🌙
 

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Taegis™ Agent Installation Information and Prerequisites

integrations endpoints edr taegis agent secureworks


Network Connectivity Requirements

Source Destination Protocol/Port Reason
Taegis™ Endpoint Agent https://reg.<ENV>.taegiscloud.com/ TCP/443 Taegis™ Endpoint Agent Registration Service
Taegis™ Endpoint Agent wss://sink.<ENV>.taegiscloud.com:8443/ TCP/8443 Taegis™ Endpoint Agent Network Connectivity
Taegis™ Endpoint Agent https://taegis-agent-prod-builds.s3.us-east-2.amazonaws.com TCP/443 Taegis™ Endpoint Agent Auto Updates
Taegis™ Endpoint Agent https://file-receiver.<ENV>.taegiscloud.com:9443/ TCP/9443 Taegis™ Endpoint Agent File Receiver
Taegis™ Endpoint Agent https://file-receiver.<ENV>.s3.us-east-2.amazonaws.com:443 TCP/443 Taegis™ Endpoint Agent File Receiver
Taegis™ Endpoint Agent for Linux https://drivers.taegiscloud.com/* TCP/443 Required for Linux Agent to pull down correct drivers for kernel your system is running
Taegis™ Endpoint Agent for Windows http://www.microsoft.com/pkiops/crl/
http://www.microsoft.com/pkiops/certs
http://crl.microsoft.com/pki/crl/products
http://www.microsoft.com/pki/certs
http://crl3.digicert.com/
http://crl4.digicert.com/
http://ocsp.digicert.com/
http://crl.rootca1.amazontrust.com/:80
TCP/80 Required for CRL revocation checks performed by the OS on behalf of Windows Agent and other applications

<ENV> varies depending on the region your tenant is in:

Note

Secureworks does not recommend the use of IP addresses or CIDR blocks to perform allow-listing of connections from the Taegis™ Agent to the backend, as the addresses associated with the preceding domains have changed and may continue to change in the future.

System Recommendations

Note

These system recommendations are for the majority of installations, but because every endpoint is different and operates under varying conditions, additional resources may be needed.

Data Provided from Integration

  Alerts Auth DNS File Collection HTTP NIDS Netflow Process File Modification API Call Registry Scriptblock Management Persistence Thread Injection
Taegis™ Windows Endpoint Agent      
Taegis™ macOS Endpoint Agent            
Taegis™ Linux Endpoint Agent            

Prerequisites

Prior to installation, navigate to Endpoints Agents from the Secureworks® Taegis™ XDR left-hand side navigation and review each of the following sections:

Important

For Windows agents, to ensure uninterrupted connectivity to the Taegis™ Agent update service, we recommended you periodically update CA certificates with the latest trusted root certificates.

Configure Groups

From Endpoint Agents → Group Configuration, create one or more groups. Each group has a unique registration key that is used during installation to associate endpoints to the group and its parameters.

See Group Configuration for more information on configuring groups.

Copy Registration Server & Registration Key

Copy Registration Server & Registration Key

Copy Registration Server & Registration Key

From Endpoint Agents → Group Configuration, copy and document the Registration Server URL above the table and the Registration Key for the group you would like the agents you are installing to be associated to.

Important

You must use the appropriate Registration Key when installing agents to associate them with the correct group and its parameters. For more information, see Group Configuration.

Download Package

Download the installation package relevant to your operating system from Endpoint Agents → Downloads.

For more information on downloading agent packages, see Taegis™ Agent Downloads.

Note

All installations begin with the latest Stable version recommended for production environments available from Endpoint Agent Downloads. See Group Configuration for more information on configuring groups assigned to an alternative release channel.

Install the Taegis™ XDR Endpoint Agent

Install the Taegis™ XDR Endpoint Agent by following the instructions relevant to your operating system:

 

On this page: