Taegis Endpoint Agent Introduction
integrations endpoints edr taegis agent secureworks
Existing customers will be upgraded to the Taegis™ XDR Endpoint Agent on a rolling basis to account for service upgrade considerations that need to be addressed for successful migration. Look for a message in Secureworks® Taegis™ XDR in the Endpoint Agents section with further details on how to request to upgrade to the new agent.
Note
Submitting this request does not guarantee immediate access to the Taegis Endpoint Agent. We are being thoughtful about the roll-out of the agent and reviewing requests daily. For further information on next steps after completing the request, contact your Customer Success Manager.
Migrate from Red Cloak Endpoint Agent to Taegis Endpoint Agent ⫘
Guidance for migrating from the Red Cloak™ Endpoint Agent to the Taegis Endpoint Agent can be found in the following Knowledge Base article: Red Cloak to Taegis Agent Migration.
Additionally, Secureworks has provided an Agent Migrator PowerShell script intended to support customers with the migration. Customers are encouraged to leverage this script for new Windows deployments. The script is dynamic and can recognize if Red Cloak removal is needed or not. For more information, see Windows Agent Installation.
Benefits ⫘
The Taegis Endpoint Agent:
- Natively integrates and optimally operates with XDR to aide in the detection and response of real security threats
- Is an always-connected agent, providing better visibility into online and agent health status
- Provides enhanced telemetry collection by XDR with near-real-time alerting
- Provides native support of Windows, macOS and Linux
- Has an improved system impact with 50%+ less CPU overhead vs. Red Cloak Endpoint Agent
- Ensures endpoints are always running the latest agent version through auto updates
- Provides easy-to-use performance configuration tiers that offer a balance of visibility vs. performance for specific assets
New User Walkthrough ⫘
To guide your experience with the Taegis Endpoint Agent, use the following documents and Knowledge Base articles. These are categorized to provide a quick reference to assist with installation, troubleshooting, and use of the Taegis Endpoint Agent:
- Agent Setup
- Troubleshoot Agent Installation Issues
- Manage Agents in XDR
- Uninstall Agents
- Find technical specifications, FAQs, release notes, and more information
Agent Setup ⫘
When you have access to your XDR tenant, you will be able to start using the Taegis Endpoint Agent. Follow these steps to setup and install the agent:
- Review Group Configuration and consider a logical group structure to associate alike types of systems. Or alternatively, register all systems with a single Group Configuration, if desired.
Use the following to understand important terms for creating or editing a Group Configuration:
Consider these additional tenant-level agent settings that impact all groups:
-
Create one or more required groups.
-
Once required groups are configured in your XDR tenant, review Agent Downloads to download the Taegis Endpoint Agent installation package to your machine.
-
Before starting the installation process, check the following points:
- Network controls are configured to support the network requirements for Taegis Endpoint Agents and do NOT inspect the SSL/TLS traffic from endpoint to the destinations listed in the network connectivity requirements.
- Target machines are installed with a supported OS for the Taegis Endpoint Agent.
- Target machines meet the recommended system requirements for the Taegis Endpoint Agent.
- Once the preceding points are fulfilled, refer to the relevant documentation for your platform for guidance on installing the Taegis Endpoint Agent on your system:
The Knowledge Base contains several articles supporting Taegis Endpoint Agent deployment and installation via MDM (Mobile Device Management) tools such as SCCM and Workspace ONE. See the following articles if distributing Taegis Endpoint Agent software using MDM tools:
- Windows
- macOS
- After the installation process, review Manage Endpoint Agents. Use the information to understand how to navigate and manipulate the Endpoint Agents Summary in XDR and validate that deployed and installed agents are reporting into your tenant.
Troubleshoot Installation Issues ⫘
If you experience issues during installation, consult the following dedicated troubleshooting documentation and Knowledge Base articles specific to your platform.
Troubleshooting Documentation ⫘
- Taegis Windows Agent Troubleshooting
- Taegis macOS Agent Troubleshooting
- Taegis Linux Agent Troubleshooting
Troubleshooting Knowledge Base Articles ⫘
- Windows
- macOS
- Linux
If the troubleshooting guidance provided here does not resolve your issue, seek assistance from Product Support via chat or support ticket.
Manage Agents in XDR ⫘
Reassign Taegis Endpoint Agent Group ⫘
Taegis Endpoint Agents are associated to a group and its configuration by a Registration Key in Group Configuration during installation.
Once installed, you can reassign an agent to another group by following Reassign Taegis Agent Group.
Tagging ⫘
Tagging agents can provide context to your endpoints in XDR. This information can be used for filtering the view of your endpoints by specific tags, or as criteria for executing an Automations Playbook, for example.
To add or remove a tag in XDR, see Add and Remove Endpoint Tags.
Additionally, you can perform tagging in bulk for multiple endpoints using an Automations Playbook. See the following Knowledge Base article: How To: Configuring Endpoint Tagging - Multi Automation.
Update Taegis Endpoint Agents ⫘
Taegis Endpoint Agents are automatically updated to the latest version of the release channel (Beta, Preview, Production Stable) configured in the group to which they are assigned when the following events occur:
- During initial registration, the agent connects to the registration server, checks if there is a newer version available, and updates if there is.
- After a force restart of the service.
- After a reboot of the endpoint.
- When an endpoint is reassigned to a different group policy.
- Upon selecting the Reconnect Agent action; see Endpoint Management Actions for more information.
Create Agent Host Isolation and Restore Playbooks ⫘
XDR can isolate and restore hosts installed with Taegis Endpoint Agents, preventing them from communicating within or outside of the network environment. Using the Automations capabilities within XDR, you can quickly react to a situation where endpoints are considered to be compromised.
Isolating or restoring hosts running Taegis Endpoint Agents requires the definition of Automations Playbooks. The following article explains the configuration and operation of the Taegis Endpoint Agent isolation and restore Playbooks: How To: Configure Host Isolation and Restore Playbook - Taegis Endpoint Agent.
Archive or Unarchive Agents ⫘
If you wish to remove agents that appear in the Endpoint Agent Summary table from view, such as agents that have been uninstalled, you can archive them.
See Agent Status Options to understand status labels for Taegis Endpoint Agents in your tenant and how to filter by each status, including archived agents.
Note
Permanently removing agents from XDR is not possible. Archive the agents instead.
Archive or unarchive agents manually in XDR by following Archive and Restore Selected Endpoints, or configure Auto Archive at a tenant level or group level.
Uninstall Agents ⫘
To uninstall Taegis Endpoint Agents to remove them from the endpoint or system, see Taegis Endpoint Agent Uninstall.
More Information ⫘
Technical Information and Taegis Endpoint Agent Specifications ⫘
-
Taegis Endpoint Agent technical details are available in Taegis Endpoint Agent Technical Details.
-
The FAQ for Taegis Endpoint Agents is provided in FAQ: Taegis Endpoint Agent.
-
Taegis Endpoint Agent known issues are provided in Taegis Endpoint Agent Known Issues.
Release Notes for Taegis Endpoint Agent ⫘
-
Review upgrade information per Taegis Endpoint Agent version in Agent Changelog.
-
Find release information for XDR in the Release Notes.
Tip
If you would like notifications when there is an update to the Taegis Endpoint Agent, subscribe to the Changelog RSS Feed. You'll need an RSS Reader or an RSS Extension for your browser.
Submit a Feature Request ⫘
If there is a feature you would like that is not currently available, such as a Linux OS not yet supported, please review Product Roadmap to submit your idea in Product Board.