☰

🌙☀

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Taegis Docs Home
About XDR
Get Started
- Get Started with XDR
- Top 5 Tasks
Integrate with XDR
- Integration Overview
- Data Source Integration Definitions
- All Available Integrations
- Add Data Collectors
- Add Endpoint Agents
- Forward Data to XDR
- Create Custom Parsers
  - Overview
  - Syntax
  - Repeating Fields
  - Overriding and Extending Global Parsers
  - Supported Schemas
  - All Schemas
    - Antivirus
    - Auth
    - CloudAudit
    - DHCP
    - DNS
    - Email
    - Encrypt
    - FileMod
    - HTTP
    - Management Event
    - Netflow
    - NIDS
    - Process
    - Registry
    - Thirdparty
    - Types
Manage Integrations
Alerts, Events, and Investigations
- Alerts
- Events
- Investigations
- CyberChef
Dashboards
Search and Reports
- Search
- Reports
Automation
- Automation Overview
- Supported Playbooks
- Supported Connectors
- Playbooks
- Connectors
- Automation Authoring
  - Building Connector Definitions
  - Building Playbook Templates
  - Common Expression Language (CEL)
Threat Intelligence, Hunting, and Detection
- Threat Intelligence
- Threat Hunting
  - Hunting with Jupyter Notebooks
- Detectors
- Adversary Software Coverage
  - Adversary Software Coverage
  - Frequently Asked Questions
XDR Admin
- Your Account
- Tenant Settings
APIs, SDK, and Magic
- Using XDR GraphQL APIs
- API Authentication
- XDR Python SDK
- Taegis Magic Jupyter Integration
  - Overview
- Alerts API
  - Using the Alerts API
  - Alerts GraphQL API
- Assets API
- Audits API
  - Using the Audits API
  - Audits GraphQL API
- Automations APIs
- Bring Your Own Threat Intelligence API
  - Using the BYOTI API
  - BYOTI GraphQL API
- Collector APIs
- Investigations API
  - Using the Investigations API
  - Investigations GraphQL API
- Threat Intelligence API
  - Using the Threat Intelligence API
  - Threat Intelligence GraphQL API
- Using the Users GraphQL API
- Using the Tenants GraphQL API
- Using the Countermeasures API
- Using the File Upload API
Secureworks Products, Services, and Policies
- Managed iSensor
- ManagedXDR
- ManagedXDR Elite
  - Service Description
  - Onboarding Guide
- ManagedXDR for OT
- ManagedXDR Enhanced
  - Service Description
  - Onboarding Guide
- ManagedXDR–Managed iSensor Add-on
- Secureworks Professional Services
- Legal

CyberChef

alerts investigations events tools

CyberChef is considered The Cyber Swiss Army Knife and is an open-source tool that is used extensively by Cyber Security Professionals. CyberChef makes it simple for users to carry out both simple and complex data manipulation tasks within a web browser such as:

Decode encoded data, such as base64 or XOR
Perform data conversions, such as timezones
Decrypt and disassemble shellcode
Compress and decompress data
Calculate hashes and checksums

You can also create and save recipes for later usage. For more details on what the tool can do and examples of how it can be used, please reference the CyberChef Documentation.

Accessing CyberChef in XDR ⫘

Open CyberChef from either the Tools navigation menu or from within an Investigation Details page under the right-hand utility tray.

CyberChef from Tools Menu

CyberChef from Tools Menu

CyberChef within Investigation Details

CyberChef within Investigation Details

Using CyberChef ⫘

Here is an example of how to use CyberChef to decode base64 data.

Open CyberChef from either the Tools menu or from within an Investigation.
Drag and drop the From Base64 recipe.
Copy and paste your encoded data into the Input field.
Watch as your recipe automatically decodes the data and displays it in the Output field.

CyberChef Base64 Decode

CyberChef Base64 Decode

On this page:

Accessing CyberChef in XDR
Using CyberChef