Taegis Endpoint Agent Installation Information and Prerequisites
integrations endpoints edr taegis agent secureworks
Network Connectivity Requirements ⫘
Source | Destination | Protocol/Port | Reason |
---|---|---|---|
Taegis Endpoint Agent | https://reg.<ENV> .taegiscloud.com/ |
TCP/443 | Taegis Endpoint Agent Registration Service |
Taegis Endpoint Agent | wss://sink.<ENV> .taegiscloud.com:8443/ |
TCP/8443 | Taegis Endpoint Agent Network Connectivity |
Taegis Endpoint Agent | https://taegis-agent-prod-builds.s3.us-east-2.amazonaws.com | TCP/443 | Taegis Endpoint Agent Auto Updates |
Taegis Endpoint Agent | https://file-receiver.<ENV> .taegiscloud.com:9443/ |
TCP/9443 | Taegis Endpoint Agent File Receiver |
Taegis Endpoint Agent | https://file-receiver.<ENV> .s3.us-east-2.amazonaws.com:443 |
TCP/443 | Taegis Endpoint Agent File Receiver |
Taegis Endpoint Agent for Linux | https://drivers.taegiscloud.com/* | TCP/443 | Required for Linux Agent to pull down correct drivers for kernel your system is running |
Taegis Endpoint Agent for Windows | http://www.microsoft.com/pkiops/crl/ http://www.microsoft.com/pkiops/certs http://crl.microsoft.com/pki/crl/products http://www.microsoft.com/pki/certs http://crl3.digicert.com/ http://crl4.digicert.com/ http://ocsp.digicert.com/ http://crl.rootca1.amazontrust.com/:80 |
TCP/80 | Required for CRL revocation checks performed by the OS on behalf of Windows Agent and other applications |
<ENV>
varies depending on the region your tenant is in:
C
if your tenant is in US1: https://ctpx.secureworks.com/D
if your tenant is in US2: https://delta.taegis.secureworks.com/E
if your tenant is in EU: https://echo.taegis.secureworks.com/F
if your tenant is in US3: https://foxtrot.taegis.secureworks.com/
Note
The Taegis Endpoint Agent for Windows also requires connectivity to Google DNS 8.8.8.8 if you do not provide a DNS override during installation.
Note
Secureworks does not recommend the use of IP addresses or CIDR blocks to perform allow-listing of connections from the Taegis Endpoint Agent to the backend, as the addresses associated with the preceding domains have changed and may continue to change in the future.
System Recommendations ⫘
- RAM — 4 GB
- CPU — 2 Cores
Note
These system recommendations are for the majority of installations, but because every endpoint is different and operates under varying conditions, additional resources may be needed.
Data Provided from Integration ⫘
Alerts | Auth | DNS | File Collection | HTTP | NIDS | Netflow | Process | File Modification | API Call | Registry | Scriptblock | Management | Persistence | Thread Injection | |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Taegis Windows Endpoint Agent | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||
Taegis macOS Endpoint Agent | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||||||||
Taegis Linux Endpoint Agent | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
Prerequisites ⫘
Prior to installation, navigate to Endpoints Agents from the Secureworks® Taegis™ XDR left-hand side navigation and review each of the following sections:
Important
For Windows agents, to ensure uninterrupted connectivity to the Taegis™ XDR Endpoint Agent update service, we recommended you periodically update CA certificates with the latest trusted root certificates.
Configure Groups ⫘
From Endpoint Agents → Group Configuration, create one or more groups. Each group has a unique registration key that is used during installation to associate endpoints to the group and its parameters.
See Group Configuration for more information on configuring groups.
Copy Registration Server & Registration Key ⫘
Copy Registration Server & Registration Key
From Endpoint Agents → Group Configuration, copy and document the Registration Server URL
above the table and the Registration Key
for the group you would like the agents you are installing to be associated to.
Important
You must use the appropriate Registration Key when installing agents to associate them with the correct group and its parameters. For more information, see Group Configuration.
Download Package ⫘
Download the installation package relevant to your operating system from Endpoint Agents → Downloads.
For more information on downloading agent packages, see Taegis Endpoint Agent Downloads.
Note
All installations begin with the latest Stable version recommended for production environments available from Endpoint Agent Downloads. See Group Configuration for more information on configuring groups assigned to an alternative release channel.
Install the Taegis Endpoint Agent ⫘
Install the Taegis Endpoint Agent by following the instructions relevant to your operating system: