🌙
 

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Taegis™ macOS Agent Installation

integrations endpoints edr taegis agent secureworks


Prerequisites

Prior to installation, review requirements and follow prerequisite steps on Taegis™ Endpoint Agent Information and Prerequisites.

Data Provided from Integration

  Alerts Auth DNS File Collection HTTP NIDS Netflow Process File Modification API Call Registry Scriptblock Management Persistence Thread Injection
Taegis™ macOS Endpoint Agent            

Installation

To install the Taegis™ XDR Endpoint Agent for macOS using the UI, see UI Deployment.

To install the Taegis™ XDR Endpoint Agent for macOS using MDMs, see MDM Deployment.

UI Deployment

  1. Open the .pkg file and the installation wizard opens.

  2. Select Continue followed by Install and enter your password if prompted.

macOS Agent Install Wizard

macOS Agent Install Wizard

  1. Enter the registration key copied during the prerequisite steps, as shown in the following image, in the System Extensions Setup prompt and select Start.

Copy Registration Server & Registration Key

Copy Registration Server & Registration Key

  1. When prompted by the System Extension Blocked dialog, select Open Security Preferences, select the lock from Security & Privacy settings to make changes, and then input your password if prompted.

  2. Select Details..., enable the SecureworksTaegis system extensions, and then select OK.

Note

Screen Sharing disconnects when enabling the system extensions. If you are accessing your Mac via Screen Sharing during the installation, you may have to reconnect to the Screen Share session.

  1. When prompted, select Allow in the Filter Network Content dialog and then select Allow from Security & Privacy settings.

Select Allow from Filter Network Content

Select Allow from Filter Network Content

Select Allow from Security & Privacy

Select Allow from Security & Privacy

  1. In Security & Privacy settings, navigate to the Privacy tab, select Full Disk Access from the left panel, and then ensure that the following are checked:
  1. Select Files and Folders from the left panel, ensure the options from Step 7 are grayed out and labeled with Full Disk Access, and then select the lock at the bottom left to prevent further changes.

Check Files and Folders

Check Files and Folders

  1. A successful installation message displays. Complete the following Validate Installation steps to ensure a successful installation.

MDM Deployment

Validate Installation

  1. Select the Taegis™ icon and select Open Secureworks Taegis.

Open Secureworks Taegis

Open Secureworks Taegis

  1. Confirm the following options are GREEN:

Confirm Agent Setup

Confirm Agent Setup

  1. Open Terminal, enter the following command, and verify that the device token file .device.tok is present in the output:
sudo ls -al "/Library/Application Support/secureworks/agent/"

Verify Device Token File

Verify Device Token File

  1. Open Terminal and enter the following command to check launch control to verify services are up and running:
sudo launchctl list | grep secureworks

Verify the following is present in the output:

Verify Services

Verify Services

Review Endpoint Agents Summary

Endpoint Agents Summary

Endpoint Agents Summary

As Taegis™ XDR processes endpoint telemetry, a list of endpoints is generated. Review these by navigating to Endpoint Agents → Summary from the left-hand side navigation in Taegis™ XDR. For more information, see Manage Endpoint Agents.

 

On this page: