Taegis Endpoint Agent Settings

integrations endpoints edr taegis agent secureworks

Overview ⫘

Agent Settings provides you with a mechanism to control Taegis Endpoint Agent features at a tenant level. This provides you with further control to manage and customize how the Taegis Endpoint Agent operates within your tenant.

Agent Settings

File Analysis ⫘

To support security analysis and threat hunting, files are collected by Taegis Endpoint Agents. The file hash and other metadata are used to generate alerts for known malicious hashes. For more information on the file fetching, see File Analysis Detector.

Implicit file collection is enabled by default, but you may opt out at a tenant level, affecting all Taegis Endpoint Agents of all groups. To enable or disable file fetching at a tenant level, follow these steps:

1. From the XDR left-hand side navigation, select Endpoint Agents → Agent Settings.

2. Select the toggle for Implicit File Collection to either enable or disable this feature.

3. Select Update from the top right.

Once you opt out, files are not collected in your tenant going forward. This results in the File Analysis Detector not generating alerts for malicious file hashes.

Auto Archive ⫘

Auto Archive allows you to specify a time frame after which any Taegis Endpoint Agents that have not reported to XDR are archived from view on the Endpoint Agents Summary table. This option is disabled by default. The archiving process is triggered every 24 hours at 12 AM ET to archive any Taegis Endpoint Agents that have been offline for the chosen time frame.

To configure Auto Archive at a tenant level:

1. From the XDR left-hand side navigation, select Endpoint Agents → Agent Settings.

2. Select the toggle for Auto Archive and then choose the desired time frame after which offline Taegis Endpoint Agents are archived.

3. Select Update from the top right.

Tamper Protection ⫘

Tamper Protection, currently in the Preview release ring, adds a layer of security around the removal of Taegis Agents from user systems. When enabled, if a user wishes to manually remove the agent from the system, they will be required to provide a tamper protection token that can be generated from Agent Settings in XDR.

The tamper protection token can be generated to apply to all agents in the tenant, or can be restricted to a specific host by supplying a Host ID.

To configure Tamper Protection at a tenant level:

1. From the XDR left-hand side navigation, select Endpoint Agents → Agent Settings.

2. Select the toggle for Tamper Protection to enable it at a tenant level.

3. Select Update from the top right.

Agent Tamper Protection

Generate Tenant-Level Token ⫘

To generate a tamper protection token to use for manual uninstalls of any Taegis Endpoint Agents in the tenant:

1. From the XDR left-hand side navigation, select Endpoint Agents → Agent Settings.

2. Select Get Token from Tamper Protection. The token displays.

3. Select the copy icon to copy the token to clipboard and then use the token when performing manual uninstalls.

Generate Host-Level Token ⫘

To generate a tamper protection token to use for manual uninstalls of Taegis Endpoint Agents from a specific host:

1. From the XDR left-hand side navigation, select Endpoint Agents → Agent Settings.

2. Enter a Host ID to restrict the token's use to a specific host only. You can find Host IDs in Endpoint Details.

3. Select Get Token from Tamper Protection. The token displays.

4. Select the copy icon to copy the token to clipboard and then use the token when performing manual uninstalls from the specified host.