Taegis™ macOS Agent Installation
Prior to installation, review requirements and follow prerequisite steps on Taegis™ Endpoint Agent Information and Prerequisites.
Data Provided from Integration ⫘
|Taegis™ macOS Endpoint Agent
To install the Taegis™ XDR Endpoint Agent for macOS using the UI, see UI Deployment.
To install the Taegis™ XDR Endpoint Agent for macOS using MDMs, see MDM Deployment.
UI Deployment ⫘
Open the .pkg file and the installation wizard opens.
Select Continue followed by Install and enter your password if prompted.
macOS Agent Install Wizard
- Enter the registration key copied during the prerequisite steps, as shown in the following image, in the System Extensions Setup prompt and select Start.
Copy Registration Server & Registration Key
When prompted by the System Extension Blocked dialog, select Open Security Preferences, select the lock from Security & Privacy settings to make changes, and then input your password if prompted.
Select Details..., enable the SecureworksTaegis system extensions, and then select OK.
Screen Sharing disconnects when enabling the system extensions. If you are accessing your Mac via Screen Sharing during the installation, you may have to reconnect to the Screen Share session.
- When prompted, select Allow in the Filter Network Content dialog and then select Allow from Security & Privacy settings.
Select Allow from Filter Network Content
Select Allow from Security & Privacy
- In Security & Privacy settings, navigate to the Privacy tab, select Full Disk Access from the left panel, and then ensure that the following are checked:
- Select Files and Folders from the left panel, ensure the options from Step 7 are grayed out and labeled with Full Disk Access, and then select the lock at the bottom left to prevent further changes.
Check Files and Folders
- A successful installation message displays. Complete the following Validate Installation steps to ensure a successful installation.
MDM Deployment ⫘
- For deployment using Workspace ONE UEM (WS1) for macOS workstations, see the following Knowledge Base article: Deploy Taegis Agent for Mac with Workspace ONE.
- For deployment using Intune for macOS workstations, see the following Knowledge Base article: Deploy Taegis Agent for Mac with Intune.
Validate Installation ⫘
- Select the Taegis™ icon and select Open Secureworks Taegis.
Open Secureworks Taegis
- Confirm the following options are GREEN:
- Process Monitoring
- File Monitoring
- Network Monitoring
- Full Disk Access
Confirm Agent Setup
- Open Terminal, enter the following command, and verify that the device token file
.device.tokis present in the output:
sudo ls -al "/Library/Application Support/secureworks/agent/"
Verify Device Token File
- Open Terminal and enter the following command to check launch control to verify services are up and running:
sudo launchctl list | grep secureworks
Verify the following is present in the output:
Review Endpoint Agents Summary ⫘
Endpoint Agents Summary
As Taegis™ XDR processes endpoint telemetry, a list of endpoints is generated. Review these by navigating to Endpoint Agents → Summary from the left-hand side navigation in Taegis™ XDR. For more information, see Manage Endpoint Agents.