigation Evidence Tab

The investigation details Evidence tab now includes an Entities sub-tab with a table of involved entities that provides the ability to view entity details and take response actions. For more information, see Investigation Evidence.

CSV Exports Renamed Data Exports

The CSV Exports page in XDR has been renamed to Data Exports. For more information, see Data Exports.

Fixes

Entities Persisted in Alert Preview Side Panels

Some entities displayed in alert preview side panels were persisting to subsequent alert previews opened from the table in the background without closing the initial alert first. This has been fixed.

Investigation PDF Export Formatting Issue

A bug has been fixed where investigation PDF exports were truncating certain sections and tables.

Incorrect iSensor Registration Status

A bug causing iSensor registration statuses to incorrectly display as expired has been fixed.

Incorrect Endpoint Response Actions

Response actions were appearing in the actions menu of endpoint summary views for incorrect endpoint types. This has been fixed.

Secureworks® Taegis™ XDR 3.2.42

Thursday, December 14th, 2023

Features

User Profile & Settings Redesigned and Enhanced

User Profile & Settings in XDR has been updated with a two-column layout, collapsable sections, and the addition of options to set a landing page in XDR and to reset all your preferences. For more information, see User Profile & Settings.

Renew Taegis™ Endpoint Agent Registration Keys

Taegis™ Endpoint Agent registration keys are designed to provide secure and controlled access to the Taegis™ Endpoint Agent. The registration key expiration is used to enhance the security of our agent and protect it from unauthorized use. In addition to viewing the registration key and expiration from Group Configuration in XDR, you can now manually renew a key. For more information, see Registration Keys.

Endpoint Agents Cloud Provider Indicators

For users opted in to Preview mode, the Endpoint Agents Summary table now includes an icon next to hostnames of endpoints that are identified as cloud assets to indicate the cloud provider. For more information, see Identify Cloud Instances.

Taegis™ Endpoint Agent Auto Archive Setting

Auto Archive for Taegis™ Endpoint Agents can now be configured at the tenant level in addition to group level. For more information, see Agent Settings.

The Insights tab of alert details now includes a section of open and closed investigations related to entities associated with the displayed alert. For more information, see Related Investigations.

Secureworks® Taegis™ XDR 3.2.41

Thursday, December 7th, 2023

Features

Alert Threat Score

Threat Score has left Preview mode and is now generally available. For more information, see Threat Score.

Export Data from Report Templates to CSV and JSON

You can now generate a CSV and/or JSON file that contains the non-aggregated data with the PDF for report templates. For more information, see Create Reports from a Template.

Fixes

Hostnames Persisted in Alert Preview Side Panels

Hostnames displayed in alert preview side panels were persisting to subsequent alert previews opened from the table in the background without closing the initial alert first. This has been fixed.

Data Collector Health Graph Timestamps

Data Collector Health graph timestamps were not reflecting the time zone preference set in User Profile & Settings. This has been fixed.

Secureworks® Taegis™ XDR 3.2.40

Friday, December 1st, 2023

Features

Alert Threat Score

For users opted in to Preview mode, Threat Score is a new contextually aware priority value assigned to alerts by the patent-pending Taegis™ Prioritization Engine. The score ranges from 0 - 10 with a higher score representing a higher risk to your organization. For more information, see Threat Score.

Manage iSensors

You can now view your organization’s current integrated iSensors, monitor their health, and manage their rules and registration on the iSensor page. For more information, see Manage iSensors.

Custom Reports Search Query

Custom reports created from an advanced search now include the search query in an appendix of the report PDF to more easily identify the data being reported. For more information on Custom Reports, see Configure Custom Reports.

Fixes

Incorrect Data in Taegis™ XDR User Admin Summary Report

Some Taegis™ XDR User Admin Summary Reports included active users in the Inactive Users section and did not show users that were deactivated in the Registration Status Changes section. These issues have been fixed.

Criteria for Suppression Rule Not Populating

A bug has been fixed where the Suppression Rule criteria list was intermittently not populating when creating a rule directly from an alert.

MITRE Mapping Not Presented

Some alerts with MITRE information present in the JSON of the alert did not present that MITRE info in the XDR UI or reports. This has been fixed.

Secureworks® Taegis™ XDR 3.2.39

Thursday, November 16th, 2023

Features

Manage iSensors

For users opted in to Preview mode, you can now view your organization’s current integrated iSensors, monitor their health, and manage their rules and registration on the iSensor page. For more information, see Manage iSensors.

Excessive Playbook Executions Notification

You can now enable notifications for excessive playbook executions from your User Profile & Settings. For more information, see Notification Preferences.

Fixes

Scheduled Reports Not Executing

In certain situations, scheduled reports did not run on the correct date. This has been fixed.

Docs

Lambda Migration

Documentation has been added with instructions for updating the Secureworks® Taegis™ XDR Lambda function used in Amazon integrations. For more information, see Lambda Migration.

Provided Data from Integrations

The tables of provided data from integrations on Capabilities at a Glance have been updated. For more information, see Provided Data from Integrations.

Secureworks® Taegis™ XDR 3.2.38

Thursday, November 9th, 2023

Features

Entity Graph Now Available

For users opted in to Preview mode, you can now access Entity Graph, a powerful addition to our XDR platform that provides enhanced visibility. The Entity Graph offers a live, visual representation of entity relationships, simplifying security investigations and decision-making processes. For more information, see Explore an Investigation in Detail with Entity Graph.

Investigation Enhancements

For users opted in to Preview mode, a new Entities sub-tab is now available under the Evidence tab allowing you to view details and respond to individual entities that are part of an investigation. The audit history has been moved to a new top-level History tab along with the Timeline view. For more information, see Investigation Evidence and Investigation Timeline.

Fixes

Unsortable Columns in Investigations Table

Columns in the Investigations table that do not support sorting can no longer be clicked as if they do.

Docs

Security Posture Dashboard Event Pipeline Widget

Documentation regarding the date range used for the data populating the Event Pipeline widget has been updated. For more information, see Event Pipeline.

Secureworks® Taegis™ XDR 3.2.37

Thursday, November 2nd, 2023

Features

Legacy Response Actions to be Removed

Legacy response actions have been replaced by playbook-driven actions. After configuring these actions via playbooks, the legacy response actions such as Disable User, Isolate Host and Disrupt Process for Red Cloak, and Block IP for iSensor, are no longer available. These legacy actions will be removed beginning November 6, 2023. While most customers have already adopted the playbook-based response actions, we wanted to provide notification for customers that have not yet adopted the new response actions. Please ensure you have configured response action playbooks for your environment prior to November 6 to assure no interruptions. For more information about response actions, see the Automations Documentation.

Fixes

Issues with Events Export to CSV from Alerts

The CSV export of events from an alert did not include all columns and contained improperly formatted data. This has been fixed.

Advanced Search for Fields Containing Hostname

When running an advanced search query with an event field containing the word hostname, an incorrect Looking up hostname(s) message displayed. This has been fixed.

Enterprise SSO Draft Connections Not Editable

SSO connections in Draft status can now be selected from the Enterprise SSO page to complete configuration.

Secureworks® Taegis™ XDR 3.2.36

Thursday, October 26th, 2023

Features

Custom Roles

Custom Roles is now generally available and allows you to create and manage custom user roles using the categories and permissions detailed in User Roles to tailor access for your tenant users to your needs. For more information, see Custom Roles.

Registration Key Expiration Added to Group Configuration Table and Details

The Taegis™ Endpoint Agent Group Configuration table and details now display registration key expiration dates. For more information, see Group Configuration.

Reset Multi-Factor Authentication in App

For users opted in to Preview mode, you can now reset your multi-factor authenticator from your User Profile and Settings in Taegis™ XDR. For more information, see Security Settings.

Fixes

Add Custom Role Action Removed for Tenant Analysts

Tenant Analysts can no longer add a custom role, as designed.

Pivot Searches Not Loading Events

Fixed an issue where a pivot search on certain field types would not present the Events tab in the results.

Secureworks® Taegis™ XDR 3.2.35

Thursday, October 19th, 2023

Features

Configured Response Actions Added to Subscriptions

The Subscriptions page in Taegis™ XDR now displays a table with configured response actions for the tenant. For more information, see Subscriptions.

TAXII 2.1 Integration

For users opted in to Preview mode, the TAXII 2.1 integration is now available to ingest threat indicators into Taegis™ XDR to generate alerts via the Bring Your Own Threat Intel Detector. For more information, see TAXII 2.1 Integration Guide.

Export Data from Report Templates to CSV and JSON

For users opted in to Preview mode, you can now generate a CSV and/or JSON file that contains the non-aggregated data with the PDF for report templates. For more information, see Create Reports from a Template.

Fixes

Hostname Field Error When Adding Collector

The Hostname field used when configuring DHCP for a data collector was accepting unsupported characters and displaying an unrelated error message. This has been fixed.

Incorrect Data from Report Templates

Report templates used for time periods greater than 90 days incorrectly presented zero data in charts for the final month. This has been fixed.

Docs

Common Expression Language Macros

The documentation for Common Expression Language (CEL) macros used in Automations has been reorganized and improved with additional macros, examples, and explanations.

Secureworks® Taegis™ XDR 3.2.34

Thursday, October 12th, 2023

Features

Custom Roles

For users opted in to Preview mode, you can now create and manage custom user roles using the categories and permissions detailed in User Roles to tailor access for your tenant users to your needs. For more information, see Custom Roles.

Anomali Integration

For users opted in to Preview mode, the Anomali integration is now available to ingest threat indicators into Taegis™ XDR to generate alerts via the Bring Your Own Threat Intel Detector. For more information, see Anomali Integration Guide.

Fixes

Auto Investigation Template Description Not Editable

The description field for Automatic Investigation templates was not present when editing a configured template. This has been fixed.

Pivot Search for DNS Events Used Incorrect Query

A bug has been fixed where some pivot searches for DNS events from a data source were using an incorrect query.

Docs

Okta Integration Guide Updated

The Okta Integration Guide has been updated with additional procedural guidance and updated list of events received from Okta.

Secureworks® Taegis™ XDR 3.2.33

Thursday, October 5th, 2023

Features

Endpoint Agent Details Redesigned

The Endpoint Agent detailed view has been redesigned to eliminate tabs and provide access to details, alerts, and history from a single view. For more information, see Manage Endpoint Agents.

Fixes

ServiceNow Bidirectional Outbound Playbook Comments

Comments added to investigations were not syncing to ServiceNow work notes. This has been fixed.

A bug has been fixed where hostname links in event details pages were broken.

Automatic Investigations Template View Not Persisting

Selecting the option to view auto investigation templates in list view was not persisting. This has been fixed.

Docs

Amazon CloudWatch Logs

Documentation has been added that reviews how to ingest data from sources produced by CloudWatch Logs. For more information, see Amazon CloudWatch Logs Integration Guide.

Bring Your Own Threat Intelligence API

Documentation has been added for the Bring Your Own Threat Intelligence (BYOTI) API. For more information, see Using the BYOTI API and BYOTI GraphQL API.

Secureworks® Taegis™ XDR 3.2.32

Thursday, September 28th, 2023

Features

Bring Your Own Threat Intelligence

The new Bring Your Own Threat Intelligence (BYOTI) Detector is now available in Taegis™ XDR and enables you to integrate Threat Intel indicator lists and generate alerts when those indicators are found in normalized telemetry. This detector requires a supported Threat Intel integration, which currently includes AlienVault OTX.

Taegis™ Endpoint Agent Group File Collection

You can now enable or disable implicit file collection for Taegis™ Endpoint Agents at a group level. For more information, see Group Configuration.

Manage Users Enhanced

Manage Users in Taegis™ XDR has been enhanced with improved filter options, visual indicators for users added as points of contact in escalation lists, and other improvements. For more information, see Manage Users.

Share Auto Investigation Templates

You can now share direct links to automatic investigation templates. For more information, see Share Automatic Investigation Templates.

Actions Added to Alerts Tab of Endpoint Agent Details

An actions menu has been added to the Alerts tab of the Endpoint Agent detailed view. For more information, see Manage Endpoint Agents.

Fixes

Investigations Issue

Fixed a bug affecting the ability to load and close investigations.

Reports Aggregated by Resource Field Failing

Fixed an issue where reports aggregated by the resource field were failing with errors.

Docs

NXLog Template Updated

The Windows Event Log NXLog template has been updated. See NXLog Template Downloads.

Automatic Investigations

Documentation for Automatic Investigations has been updated with additional guidance. See Automatic Investigations.

Secureworks® Taegis™ XDR 3.2.31

Friday, September 22nd, 2023

Features

Okta Integration Enhanced

The Okta integration has been enhanced with improvements to the configuration process. For more information, see Okta Integration Guide.

Pass the Ticket Detector Removed

The Pass the Ticket Detector is being decommissioned. For the full list of detectors, see Detectors Overview.

Investigation Tags Now Available

You can now add tags to investigations. For more information, see Work an Investigation.

Fixes

Date/Time Picker Display Issue

Fixed an issue where the date/time picker did not display correctly due to browser zoom settings.

Playbook Execution Line Chart Colors

Playbook execution line charts now display the correct colors for executions and failures.

Opening Comments in Investigation Truncates Title

Fixed an issue where the investigation title was truncated when investigation comments were expanded.

Secureworks® Taegis™ XDR 3.2.30.1

Friday, September 15th, 2023

Features

Export Dashboards and Widgets to PNG

You can now export both dashboards and individual dashboard widgets to a PNG image. For more information, see Alert Triage Dashboard, Security Posture Dashboard, Taegis™ ManagedXDR Dashboard, and My Dashboards.

Secureworks® Taegis™ XDR 3.2.30

Thursday, September 14th, 2023

Features

File Analysis Detector

The File Analysis Detector, now available in Taegis™ XDR, identifies malicious files on endpoints with the Taegis™ Endpoint Agent. For more information, see File Analysis Detector.

Collector API Query Deprecation and New Datasource API

On October 14, 2023, the existing getDataSourceMetrics query used to fetch datasource metrics will be deprecated in favor of the new Datasource GraphQL API exposing getDataSourceLastSeenAsset, which provides the same functionality as well as new capabilities such as deleting data sources. For more information, see Datasource GraphQL API.

Taegis™ Agent Settings

For tenants using the Taegis™ Endpoint Agent, a new Agent Settings page is now available. For more information, see Agent Settings.

Fixes

Alerts Not Loading

A bug affecting alert loading has been fixed.

Automation Connection Buttons Unresponsive

The Edit button on configured connections and Add Connection button on connectors were unresponsive in the Japanese UI. This has been fixed.

Reports Formatting Issue

A bug where the table of contents in Japanese reports was improperly formatted has been fixed.

Copied IP Addresses Included Extra Characters

A bug where double-clicking to copy an IP address in XDR included extra characters has been fixed.

Docs

Taegis™ Magic Jupyter Integration Overview

Overview documentation for Taegis™ Magic Jupyter Integration, a Jupyter Notebook and Command Line Interface for interacting with the Secureworks® Taegis™ security platform, is now available. See Taegis™ Magic Jupyter Integration.

Threat Hunting with Jupyter Notebooks

Documentation describing the tools and workflows that enable threat hunting procedures using Jupyter Notebooks is now available. See Hunting with Jupyter Notebooks.

Secureworks® Taegis™ XDR 3.2.29

Thursday, September 7th, 2023

Fixes

Auto Investigation Optimizations

The view has been optimized to allow for better filtering when viewing Automatic Investigations. In addition, the window close button has been fixed as the window would not close in some instances.

Error Message Optimizations

For some event and pivot search screens, errors would display incorrectly. This has been fixed.

Report Time Errors

Reports were showing different times between the English version and Japanese versions of the same report. This has been fixed.

Secureworks® Taegis™ XDR 3.2.28.1

Friday, September 1st, 2023

Features

Automatic Investigations

Automatic Investigations has left Preview mode and is now generally available. Taegis™ XDR can now analyze your alerts and automatically create investigations based on criteria you define. For more information, see Automatic Investigations.

Docs

Taegis™ NGAV Agent Update

The Taegis™ NGAV Enterprise Administration Guide has been updated. For more information, see Setting up the Taegis™ NGAV Agent.

Secureworks® Taegis™ XDR 3.2.28

Wednesday, August 30th, 2023

Features

Refresh Alert Triage Dashboard

You can now refresh the data in all widgets on the Alert Triage Dashboard. For more information, see Refresh Dashboard.

Export Dashboards to PNG

For users opted in to Preview mode, you can now export dashboards in XDR to a PNG image. For more information, see Alert Triage Dashboard, Security Posture Dashboard, Taegis™ ManagedXDR Dashboard, and My Dashboards.

Fixes

Unsupported Entities in Suppression Rule Creation

When creating a Suppression Rule from an alert, XDR was including entities not currently supported for rule configuration. This has been fixed.

See All Events Option Not Working

For some alerts, using the See All Events option led to an invalid search query. This has been fixed.

Investigation Status Message Improperly Formatted

A bug has been fixed where adding alerts to investigations with titles longer than 50 characters resulted in an improperly formatted status message.

Investigation PDF Exports Missing Details

A bug has been fixed where PDF exports of investigations were missing investigation details.

Secureworks® Taegis™ XDR 3.2.27

Thursday, August 24th, 2023

Features

Akamai Enterprise Application Access Integration Added

Taegis™ XDR can now ingest and normalize data from Akamai Enterprise Application Access (EAA) via Akamai Unified Log Streamer (ULS). For more information, see the Akamai EAA Integration Guide.

Office 365 Management API Integration Added

This integration replaces Office 365 Management Activity API. For more information, see Office 365 Management API Integration Guide.

Fixes

Playbook History Table Not Filtered by Date/Time Range

The Playbook History table was not being filtered by the range set in the date/time picker. This has been fixed.

Save and Finish Button Not Working in Playbook Instance

While editing a playbook instance, the Save and Finish button was not functioning correctly if you skipped directly from the initial Details section to the final Inputs section. This has been fixed.

Incorrect Next Scheduled Date for Reports in Japanese Mode

The Next Scheduled Date was not being set correctly when scheduling a report with the UI in Japanese mode. This has been fixed.

Secureworks® Taegis™ XDR 3.2.26

Thursday, August 17th, 2023

Fixes

Trigger Filter Not Displaying

In some playbooks, the trigger filter was not displaying properly. This has been fixed.

Endpoint Agents Summary Table Pagination Error

The Endpoint Agents Summary table pagination was not updating after adding a tag to an endpoint and refreshing. This has been fixed.

Secureworks® Taegis™ XDR 3.2.25.1

Tuesday, August 15th, 2023

Features

Automatic Investigations

Automatic Investigations is now available in Preview. Taegis™ XDR can now analyze your alerts and automatically create investigations based on criteria you define. For more information, see Automatic Investigations.

Secureworks® Taegis™ XDR 3.2.25

Friday, August 11th, 2023

Features

Endpoint Agents Navigation Improved

Tabs previously available on the Endpoint Agents page in XDR are now discrete options available from the left-hand side navigation Endpoint Agents menu. For more information, see Manage Endpoint Agents.

Docs

Event Hub Scaling Added to Microsoft Defender Integration

Microsoft Defender for Endpoint Integration Guide has been updated with instructions on event hub scaling. For more information see Scaling Event Hub.

Fixes

Alerts Detail Events Table Not Reloading

For some tenants the Events tab in the Alerts panel was not repopulating after selecting it, navigating away, then returning to it. This has been corrected so that it repopulates correctly.

Secureworks® Taegis™ XDR 3.2.24

Thursday, August 3rd, 2023

Features

Taegis™ Endpoint Agent Auto Archive

For users opted in to Preview mode, you can now specify a time frame after which any Taegis™ Endpoint Agents assigned to a group that have not reported to XDR are archived from view on the Agent Summary table. For more information, see Group Configuration.

On-Premise Automation Connector Now Supports LDAP Authentication

The On-Premise Automation Connector now supports LDAP authentication to provide the connector access to Active Directory and LDAP directory services. If an older version of the On-Premise Connector is configured, you must delete the connector and re-add it to the data collector. For more information, see On-Premise Automation Connector. The system the collector is deployed to requires network access to the AD/LDAP services.

Fixes

Investigation PDF Exports Incorrect Formatting

Some PDF exports of investigations were not formatted correctly. This has been fixed.

Select All on Data Sources Table Not Working

The Select All function of the Data Sources table persisted after filters were adjusted. This has been fixed.

Docs

Taegis™ Endpoint Agent Beta Release Channel

See Taegis™ Agent Beta Release Channel for more details on the benefits and recommended uses of the Taegis™ Agent Beta release channel.

Secureworks® Taegis™ XDR 3.2.23

Thursday, July 27th, 2023

Features

Taegis™ Help Center

The Taegis™ Help Center is now available. Now you can access and search the Taegis™ Documentation and Knowledge Base from a central location. To open the Taegis™ Help Center from Taegis™ XDR, select the help icon ( Help icon ) in the upper right-hand corner, then choose Help Center from the pull down menu.

Microsoft Azure Active Directory Activity Reports Integration Added

This integration replaces Azure Active Directory — Monitoring. For more information, see Microsoft Azure Active Directory Activity Reports.

Playbook Queues Removed

Playbook Queues have been removed due to platform improvements in scalability and simplification of the execution process. Playbook instances are logged and can be tracked from the History tab of Playbooks. See Playbooks History for more information.

Fixes

Agent Downloads

The Agent Downloads tab of Endpoint Agents is available only for users with the Tenant Admin role as designed.

Searches Not Appearing in History

Some searches were not appearing in the History tab of Advanced Search. This has been fixed.

Secureworks® Taegis™ XDR 3.2.22

Thursday, July 20th, 2023

Features

Sentinel One Regions

The Taegis™ XDR Sentinel One integration now supports the apne1 region.

Fixes

Automations Playbooks List Errors

List order by status now sorts as expected in the Automations Playbooks List.

Investigation Timeline

Some events were not appearing at the correct related time in the Investigations timeline. This has been corrected.

Secureworks® Taegis™ XDR 3.2.21

Thursday, July 13th, 2023

Features

Taegis™ XDR User Administration Summary Report Template

The Taegis™ XDR User Administration Summary Report has left Preview mode and is now available to all users. For more information, see Taegis™ XDR User Administration Summary Report.

Taegis™ XDR Python SDK

The Taegis™ XDR Python SDK is now available. The Python SDK is a library you can use with Taegis™ XDR’s GraphQLs APIs to greatly speed and enhance any custom integrations with Taegis™ XDR. For more information, see Taegis™ XDR Python SDK.

Delete Data Sources

You can now delete data sources to remove the device records from the Data Sources table. For more information, see Delete Data Sources.

Fixes

Investigation Titles Character Limit

Investigation titles are now limited to 256 characters.

Data Sources Not Loading

Data sources were not loading properly for certain users. This has been fixed.

Endpoint Agents Table Tag Filter

Filtering the Endpoint Agents table by Tag is now case insensitive.

Secureworks® Taegis™ XDR 3.2.20

Thursday, July 6th, 2023

Features

OPNsense Integration Added to Taegis™ XDR

Taegis™ XDR can now ingest and normalize data from OPNsense. For more information, see the OPNsense Integration Guide.

pfSense Integration Added to Taegis™ XDR

Taegis™ XDR can now ingest and normalize data from pfSense. For more information, see the pfSense Integration Guide.

Time Zone

You can now set the time zone in Taegis™ XDR to match the time and date to your time zone preference. For more information, see Time Zone in Profile Settings.

Docs

Using File Upload API

Using the File Upload API has been updated.

Provided Data Tables Updated

The Provided Data tables for third party integrations have been updated.

Fixes

Exported Investigations Not Masking Assignee or Creator for Tenant Users

Exported investigations were not masking assignee or creator data for Tenant Users. This has been fixed.

Secureworks® Taegis™ XDR 3.2.19

Thursday, June 29th, 2023

Features

Claroty CTD Integration Added to Taegis™ XDR for OT

Taegis™ XDR can now ingest and normalize data from Claroty CTD. For more information, see the Claroty Continuous Threat Detection (CTD) Integration Guide.

Dragos Platform Integration Added to Taegis™ XDR for OT

Taegis™ XDR can now ingest and normalize data from the Dragos Platform. For more information, see Dragos Platform Integration Guide.

Docs

Supported Connectors for Automations Update

The Supported Connectors list for Secureworks® Taegis™ XDR Automations has been updated. For more information, see Supported Connectors.

Fixes

Error Filtering Playbook Status/Name Columns

Filtering for Playbook Status/Name columns now works as expected.

Some CSV Export Files Contain Irrelevant Fields

Some export files were not correctly populating with data. The data not importing correctly, such as those from health status and some from the Cloud API has been temporarily filtered out.

Label Correction in Enterprise SSO Add New Connection

The label for Assertion Customer Service URL has been corrected to Assertion Consumer Service URL.

ManagedXDR Export All as CSV

ManagedXDR’s Export All as CSV function now exports all expected results.

Secureworks® Taegis™ XDR 3.2.18

Thursday, June 22nd, 2023

Features

Taegis™ XDR User Administration Summary Report Template

For users opted in to Preview mode, you can now create Taegis™ XDR User Administration Summary Reports from a predefined template. For more information, see Taegis™ XDR User Administration Summary Report.

Fixes

Suppression Rule Alert Title Entity

When creating a suppression rule from an alert, the Alert Title entity is now available in the pre-populated list from the alert as designed.

Docs

Office 365 and Azure Data Availability Doc Update

Additional information on data availability, collection times, and collection variables has been added to Office 365 and Azure Data Availability.

Secureworks® Taegis™ XDR 3.2.17

Thursday, June 15th, 2023

Fixes

Proofpoint Alerts Cannot Be Used in Suppression Rules

When creating a Suppression rule, Proofpoint alerts were not selectable options. This has been fixed.

Docs

HA Collector Docs Update

The command to verify if a node is online has been corrected. For more information, see Maintenance or Downtime in On-Premises HA Data Collector.

On Premises Data Collector Docs Update

Nifi is no longer used by the Taegis™ XDR Collector and has been removed from the requirements lists.

Secureworks® Taegis™ XDR 3.2.16

Thursday, June 8th, 2023

Features

Taegis™ Watchlist Detector

The TDR Watchlist detector has been renamed to Taegis™ Watchlist. For more information, see Taegis™ Watchlist.

Taegis™ Endpoint Agent Group Configuration

Taegis™ Endpoint Agent groups now display as discrete pages that provide a direct link to share with other tenant users or Secureworks support. For more information, see Group Configuration.

Fixes

Endpoint Response Actions

Endpoint Response Actions now display consistently in alphabetical order in the Actions menu.

Docs

Reactivating Taegis™ XDR Users

Documentation on reactivating Taegis™ XDR users has been added. For more information, see Manage Users.

Secureworks® Taegis™ XDR 3.2.15

Thursday, June 1st, 2023

Features

Google Workspace Integration Updated

Taegis™ XDR can now ingest and normalize Google Workspace Admin Activity events, Chrome Audit Activity events, and Alert Center Alerts. For more information, see Google Workspace Integration Guide.

Secureworks® Taegis™ ManagedXDR for OT

Secureworks® Taegis™ ManagedXDR for OT is now available as an added service for Taegis™ ManagedXDR and Taegis™ ManagedXDR Elite subscribers. For more information, see Taegis ™ ManagedXDR for OT.

Taegis™ NGAV Agent Update

The documentation for the Taegis™ NGAV Agent has been updated. For more information, see Taegis™ NGAV Agent.

Secureworks® Taegis™ XDR 3.2.14

Friday, May 26th, 2023

Features

Isolate and Restore Disconnected Taegis™ Endpoint Agents

Taegis™ Endpoint Agents now have the enhanced ability to be isolated and restored when in a disconnected state. For more information, see Host Isolation.

Agent details and suppression rules now provide a direct link to share with other tenant users or Secureworks support.

Fixes

Custom Parsers Error

An error was displaying on the Custom Parsers page and persisting to other areas of XDR when there were no configured custom parsers. This has been fixed.

Red Cloak™ Endpoint Agent Isolate and Restore

The options to isolate and restore some Red Cloak™ Endpoint Agents were not available from Endpoint Agents. This has been fixed.

Report Generation

A bug causing reports not to generate for users whose language preference was set to Japanese has been fixed.

Investigations Table

A bug causing the Investigations table to partially load with errors has been fixed.

Docs

Endpoint Agents Summary Table

Endpoint Agents has been updated with additional guidance for filtering and selecting all endpoints.

Secureworks® Taegis™ XDR 3.2.13

Thursday, May 11th, 2023

Features

Taegis™ XDR’s Alert Details now includes Related Entities in the Summary tab. There’s also a new Insights tab where you can quickly triage alerts that share traits—related entities—with the currently displayed alert. This allows analysts to speed root cause analysis and group related alerts into an investigation. For more information, see Alert Details.

Secureworks® Taegis™ XDR 3.2.12.1

Tuesday, May 9th, 2023

Features

Taegis™ Endpoint Agent Release Channels

Release Channels has left Preview mode and is now generally available. See Group Configuration to assign Taegis™ Endpoint Agent groups to the Stable, Preview, or Beta channel to auto-update endpoints in that group when agent versions promoted to the chosen channel are released.

Taegis™ Endpoint Agent Host Isolation Exceptions

Host Isolation Exceptions has left Preview mode and is now generally available. Use Host Isolation Exceptions to access Taegis™ Endpoint Agents in an isolated state from an approved CIDR range. For more information, see Taegis™ Endpoint Agent Host Isolation Exceptions.

Secureworks® Taegis™ XDR 3.2.12

Friday, May 5th, 2023

Features

Data Collector Troubleshooting Console

The Admiral console is now available to access information about a deployed Taegis™ XDR Collector locally to assist in device setup and troubleshooting of common problems such as network connectivity. For more information, see Admiral Console.

Bulk Uninstall Taegis™ Endpoint Agents

Multiple Taegis™ Endpoint Agents can now be bulk uninstalled. For more information, see Uninstall Taegis™ Agents.

Alerts Table Technique ID Filter

The Alerts table can now be filtered by MITRE Technique ID using the Technique ID filter. For more information, see Filter for Alerts.

Timeline View Source Event

In the Timeline of Related Alerts & Events view, the source event can now be selected from the events table to view its details. For more information, see Related Alerts and Events Timeline View.

Close Investigations with No Alerts

Investigations with no added alerts can now be closed with a closed status for tracking. For more information, see Close Investigation.

Tenant Profile Files

Tenant Profiles now include a Files tab if Secureworks has uploaded files for your tenant and made them available to you to download. For more information, see Tenant Profile.

Fixes

Investigation Comments Tags

Partner users were appearing as options to tag in comments of investigations rather than tenant users. This has been fixed.

Mark All Notifications as Read

The Mark all as Read function in Taegis™ XDR notifications has been fixed.

Investigations Table Column Filters

The Assignee and Creator columns of the Investigations table can now be filtered with the Contains operator as designed.

Investigation Summary Report Timeframe

The Investigation Summary report now displays the correct timeframe.

Add Connection in Playbook Configuration

When configuring a playbook template, adding a connection could not be tested or saved. This has been fixed.

Secureworks® Taegis™ XDR 3.2.11.4

Tuesday, May 2nd, 2023

Features

Taegis™ XDR Automations IP Range Change

On May 15th, 2023, the IP address range used for Automations is changing to 216.9.204.0/22. Prior to May 15th, random AWS Elastic IP addresses (eIPs) have been used for making connections to integrated product APIs. The change is being made in order to use specified source IP ranges for connector authentication. This will likely not impact you, but it if you have configured firewall rules, allow-lists, or any other application configuration that specifies AWS eIPs, you’ll need to update the configuration. For more information, see Automations Overview.

Secureworks® Taegis™ XDR 3.2.11

Thursday, April 13th, 2023

Features

New Endpoint Agents Interface Released

A new Endpoint Agents interface has left Preview mode and is now available to all users. This improved experience includes streamlined navigation with enhanced filters, improved export functionality, and a new tagging experience. For more information, see Endpoint Agents.

Taegis™ Endpoint Agent Release Channels

For users opted in to Preview mode, Release Channels control the update process of the agent at a group level. See Group Configuration to assign Taegis™ Endpoint Agent groups to the Stable, Preview, or Beta channel to auto-update endpoints in that group when agent versions promoted to the chosen channel are released.

Docs

Taegis™ XDR Python SDK Docs

Documentation on using the Taegis™ XDR Python SDK have been added. For more information, see Authenticating with Taegis™ XDR GraphQL APIs.

Fixes

Investigation Key Findings Information

A display bug disallowed full scrolling through key findings in some investigations. This has been corrected.

Certain search and report combinations were producing mismatched dates. This has been corrected.

Secureworks® Taegis™ XDR 3.2.10.2

Friday, April 7th, 2023

Features

Taegis™ Endpoint Agent Host Isolation Exceptions

For users opted in to Preview mode, you can now configure Host Isolation Exceptions to access Taegis™ Endpoint Agents in an isolated state from an approved CIDR range. For more information, see Taegis™ Endpoint Agent Host Isolation Exceptions.

Investigation Status Reason

A new column called Status Reason on the Investigations Evidence tab now displays the reason an alert was closed. For more information, see Investigation Evidence.

Secureworks® Taegis™ XDR 3.2.10.1

Monday, April 3rd, 2023

Features

SentinelOne Integration Added

Taegis™ XDR in Preview mode can now ingest and normalize data from SentinelOne. For more information, see SentinelOne.

Secureworks® Taegis™ XDR 3.2.10

Thursday, March 30th, 2023

Features

Investigation ID

All investigations now have a unique identifier number (for example, INV00001). You can filter for it in the new Investigations Overview column. For more information, see Investigation Summary.

Events on the Investigation Timeline

The investigation timeline now displays event summaries for all events. For more information, see Investigation Timeline.

Automatic Investigations Change Summary Notifications

A new email notification is now available: Automatic investigations change summary. This is a daily digest that summarizes which investigations were changed by a service provider auto-appending an alert to an investigation. For more information, see Notification Preferences.

Taegis Connections No Longer Required

Taegis platform connectors are now automatically provisioned. This means that when configuring automation playbooks, you are no longer required to configure Taegis connections manually.

Fixes

Deactivated Username Appearing in Investigation Assignee List

Disabled user names were appearing in the Investigation Assignee drop down in a Beta feature of Taegis™ XDR. This has been fixed.

Secureworks® Taegis™ XDR 3.2.9

Friday, March 24th, 2023

Features

Forcepoint Firewall Integration Added

Taegis™ XDR can now ingest and normalize data from Forcepoint Firewall. For more information, see Forcepoint Firewall.

McAfee ePO Integration Added

Taegis™ XDR can now ingest and normalize data from McAfee ePO. For more information, see McAfee ePO.

Bulk Reconnect Taegis™ Endpoint Agents

Multiple Taegis™ Endpoint Agents can now be bulk reconnected to the registration server to initiate an auto-update. For more information, see Reconnect Taegis™ Agents.

Single Sign-On Now Available

Single sign-on (SSO) is now generally available to all users, by integrating Taegis™ XDR access with a localized corporate authentication system with Enterprise SSO. For more information, see Enterprise SSO.

Fixes

Mark All As Read

The Mark all as read option in the notifications pane now works again.

Issue Closing Investigations

Users of the Japanese version of Taegis™ XDR were having issues closing investigations. This has been fixed.

Playbook Columns

Columns in the Configured Playbooks table now sort as expected.

Azure AD Risk Detection Integrations

Correctly configured Azure Active Directory Identity Protection - Risk Detection integrations were not being marked as active. This has been fixed.

Secureworks® Taegis™ XDR 3.2.8

Friday, March 17th, 2023

Features

Endpoint Assets GraphQL API Now Available

The Endpoint Assets GraphQL API is now available in Taegis™ XDR. For more information, see Endpoint Assets GraphQL API.

Taegis™ Endpoint Agent Summary Investigations

Taegis™ Endpoint Agent details now include a count of associated investigations in the side drawer summary view and a list of associated investigations with description, status, and assignee in the detailed view. For more information, see View Endpoint and Agent Details.

Fixes

ServiceNow Automation Connection

Selecting the Test button after properly configuring a ServiceNow connection was resulting in an error. This has been fixed.

Scheduled Reports

Some scheduled reports were experiencing a delay in being sent to subscribers after generating. This has been fixed.

Secureworks® Taegis™ XDR 3.2.7

Thursday, March 9th, 2023

Features

Darktrace Integration Added

Taegis™ XDR can now ingest and normalize data from Darktrace. For more information, see Darktrace.

Fixes

Tenant Selector

The All My Tenants tab of Tenant Selector was periodically presenting tenants out of order. This has been fixed.

The pivot search magnifying glass icon was missing for the Sensor ID field of alerts. This has been fixed.

Secureworks® Taegis™ XDR 3.2.6

Friday, March 3rd, 2023

Features

On-Premises Highly Available (HA) Collector

You can now can deploy an On-Premises HA Data Collector for Taegis™ XDR. For more information, see On-Premises HA Data Collector.

Custom Rules Event Types

The Custom Rules table now includes a column called Event Type, so you can easily identify which events are being matched against. For more information, see Custom Alert Rules.

MFA QR Code Alternative

When setting up your multi-factor authentication for Taegis™ XDR logins, there is now a new option for users who can’t scan QR codes. Choose the option to copy a secret string into your authenticator app instead. For more information, see Set Up Multi-Factor Authentication.

Search Endpoint Agent Tags

On the Endpoint Agent Summary table, the Tags filter now has an input box, so you can search for tags that contain the phrase you enter. For more information, see Filter Endpoints.

On an investigation, the Ticket field used to auto-populate from third-party ticketing systems only. Now, this field is manually editable, so you can add any internal ticket references you’d like to an investigation. For more information, see Investigation Summary.

Fixes

Endpoints Not Loading

The Endpoints table wasn’t loading for some tenants. This has been fixed.

Editing Custom Date Ranges

Some users were having difficulty editing custom date ranges while constructing advanced searches. This has been fixed.

Suppressed High & Critical Alerts

On the Security Posture Dashboard, the Event Pipeline widget no longer includes suppressed alerts in the High & Critical Alerts count.

Secureworks® Taegis™ XDR 3.2.5

Friday, February 24th, 2023

Features

Single Sign-On Now in Preview

For users opted in to Preview mode, you can now integrate Taegis™ XDR access with a localized corporate authentication system with Enterprise SSO. For more information, see Enterprise SSO.

Cisco ISE Integration Added

Taegis™ XDR can now ingest and normalize data from Cisco ISE. For more information, see Cisco ISE.

Forcepoint Web Security Integration Added

Taegis™ XDR can now ingest and normalize data from Forcepoint Web Security. For more information, see Forcepoint Web Security.

VMware vCenter Integration Added

Taegis™ XDR can now ingest and normalize data from VMware vCenter. For more information, see VMware vCenter.

Fixes

Can’t Tag Customers in Comment Section

The comments section now displays the context menu as expected when @customer is entered.

Secureworks® Taegis™ XDR 3.2.4

Thursday, February 16th, 2023

Features

Improved Performance for Custom Alerts and Searches for Generic Events

Secureworks has updated how generic events are generated in Taegis™ XDR to improve performance for Custom Alert and Searches involving generic data. Previously, normalized events were duplicated as generic events. This change removes the duplicate events from the generic schema. Going forward, only data that is not normalized is stored as generic events. This reduction in generic events improves performance for the features that use generic events. Note that all normalized events contain the original unaltered message in the original_data field.

If you currently have custom rules, saved searches, or reports that use generic events, then the duplication of generic events will be turned off for your tenant on March 16th, 2023. If you do not have custom rules, saved searches, or reports that rely on generic events, then this update will not have an impact on your tenant and the duplication will be turned off on February 16th, 2023. For more information, see FAQ: Generic Events and Normalized Data.

Alert Grouping Expanded to Seven Days

Previously, alerts used a 24-hour period to group occurrences, but now alert occurrences may be grouped within a window of up to seven days. See Alert Group Key FAQ for more details.

Investigation IDs

Investigations now include an autogenerated ID added to the end of the title for easier identification and communication. For more information on investigations, see Work an Investigation.

Fixes

Close Investigations

A bug in the Close Investigation modal that made it impossible to select the reason for closing the investigation has been fixed.

Secureworks® Taegis™ XDR 3.2.3

Thursday, February 9th, 2023

Features

Refreshed Chat Support Experience and Navigation

In addition to a refreshed look and feel of the navigation in Secureworks® Taegis™ XDR, the Chat Support button has also been relocated to the bottom of the left-hand menu. For more information, see Chat Support.

CTU™ Threat Intelligence Report Notifications

You can now opt in to notifications about CTU Threat Intelligence Reports. For more information, see Notification Preferences.

Secureworks® Taegis™ XDR 3.2.2

Tuesday, February 7th, 2023

Features

Security Posture Dashboard

Introducing the new Security Posture Dashboard, which highlights your organization’s security posture, as well as the security trends in your industry and others. It’s available under Dashboards in the left-side navigation. For more information, see Security Posture Dashboard.

Secureworks® Taegis™ XDR 3.2.1

Thursday, February 2nd, 2023

Features

Edit User Email Addresses

Tenant Admins can now edit other users' email addresses. For more information, see Edit User Emails.

Fixes

Investigation Load Time

The increased load time of investigations containing a large number of added alerts, events, assets, or entities has been fixed.

Report Template Date Range

A bug affecting the date range for report templates created in a time zone outside the current UTC date has been fixed.

Manage Users Page

The Manage Users page now displays a message if there are no users for the tenant.

Secureworks® Taegis™ XDR 3.2

Friday, January 27th, 2023

Features

Advanced Search Aggregations

You can now use Aggregate in Advanced Search queries to group results and filter or calculate the results for sum, min, max, average, count, or cardinality to find what’s important in your XDR gathered data. This powerful addition allows you to summarize data and is a useful aid to the investigative process. For more information, see Aggregations.

Google Cloud Platform (GCP) Collector

Taegis™ XDR now can deploy a collector in the Google Cloud Platform (GCP). For more information, see Google Cloud Platform (GCP) Collector.

Google Workspace Login Audit Activity Integration Added

Taegis™ XDR can now ingest and normalize data from Google Workspace Login Audit Activity. For more information, see Google Workspace Login Audit Activity Integration.

Trend Micro Deep Security Integration Added

Taegis™ XDR can now ingest and normalize Trend Micro Deep Security event types. For more information, see Trend Micro Deep Security.

Docs

Proactive Response Updated

The documentation for Proactive Responses has been updated. For more information, see Proactive Response Actions Overview.

Secureworks® Taegis™ XDR 3.1.22

Thursday, January 19th, 2023

Features

ManagedXDR Proactive Response Actions Expanded

Proactive Response Actions for ManagedXDR customers have been updated and now include the ability to do the following actions:

For more information, see Proactive Response Actions Overview.

Fixes

Duplicate Points of Contact

We have fixed an issue that allowed duplicate points of contact within Tenant Profile.

Investigation Comments

Mentioning users in the comments of an investigation now works as expected.

Normalized Hostname

The hostname was not being displayed in the Normalized Data JSON for Taegis NGAV alerts. This has been fixed.

Secureworks® Taegis™ XDR 3.1.21

Friday, January 13th, 2023

Features

Custom Parsers and Custom Automations

You can now create Custom Parsers to parse and normalize syslog data to Taegis™ XDR schemas from sources not natively supported. You can also now build custom automations by defining Custom Connectors and building Playbook Templates. For more information, see Custom Parsers Overview, Custom Connector Editor, and Building Your First Playbook. Additional docs are also available with more in development coming soon.

CyberArk Integration Added

Taegis™ XDR can now ingest and normalize CyberArk Privileged Threat Analytics (PTA) and Vault data. For more information, see CyberArk.

Fixes

Edit Suppression Rules

When editing a suppression rule, the Save button was not appearing if a field was updated by pasting content rather than typing it. This has been fixed.

Docs

Taegis™ Endpoint Agent Group Configuration

Taegis™ Endpoint Agent Group Configuration has been updated to reflect the renaming of available policy tiers.

Secureworks® Taegis™ XDR 3.1.20

Friday, January 6th, 2023

Features

Response Actions

Custom response actions created from playbooks are now offset in a subsection of the Actions drop-down lists, under the header ’Response Actions.’ This makes it clearer which actions are standard to Taegis™ XDR and which are custom to the tenant.

Removed Time Zones

Time zones have been removed from the list of users in a tenant, to prevent confusion. As a reminder, the default time setting in Taegis™ XDR is UTC. This cannot be adjusted by customers or Secureworks.

Phone Number Extensions

Profile Settings now supports adding extensions to phone numbers. For more information, see Profile Settings.

Fixes

Alert Counts in Reports

Alert counts in some report templates were not corresponding with the selected dates. This has been fixed.

Alert Suppression Rules

The drag-and-drop functionality for creating alert suppression rules has been fixed.

Secureworks® Taegis™ XDR 3.1.19

Thursday, December 22nd, 2022

Docs

New Docs Site Navigation

Welcome to the improved Taegis™ XDR docs site, which has been reorganized to improve the findability of our docs. Notable changes include:

Secureworks® Taegis™ XDR 3.1.18

Thursday, December 15th, 2022

Features

Tenant Profile

Managed Security Service customers can now use Tenant Profile to review and update critical security escalation points of contact and review network details to help the triaging and escalation of security alerts. For more information, see Tenant Profile.

Docs

API Authentication Using Powershell

Instructions on authenticating onto the Taegis™ XDR APIs using Powershell have been added. For more information, see Authentication Using Powershell.

Updates to Business Email Compromise Detector Triggers

The list of inbox rules that trigger alerts from the Business Email Compromise Detector has been updated. For more information, see Business Email Compromise.

Secureworks® Taegis™ XDR 3.1.17

Monday, December 12th, 2022

Feature

New Taegis™ XDR Endpoint Agent for Windows Now Available

Taegis™ Endpoint Agent for Windows version 1.0.26 is now available. For more information, see Taegis™ Agent Changelog.

Secureworks® Taegis™ XDR 3.1.16.2

Thursday, December 1st, 2022

Docs

File Upload API

You can use the File Upload API to send properly formatted log files to Secureworks® Taegis™ XDR for ingestion and normalization without a Taegis™ XDR Collector. For more information, see Using the File Upload API.

Fixes

Netflow Diagram

Source IP and Destination IP addresses now display as expected on netflow diagrams for events.

Secureworks® Taegis™ XDR 3.1.16

Thursday, November 17th, 2022

Features

You can now perform quick searches on hostnames. For more information, see Quick Search.

VirusTotal Added to Threat Intelligence Alert Enrichment

Secureworks now leverages enrichment data from VirusTotal, displayed in an alert’s Threat Intelligence details tab. The rest of the tab has also been redesigned, including a new pop-up that displays the Geotag and the APIVoid total count when you hover over a red flag icon ../../img/red_flag_icon.png. For more information, see Threat Intelligence Alert Enrichment.

Docs

New FAQ for iSensor Block/Unblock

We have added steps to the Managed iSensor™ FAQ regarding how to configure a block or unblock action on an iSensor. For more information, see Managed iSensor™ FAQ.

Fixes

Pivot searches using @hash contains were resulting in an error. This has been fixed.

Pivot searches on a URI Host for an http event type were also failing. This has also been fixed.

Microsoft Defender for Endpoint Event Hub

Event Hub details for Microsoft Defender for Endpoint integrations are now displayed correctly.

Copying Text

Double-clicking or double-tapping on text within Taegis™ XDR copies the text to your clipboard. We have fixed an issue where extra text was also being copied inadvertently.

Secureworks® Taegis™ XDR 3.1.15

Thursday, November 10th, 2022

Features

Create Reports From a Template

You can now create Investigation Summary Reports, Executive Summary Reports, and Alert Summary Reports from a predefined template. For more information, see Report Templates, and Create Reports from a Template.

SCADAfence Integration Added

Taegis™ XDR can now ingest and normalize SCADAfence data, providing visibility into OT networks. For more information, see SCADAfence.

Fixes

Investigations Attachments Tab Not Loading

Some tenants were unable to see the Investigations Attachment tab. This has been fixed.

Docs

Taegis™ NGAV Agent

The documentation for the Taegis™ NGAV Agent has been updated to reflect how NGAV data is processed. For more information, see Taegis™ NGAV Agent.

Secureworks® Taegis™ XDR 3.1.14

Thursday, November 3rd, 2022

Features

Investigation Summary Report Template in Preview

For users opted in to Preview mode, you can now create Investigation Summary Reports from a predefined template. For more information, see Investigation Summary Report.

Mimecast and Proofpoint Integration Update

New Taegis™ XDR Mimecast and Proofpoint Integrations now require adding a unique integration name. For more information, see Mimecast and Proofpoint Targeted Attack Protection (TAP).

Fixes

Unrelated Alerts in Taegis Endpoint Details

Unrelated alerts were showing in Taegis agent endpoint details. This has been fixed.

O365 Integration Authorization Not Working

The Authorize button for O365 Cloud API integrations is now working as expected.

Docs

Updates to Users API Documentation

Instructions on how to search users using the Users GraphQL API have been added. For more information, see Using the Users API.

Updates to Tenants API Documentation

Instructions on managing tenant environments with the Tenants GraphQL API have been added. For more information, see Using the Tenants API.

Taegis™ Endpoint Agent Known Issues

Documentation of known issues affecting the Taegis™ Endpoint Agent is now available.

Taegis™ Endpoint Agent Troubleshooting

Windows Agent Troubleshooting has been updated with information on using the included support kit tool, and Linux Agent Troubleshooting has been updated with information on using two available support scripts.

Secureworks® Taegis™ XDR 3.1.13

Wednesday, October 26th, 2022

Features

Playbook Queues in Preview

For users opted in to Preview mode, you can view queues for High-Priority playbooks and Normal playbooks. For more information, see Playbook Queues.

Secureworks® Taegis™ XDR 3.1.12.1

Tuesday, October 25th, 2022

Docs

Alerts API

Alerts API documentation has been updated to note that the current Taegis™ XDR GraphQL gateway does not support skip directives.

Mimecast

Mimecast documentation has been updated to note that MFA must be disabled for the service account used for the Mimecast integration.

Secureworks® Taegis™ XDR 3.1.12

Thursday, October 20th, 2022

Features

New Taegis™ XDR Endpoint Agent for macOS Now Available

Taegis™ Endpoint Agent for macOS version 1.0.43 is now available. For more information, see Taegis™ Agent Changelog.

Fixes

Some Reports Run at the Wrong Time

Some reports were running 12 hours off. This has been corrected.

Can’t See Time Zone on Report Configuration

Browser scrolling was preventing display of the time zone selector in the report scheduling panel of the report creator. This has been fixed.

Select All Not Allowed in Agent Details

The option to add all alerts to an existing investigation is once again available from the Agent Details view.

Alerts Panel Username List

The Alerts Panel username list was not always refreshing correctly. This has been corrected.

Secureworks® Taegis™ XDR 3.1.11.1

Monday, October 17th, 2022

Features

New Taegis™ XDR Endpoint Agent for Windows Now Available

Taegis™ Endpoint Agent for Windows version 1.0.24 is now available. For more information, see Taegis™ Agent Changelog.

Secureworks® Taegis™ XDR 3.1.11

Thursday, October 13th, 2022

Features

Native Crowdstrike Integration Now Available

Taegis™ XDR now makes use of Crowdstrike’s Falcon Data Replicator to provide built-in integration. This native integration provides deeper support for EDR tenant deployments both in the U.S. and EU regions. It also greatly improves the telemetry data ingested into Taegis™ XDR, minimizes telemetry ingestion times, and simplifies onboarding to Taegis™ XDR. For more information, see Crowdstrike.

New Taegis™ XDR Endpoint Agent for Windows Now Available

Taegis™ Endpoint Agent for Windows version 1.0.22 is now available. For more information, see Taegis™ Agent Changelog.

Copy Process Trees as Text

You can now copy a process tree as text to paste in other locations as needed. For more information, see View an Alert’s Process Tree.

Edit Investigations

When editing an investigation, you are now prompted to confirm discarding changes without saving when navigating away in the app, refreshing the page, or closing the tab. For more information, see Investigation Key Findings.

Filter Playbook History Tables

You can now filter Playbook History tables using multiple execution state filters at a time. For more information, see Playbook History.

Fixes

Investigation Scrollbar Disappearing

When editing an investigation, opening the comments resulted in the Key Findings section scrollbar disappearing. This has been fixed.

Secureworks® Taegis™ XDR 3.1.10

Thursday, October 6th, 2022

Features

Cloud Recon to Change Detector

The Cloud Recon to Change Detector, now available in Taegis™ XDR, identifies unusual exfiltration of AWS RDS data by a user by correlating anomalous behaviors for multiple event names, across different categories of event name, to alert malicious activity with higher confidence. For more information, see Cloud Recon to Change Detector.

Alert Summary Report Template in Preview

For users opted in to Preview mode, you can now create Alert Summary Reports from a predefined template. For more information, see Alert Summary Report.

Investigation Comment Improvements

When mentioning someone in a comment (@username), previously mentioned users now float to the top of the user list. For ManagedXDR subscribers, @Secureworks does too. For more information, see Investigation Comments.

Fixes

API Key Authentication

When creating a new connection, the UI was not accepting entries in the ’Query Param’ field when using the API Key authentication type. This has been fixed.

Secureworks® Taegis™ XDR 3.1.9

Thursday, September 22nd, 2022

Feature

You can now generate a direct share link for the following aspects of Automations to provide to other tenant users or to Secureworks support: playbook instances, playbook executions, playbook templates, connections, and connectors.

Fixes

Download Agents Button

The Download Agents button was missing from Manage Endpoints in XDR for some authorized users. This has been fixed.

Red Cloak Endpoint Bios Serial

From Red Cloak Agent Details in XDR, double clicking the Bios Serial entry resulted in an incorrect value being copied. This has been fixed.

Alert Severities Not Rounded

Alert Severities in alert panels and alert details are now rounded down to two digits.

Create Suppression Rules

When creating a suppression rule from an alert, rearranging the entities on the left resulted in the entities no longer being able to be added to the rule. This has been fixed.

Duplicate Alerts Added to New Investigations

New investigations created with duplicate alerts resulted in these duplicates remaining in a loading state in the Evidence > Alerts tab of the investigation. This has been fixed.

Docs

Detector Overview

A new column has been added to Detector Overview that indicates whether or not the detector can be searched using underlying events.

Secureworks® Taegis™ XDR 3.1.8

Tuesday, September 20th, 2022

Feature

Investigation Audit Logs Table

Investigation Audit Logs tables found in the Evidence → History tabs of investigation details can now be filtered by date range. For more information, see Investigation Evidence.

Fixes

Mimecast Integration

When adding a Mimecast integration, the Secret Key field could not be revealed by using the Show Secret Key icon. This has been fixed.

Pivot searches using the URI Query field from HTTP events could not be opened using the View in Advanced Search option from the pivot search. This has been fixed.

Secureworks® Taegis™ XDR 3.1.7

Thursday, September 8th, 2022

Features

Investigation Attachments

Investigations now support file attachments up to 2GB. For more information, see Investigation Evidence.

SA Certificates for On-Prem Connections

Automation connections now support self-signed certificates for on-premise configurations. For more information, see Configure an Automation Connector for Use On-Premise.

Escaped Regex in Alert Suppression Rules

When dragging-and-dropping entities to create alert suppression rules, regular expressions are now escaped automatically. For more information, see Create a Suppression Rule from an Alert.

Application Certificate Expirations

Applications installed on data collectors (such as eStreamer, Splunk, and TLS Enabled Syslog) now display the certificate expiration date. Hover over the word ’Installed’ to view it. For more information, see Manage Data Collector Applications.

Fixes

Affected Agents

Impacted Taegis Agents now appear in the Affected Agents section of alert details.

Default Rate Limit

The default rate limit on playbook templates was causing errors. This has been fixed.

Cloud APIs Table

Columns in the table of Cloud APIs now sort as expected.

Several documentation links from detector details were broken. These have been fixed.

Secureworks® Taegis™ XDR 3.1.6

Thursday, September 1st, 2022

Feature

Alert Group Key

Detectors may now use the alert group key to create one alert per key within a specified time window. These group keys are intended to deduplicate alerts which are primarily identical, except for timestamp and other non-consequential fields. For more information, see Alert Group Key.

Secureworks® Taegis™ XDR 3.1.5

Wednesday, August 31st, 2022

Feature

Netskope SSE Integration Added

Taegis™ XDR can now ingest and normalize Netskope Security Service Edge (SSE) data, enabling Taegis™ XDR to provide a more holistic view of threats and business risks. For more information, see Netskope SSE.

Docs

Okta Integration Update

The Okta Integration has been updated to clarify the privileges and scope required for integration with Taegis™ XDR. For more information, see Set up Okta Integration.

NXLog Template Updated

The NXLog template has been updated to version 1.4 and is now defaulted for 64 bit. Older 32 bit Nxlog versions can use this template with some modifications, which are noted in the template. This update also adds several troubleshooting sections. For more information, see NXLog Template Downloads.

Secureworks® Taegis™ XDR 3.1.4

Thursday, August 25th, 2022

Fixes

Automation Playbooks Lost

A bug was fixed that forced users working on automation playbooks to lose their progress due to the Taegis™ XDR update button obscuring the save button.

Investigation Names

The capitalization of some investigation names was being overridden in some areas of the UI. This has been fixed.

Secureworks® Taegis™ XDR 3.1.3

Thursday, August 18th, 2022

Fixes

Reassign Investigation

Tenant Analysts did not have the option to reassign an investigation to the entire tenant. This has been fixed.

Select Events from Search Results

Selected events from the results of a multi-schema search were being deselected when additional events were loaded upon scrolling through the results. This has been fixed.

Docs

Google Common Expression Language Documentation

Reference documentation has been added for CEL macros. Taegis™ XDR supports some Google Common Expression Language (CEL) macros for use in its Automations platform, including with playbooks. This enables data manipulation and evaluation within connectors and templates. Many of the CEL macros are built-in, but some have been custom built to address common problems. For more information, see Common Expression Language Macros. Some of the macros are specifically for working with alerts data.

Secureworks® Taegis™ XDR 3.1.2

Thursday, August 11th, 2022

Features

Alerts API Transition Complete

The Alerts API transition that began in May has officially been completed. As of today, the legacy APIs related to alert search, retrieval, and resolving have been removed from Taegis XDR. Use of these legacy APIs is no longer supported. For supported APIs, see Getting Started with the Alerts GraphQL API.

Threat Intelligence Flags

We’ve added red flags ../../img/red_flag_icon.png to IP address fields on Alert Details to indicate where Threat Intelligence alert enrichment is available. For more information about viewing the alert enrichment, see Threat Intelligence Alert Enrichment.

Fixes

Cisco IOS IP Addresses

Source IPs for Cisco IOS events were not matching the normalized source addresses. This has been fixed.

Alert Suppression Rules

Alert suppression rules were not disabling properly for some users. This has been fixed.

Secureworks® Taegis™ XDR 3.1.1

Friday, August 5th, 2022

Fixes

Wrong CSV of Scheduled Report Downloads

On some tenants the wrong csv file of a scheduled report would download. This has been corrected.

Advanced Search Event Preview Showing Nonexistent Field

Fields not relevant to the specified search no longer appear in the advanced search event preview.

The Timeline View has been updated so that newly loaded data doesn’t force scroll back to the top.

Secureworks® Taegis™ XDR 3.1

Tuesday, August 2nd, 2022

Features

New Taegis™ XDR Endpoint Agent Now Available

The new Taegis™ Endpoint Agent is now available. Existing customers will be upgraded on a rolling basis to account for service upgrade considerations that need to be addressed for successful migration. Look for a message in Taegis™ XDR in the Endpoints section with further details on how to sign up to upgrade to the new agent. For more information, see Taegis™ Endpoint Agent Introduction.

Releases