Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Incident Management Retainer Services Catalog Overview


This catalog contains information about the standardized Proactive Services that are available with the Incident Management Retainer (IMR) through use of Service Units only.

This catalog contains a wide range of services that include development of Incident Response / Incident Management capabilities and sustainment services to help reduce the risks and impacts of cyber incidents. The scope for each service is fixed (Secureworks-defined standard scope) and includes defined outcomes; however, Secureworks can work with you to reasonably customize the scope if needed, at the discretion of Secureworks. Depending on your needs, recommendations from Secureworks, available personnel, and other considerations, the services may be conducted remotely or on-site. Any deviations from this Service Catalog shall require a change order.

The Service Unit values listed in this catalog are based on your organizational or network infrastructure size and are subject to adjustment based on the specific engagement objectives and desired outcome.

All services in this catalog, including related communication and documentation, are delivered in English. Local language options may be available; ask your Secureworks Incident Response point of contact.

Initiating Proactive Services

To initiate any of the Proactive Services listed in this catalog, use one of the following options:

If you do not have sufficient Service Units to initiate a proactive service listed in the catalog, or you want to purchase Service Units, then send an email to irservices@secureworks.com for assistance. You acknowledge and agree that receipt of such email will be from a representative of your organization authorized to commit to your organization to the purchase of additional Service Units and email notification is binding upon your organization.

If you need Emergency Incident Response services, then contact your Secureworks representative to discuss exchanging Service Units for Emergency Incident Response services.

NOTICE: If you purchased the Incident Management Retainer through a Secureworks partner, then you must contact that partner for all purchases including Service Units.

Scheduling and Billing

If you purchased the Essential or the Essential Plus IMR, then the initial Proactive Services Roadmap and the schedule for delivering services that are listed in this catalog are defined during the IMR Planning Workshop. If you purchased other IMR tiers, then you can use the process explained above to purchase and schedule delivery of services.

For the services listed in this catalog, you will be billed according to the Billing Terms indicated in your Statement of Work. See Service Scheduling and Billing and Utilization of Resources for more information.


Listed in the tables below are Proactive Services and the number of Service Units required. Many Proactive Services have sizes, which represent the fixed scope efforts: small (S), medium (M), and large (L). In addition, Secureworks can provide the following:

Incident Readiness and Advisory Services

Service Name S M L
Service Units Required
Incident Response Plan Development 12 16 24
Incident Response Plan Review 8 16 20
Incident Response Playbook Development Between 4 and 8 depending on subject of playbook and amount of pre-existing planning
Special (ONLY available to customers who purchased or renewed IMR prior to March 31, 2022; not available for purchases or renewals after March 31, 2022)
Cloud Configuration Review 12 16 24
Cloud Security Architecture Assessment 28 40 48
Secureworks Information Security Controls Assessment 8 - -
Security Controls Assessment Varies depending on in-scope framework(s)
Security Maturity Assessment (NIST CSF - Capability Maturity Model) 40 44 48

Testing and Validation Services

Service Name S M L
Service Units Required
Active Directory Security Assessment 10 20 40
Entra ID Security Assessment 12 24 46
Mobile Application Security Assessment - 16 -
Penetration Test 8 16 24
Remote Access Vulnerability Assessment 8 - -
Threat Hunting Assessment 10 18 24
Vulnerability Assessment 4 8 12
Web Application Security Assessment 8 12 16
Web Service/API Test 10 12 16
Wireless Network Penetration Test 8 16 24

Threat Intelligence Services

Service Name S M L
Service Units Required
EBS Info Brief 8 - -
Threat Brief 4 - -
Threat Intelligence Support Services Varies depending on selection

Workshops and Exercises

Service Name S M L
Service Units Required
Adversary Exercises Varies depending on selection
Functional Exercise 16 24 -
Incident Response Fundamentals Training Varies depending on selection
Tabletop Exercise 8 - -


On this page: