🌙

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Add Data Sources

Once you’ve successfully deployed your data collectors, you are ready to integrate data sources.

There are multiple ways to integrate data sources into XDR. Some methods utilize a data collector, which receives telemetry and logs from your data sources via syslog protocols on UDP port 514 and TCP port 601. Other methods rely on an API connection to an external platform.

At the highest level, data sources can be integrated with XDR via a Secureworks Optimized Integration or a Custom Integration:

Secureworks Optimized Integration

This is an end-to-end integration targeting a data source and ingest path where the downstream outcomes such as normalization, search, and alerting have been predetermined, tested, and documented by XDR.

Start here to determine if the data source you wish to integrate has already been optimized by Secureworks with a set of tested instructions to follow. For a full list of Secureworks Optimized Integrations, see:

Work with Optimized Cloud API Integrations

Tip

Secureworks highly recommends integrating Microsoft Office 365 and Azure before entering steady state.

Custom Integration

This is an integration where only the transport of data from a data source into XDR is guaranteed; downstream outcomes such as normalization, search, and alerting have not been tested and may require additional work beyond ingest to be achieved.

If the data source you wish to integrate with XDR has not yet been optimized by Secureworks, or you wish to explore additional options for integration, there are several available custom transport methods you can use. For more information, see:

Confirm Logs are Received

Confirm logs have been received as expected by reviewing the Monitor Data Sources and Manage Cloud API guides:

Tip

Learn about configuring custom alerts in the Using XDR section of this training.