CTU™ Countermeasures & Threat Intelligence

☰

🌙☀

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Taegis Docs Home
About XDR
Getting Started
Integrate with XDR
Manage Integrations
Alerts, Events, and Investigations
- Alerts
- Events
- Investigations
- CyberChef
Dashboards
Search and Reports
- Search
- Reports
Automation
- Automation Overview
- Supported Playbooks
- Supported Connectors
- Playbooks
- Connectors
- Automation Authoring
  - Building Connector Definitions
  - Building Playbook Templates
  - Common Expression Language (CEL)
Threat Intelligence, Hunting, and Detection
- Threat Intelligence
- Threat Hunting
  - Hunting with Jupyter Notebooks
- Detectors
- Adversary Software Coverage
  - Adversary Software Coverage
  - Frequently Asked Questions
XDR Admin
- Your Account
- Tenant Settings
APIs, SDK, and Magic
- Using XDR GraphQL APIs
- API Authentication
- XDR Python SDK
- Taegis Magic Jupyter Integration
  - Overview
- Alerts API
  - Using the Alerts API
  - Alerts GraphQL API
- Assets API
- Audits API
  - Using the Audits API
  - Audits GraphQL API
- Automations APIs
- Bring Your Own Threat Intelligence API
  - Using the BYOTI API
  - BYOTI GraphQL API
- Collector APIs
- Investigations API
  - Using the Investigations API
  - Investigations GraphQL API
- Threat Intelligence API
  - Using the Threat Intelligence API
  - Threat Intelligence GraphQL API
- Using the Users GraphQL API
- Using the Tenants GraphQL API
- Using the Countermeasures API
- Using the File Upload API
- Power BI for XDR
Secureworks Products, Services, and Policies
- Taegis NDR
  - Overview
  - Service Description
  - Transitioning from CTP
  - Legacy iSensor Service Descriptions
    - Managed iSensor
    - Managed iSensor Add-on
- ManagedXDR
- ManagedXDR Elite
  - Service Description
  - Onboarding Guide
- ManagedXDR for OT
- ManagedXDR Enhanced
  - Service Description
  - Onboarding Guide
- Secureworks Professional Services
- Legal

Onboarding

1 Getting Started

2 Integrate EDR Agent

3 Integrate Data Sources

4 Using XDR

5 Steady State

4.1 Investigations

4.2 Searching & Reporting

4.3 Custom Rules & Automation

4.4 Proactive Response

4.5 CTU™ Countermeasures & Threat Intelligence

CTU™ Countermeasures ⫘

Your subscription to XDR includes access to Secureworks CTU countermeasures. The CTU Countermeasures consist of high-fidelity, high-priority Rulesets that can be deployed to Snort-based sensors and Suricata-based sensors. Countermeasures can be downloaded via the API or by using the CTU Countermeasures download utility within XDR.

Learn more about deploying CTU Countermeasures by visiting the following guide:

CTU Countermeasures

Threat Intelligence ⫘

Secureworks Threat Intelligence is a core component of XDR and is included as part of XDR subscriptions. Our expert team of 70+ Counter Threat Unit researchers uses a wide variety of commercial and proprietary toolsets to analyze, synthesize, validate, and produce threat intelligence. In addition, our CTU and Incident Response teams have deep integrations that allow us to extract intelligence from our over 1,000 incident response and targeted threat hunting engagements each year. This intelligence is then automatically correlated against your telemetry to ensure you are protected from the latest threats and adversary behaviors.

Visit the following resources to learn more about Threat Intelligence: