Onboarding
1 Getting Started
2 Integrate EDR Agent
3 Integrate Data Sources
4 Using XDR
5 Steady State
Add Data Sources ⫘
Once you’ve successfully deployed your data collectors, you are ready to integrate data sources.
There are multiple ways to integrate data sources into XDR. Some methods utilize a data collector, which receives telemetry and logs from your data sources via syslog protocols on UDP port 514 and TCP port 601. Other methods rely on an API connection to an external platform.
At the highest level, data sources can be integrated with XDR via a Secureworks Optimized Integration or a Custom Integration:
Secureworks Optimized Integration ⫘
This is an end-to-end integration targeting a data source and ingest path where the downstream outcomes such as normalization, search, and alerting have been predetermined, tested, and documented by XDR.
Start here to determine if the data source you wish to integrate has already been optimized by Secureworks with a set of tested instructions to follow. For a full list of Secureworks Optimized Integrations, see:
Work with Optimized Cloud API Integrations ⫘
Tip
Secureworks highly recommends integrating Microsoft Office 365 and Azure before entering steady state.
Custom Integration ⫘
This is an integration where only the transport of data from a data source into XDR is guaranteed; downstream outcomes such as normalization, search, and alerting have not been tested and may require additional work beyond ingest to be achieved.
If the data source you wish to integrate with XDR has not yet been optimized by Secureworks, or you wish to explore additional options for integration, there are several available custom transport methods you can use. For more information, see:
Confirm Logs are Received ⫘
Confirm logs have been received as expected by reviewing the Monitor Data Sources and Manage Cloud API guides:
Tip
Learn about configuring custom alerts in the Using XDR section of this training.