☰

🌙☀

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Taegis Docs Home
About XDR
Get Started
- Get Started with XDR
- Top 5 Tasks
Integrate with XDR
- Integration Overview
- Data Source Integration Definitions
- All Available Integrations
- Add Data Collectors
- Add Endpoint Agents
- Forward Data to XDR
- Create Custom Parsers
  - Overview
  - Syntax
  - Repeating Fields
  - Overriding and Extending Global Parsers
  - Supported Schemas
  - All Schemas
    - Antivirus
    - Auth
    - CloudAudit
    - DHCP
    - DNS
    - Email
    - Encrypt
    - FileMod
    - HTTP
    - Management Event
    - Netflow
    - NIDS
    - Process
    - Registry
    - Thirdparty
    - Types
Manage Integrations
Alerts, Events, and Investigations
- Alerts
- Events
- Investigations
- CyberChef
Dashboards
Search and Reports
- Search
- Reports
Automation
- Automation Overview
- Supported Playbooks
- Supported Connectors
- Playbooks
- Connectors
- Automation Authoring
  - Building Connector Definitions
  - Building Playbook Templates
  - Common Expression Language (CEL)
Threat Intelligence, Hunting, and Detection
- Threat Intelligence
- Threat Hunting
  - Hunting with Jupyter Notebooks
- Detectors
- Adversary Software Coverage
  - Adversary Software Coverage
  - Frequently Asked Questions
XDR Admin
- Your Account
- Tenant Settings
APIs, SDK, and Magic
- Using XDR GraphQL APIs
- API Authentication
- XDR Python SDK
- Taegis Magic Jupyter Integration
  - Overview
- Alerts API
  - Using the Alerts API
  - Alerts GraphQL API
- Assets API
- Audits API
  - Using the Audits API
  - Audits GraphQL API
- Automations APIs
- Bring Your Own Threat Intelligence API
  - Using the BYOTI API
  - BYOTI GraphQL API
- Collector APIs
- Investigations API
  - Using the Investigations API
  - Investigations GraphQL API
- Threat Intelligence API
  - Using the Threat Intelligence API
  - Threat Intelligence GraphQL API
- Using the Users GraphQL API
- Using the Tenants GraphQL API
- Using the Countermeasures API
- Using the File Upload API
Secureworks Products, Services, and Policies
- Managed iSensor
- ManagedXDR
- ManagedXDR Elite
  - Service Description
  - Onboarding Guide
- ManagedXDR for OT
- ManagedXDR Enhanced
  - Service Description
  - Onboarding Guide
- ManagedXDR–Managed iSensor Add-on
- Secureworks Professional Services
- Legal

Authentication with the XDR Python SDK

Client Credentials with the Python SDK ⫘

The Python SDK authenticates with your Secureworks® Taegis™ account with client credentials when you install it. This requires a password and MFA token, unless your organization has registered your organization with SSO authentication. If SSO is enabled, you will be presented with a device code authentication link.

Note

To generate and set tokens as needed in these examples, see Generate a Token below.

Example Usage ⫘

from taegis_sdk_python import GraphQLService
from pprint import pprint as pp

service = GraphQLService(environment="US1")

results = service.clients.mutation.create_client(name="my_awesome_app", roles=None)

print(f"CLIENT_ID: {results.client.client_id}")
print(f"CLIENT_SECRET: {results.client_secret}")
pp(results)

Note

Change your environment as appropriate.

Partner Credentials ⫘

If you need to make tenant specific client credentials, add tenant_id to your service constructor.

from taegis_sdk_python import GraphQLService
from pprint import pprint as pp

service = GraphQLService(environment="US1", tenant_id="<tenant_id>")

results = service.clients.mutation.create_client(name="my_awesome_app", roles=None)

print(f"CLIENT_ID: {results.client.client_id}")
print(f"CLIENT_SECRET: {results.client_secret}")
pp(results)

Or if you need to make multiple tenant credentials at the same time:

from taegis_sdk_python import GraphQLService
from pprint import pprint as pp

service = GraphQLService()

# service context let's you change out values per call!
with service(environment="US1", tenant_id="<tenant_id>"):
    results = service.clients.mutation.create_client(name="my_awesome_tenant_app", roles=None)

with service(environment="US1", tenant_id="<another_tenant_id>"):
    results2 = service.clients.mutation.create_client(name="my_awesome_another_tenant_app", roles=None)

print(f"CLIENT_ID: {results.client.client_id}")
print(f"CLIENT_SECRET: {results.client_secret}")
pp(results)

Privileged Credentials ⫘

from taegis_sdk_python import GraphQLService
from pprint import pprint as pp

service = GraphQLService(environment="US1")

results = service.clients.mutation.create_client(name="my_awesome_app", roles=['ba0fdcbd-e87d-4bdd-ae7d-ca6118b25068'])

print(f"CLIENT_ID: {results.client.client_id}")
print(f"CLIENT_SECRET: {results.client_secret}")
pp(results)

Generate a Token ⫘

You can place the CLIENT_ID and CLIENT_SECRET in environment variables for authentication. You don’t need to pre-provide authentication for user interactive scripts. The Python SDK checks for a valid token when you call an API, and requests credentials at runtime if not found.

Python Script Example ⫘

from taegis_sdk_python import GraphQLService
service = GraphQLService()
print(service.access_token)

Command Line Example ⫘

export CLIENT_ID="you_client_id"
export CLIENT_SECRET="your_client_secret"
python script.py

More on Using Tokens with the XDR Python SDK ⫘

The authentication flow for the XDR Python SDK is Cached Token→Authenticate via OAuth→Authenticate via SSO or Username/Password/MFA. Tokens are cached in the ~/.taegis_sdk_python/config file.

OAuth ⫘

OAuth tokens from CLIENT_ID and CLIENT_SECRET are used by default.

To generate a CLIENT_ID and CLIENT_SECRET:

from taegis_sdk_python.services import GraphQLService
from pprint import pprint as pp
service = GraphQLService(environment="US1")
result = service.clients.mutation.create_client(name="my_awesome_app", roles=None)
print(f"CLIENT_ID: {result.client.client_id}")
print(f"CLIENT_SECRET: {result.client_secret}")
pp(result)

Important

Store your CLIENT_ID and CLIENT_SECRET results in an encrypted vault.

Replace <client_id> and <client_secret> in the following example with your values:

CLIENT_ID=<client_id> CLIENT_SECRET=<client_secret> python script.py

Customize Environment Variables ⫘

You can use write_to_config to set custom environment variables for your environment. This is useful if you are automating and you have to access different environments from the same script:

from taegis_sdk_python import GraphQLService
from taegis_sdk_python.config import write_to_config

# write_to_config(environment, default_reference, custom_reference)
write_to_config("US1", "CLIENT_ID", "US1_CLIENT_ID")
write_to_config("US1", "CLIENT_SECRET", "US1_CLIENT_SECRET")

service = GraphQLService()

US1_CLIENT_ID=<client_id> US1_CLIENT_SECRET=<client_secret> python script.py

Username ⫘

If you don't provide OAuth tokens in the environment, you will be prompted for a username. If your organization has enabled single sign-on, then you will prompted with a link. Otherwise, you will be asked for a password and MFA token.

Clearing Authorization Tokens ⫘

If you need to manually clear the authentication tokens, use:

from taegis_sdk_python.config import write_to_config

write_to_config("US1", "access_token", "")

Search Client Credentials ⫘

from taegis_sdk_python import GraphQLService

service = GraphQLService()
search_results = service.clients.query.clients(client_ids=["<CLIENT_ID>"])
print(search_results)

Search for Named Credentials ⫘

You can use % for wildcard matching.

from taegis_sdk_python import GraphQLService

service = GraphQLService()
results = service.clients.query.clients(name="%docs-test-client%")
print(results)

Search for Administrator Credentials ⫘

from taegis_sdk_python import GraphQLService

service = GraphQLService()
results = service.clients.query.clients(role_ids=["c373d68a-fdca-476f-5b48-92ed5804dc53"])
print(results)

Reset a Client Secret ⫘

If you need to reset a client secret, but want to retain the same client id, you can use the rotateClientSecret mutation to generate a new client secret. The ID input can either be the UUID or the client_id.

from taegis_sdk_python import GraphQLService

service = GraphQLService()
update_results = service.clients.mutation.rotate_client_secret('c373d68a-fdca-476f-5b48-92ed5804dc53')
print(update_results)

from taegis_sdk_python import GraphQLService

service = GraphQLService()
update_results = service.clients.mutation.rotate_client_secret('b42USvw1jm5fk3Y2VqoAWSyG4CF47Ek5')
print(update_results)

Delete a Client ⫘

When you are finished with client credentials, you can use the deleteClient mutation to revoke credentials. The ID input can either be the UUID or the client_id.

from taegis_sdk_python import GraphQLService

service = GraphQLService()
delete_results = service.clients.mutation.delete_client('c373d68a-fdca-476f-5b48-92ed5804dc53')
print(delete_results)

from taegis_sdk_python import GraphQLService

service = GraphQLService()
delete_results = service.clients.mutation.delete_client('b42USvw1jm5fk3Y2VqoAWSyG4CF47Ek5')
print(delete_results)

Client Credentials with the Python SDK
Example Usage
Partner Credentials
Privileged Credentials
Generate a Token
Python Script Example
Command Line Example
More on Using Tokens with the XDR Python SDK
OAuth
Customize Environment Variables
Username
Clearing Authorization Tokens
Search Client Credentials
Search for Named Credentials
Search for Administrator Credentials
Reset a Client Secret
Delete a Client

Authentication with the XDR Python SDK

Client Credentials with the Python SDK ⫘

Example Usage ⫘

Partner Credentials ⫘

Privileged Credentials ⫘

Generate a Token ⫘

Python Script Example ⫘

Command Line Example ⫘

More on Using Tokens with the XDR Python SDK ⫘

OAuth ⫘

Customize Environment Variables ⫘

Username ⫘

Clearing Authorization Tokens ⫘

Search Client Credentials ⫘

Search for Named Credentials ⫘

Search for Administrator Credentials ⫘

Reset a Client Secret ⫘

Delete a Client ⫘

On this page: