Taegis Endpoint Agent for macOS Installation

integrations endpoints edr taegis agent secureworks

Prerequisites ⫘

Prior to installation, review requirements and follow prerequisite steps on Taegis™ XDR Endpoint Agent Information and Prerequisites.

Data Provided from Integration ⫘

	Alerts	Auth	DNS	File Collection	HTTP	NIDS	Netflow	Process	File Modification	API Call	Registry	Scriptblock	Management	Persistence	Thread Injection
Taegis macOS Endpoint Agent	✓	✓		✓			✓	✓	✓

Installation ⫘

To install the Taegis Endpoint Agent for macOS using the UI, see UI Deployment.

To install the Taegis Endpoint Agent for macOS using MDMs, see MDM Deployment.

UI Deployment ⫘

1. Open the .pkg file and the Secureworks Agent installer opens.

2. Select Continue followed by Install and enter your password if prompted.

macOS Agent Install Wizard

3. The System Extensions Setup screen displays. Enter the registration key and server name copied during the prerequisite steps in the System Extensions Setup prompt and select Start.

Enter Registration Key & Registration Server

4. A message informing that background items have been added can be closed if desired.

Dismiss Background Items Message

5. Two system messages display: System Extension Blocked and SecureworksTaegis Would Like to Filter Network Content. Select OK from System Extension Blocked each time it displays and select Allow from Filter Network Content.

Select OK and Allow

6. Step 2 of the System Extensions Setup screen displays and System Settings opens to Privacy & Security. Select Details from the message in Privacy & Security settings that reads Some system software requires your attention before it can be used.

Select Details to Enable Extensions

7. Enter password if prompted, select to enable the toggles for the three SecureworksTaegis.app items, and select OK.

Enable Extensions

8. Step 3 of the System Extensions Setup screen displays and System Settings opens to Full Disk Access. Select to enable the toggle for SecureworksTaegis.

Enable Full Disk Access

9. Choose Later if prompted to quit.

Choose Later

10. Select to enable the toggles for Secureworks Taegis File Monitor and Secureworks Taegis Policy Mgmt.

Complete Full Disk Access

11. Close System Settings and then select Close from the System Extensions Setup screen.

12. The Agent Status displays. If the Connection Status shows as Not Connected, select Register and re-enter the registration key and server name copied during the prerequisite steps.

Re-register Agent

13. Close the installer and complete the following Validate Installation steps to ensure a successful installation.

Close Installer

MDM Deployment ⫘

• For deployment using Workspace ONE UEM (WS1) for macOS workstations, see the following Knowledge Base article: Deploy Taegis Agent for Mac with Workspace ONE.
• For deployment using Intune for macOS workstations, see the following Knowledge Base article: Deploy Taegis Agent for Mac with Intune.
• For deployment using JAMF Pro for macOS workstations, see the following Knowledge Base article: Deploy Taegis Agent for Mac with JAMF.

Validate Installation ⫘

1. Select the Taegis icon and select Open Secureworks Taegis.

Open Secureworks Taegis

2. Confirm the following options are GREEN:

• Process Monitoring
• File Monitoring
• Network Monitoring
• Full Disk Access

Confirm Agent Setup

3. Open Terminal, enter the following command, and verify that the device token file .device.tok is present in the output:

sudo ls -al "/Library/Application Support/secureworks/agent/"

Verify Device Token File

4. Open Terminal and enter the following command to check launch control to verify services are up and running:

sudo launchctl list | grep secureworks

Verify the following is present in the output:

Verify Services

Review Endpoint Agents Summary ⫘

Endpoint Agents Summary

As XDR processes endpoint telemetry, a list of endpoints is generated. Review these by navigating to Endpoint Agents → Summary from the left-hand side navigation in XDR. For more information, see Manage Endpoint Agents.