What is Taegis?

☰

🌙☀

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Taegis Docs Home
About XDR
Getting Started
Integrate with XDR
Manage Integrations
Alerts, Events, and Investigations
- Alerts
- Events
- Investigations
- CyberChef
Dashboards
Search and Reports
- Search
- Reports
Automation
- Automation Overview
- Supported Playbooks
- Supported Connectors
- Playbooks
- Connectors
- Automation Authoring
  - Building Connector Definitions
  - Building Playbook Templates
  - Common Expression Language (CEL)
Threat Intelligence, Hunting, and Detection
- Threat Intelligence
- Threat Hunting
  - Hunting with Jupyter Notebooks
- Detectors
- Adversary Software Coverage
  - Adversary Software Coverage
  - Frequently Asked Questions
XDR Admin
- Your Account
- Tenant Settings
APIs, SDK, and Magic
- Using XDR GraphQL APIs
- API Authentication
- XDR Python SDK
- Taegis Magic Jupyter Integration
  - Overview
- Alerts API
  - Using the Alerts API
  - Alerts GraphQL API
- Assets API
- Audits API
  - Using the Audits API
  - Audits GraphQL API
- Automations APIs
- Bring Your Own Threat Intelligence API
  - Using the BYOTI API
  - BYOTI GraphQL API
- Collector APIs
- Investigations API
  - Using the Investigations API
  - Investigations GraphQL API
- Threat Intelligence API
  - Using the Threat Intelligence API
  - Threat Intelligence GraphQL API
- Using the Users GraphQL API
- Using the Tenants GraphQL API
- Using the Countermeasures API
- Using the File Upload API
- Power BI for XDR
Secureworks Products, Services, and Policies
- Taegis NDR
  - Overview
  - Service Description
  - Transitioning from CTP
  - Legacy iSensor Service Descriptions
    - Managed iSensor
    - Managed iSensor Add-on
- ManagedXDR
- ManagedXDR Elite
  - Service Description
  - Onboarding Guide
- ManagedXDR for OT
- ManagedXDR Enhanced
  - Service Description
  - Onboarding Guide
- Secureworks Professional Services
- Legal

Onboarding

1 Getting Started

2 Integrate EDR Agent

3 Integrate Data Sources

4 Using XDR

5 Steady State

1.1 Access the Application & Manage Users

1.2 What is Taegis XDR?

1.3 Navigate Taegis XDR

1.4 Your Secureworks Team

What is XDR? ⫘

To help you understand the Taegis platform and XDR application, this section provides an overview of Service Deliverables & Deployment Milestones, the XDR Solution Architecture, and the Alert Triage & Investigation Workflow.

Service Deliverables and Deployment Milestones ⫘

There are three main Secureworks® Taegis™ XDR offerings: XDR, Secureworks® Taegis™ ManagedXDR, and Secureworks® Taegis™ ManagedXDR Elite.

XDR is a cloud-based technology application designed to detect, prevent, and respond to continuously evolving security threats. Purchase of the XDR software includes access to the Ask an Expert chat feature. Leverage the XDR Documentation to assist with integrating and using the XDR application.
ManagedXDR is a service wrapper purchased in conjunction with the XDR application. Review the ManagedXDR Service Description and ManagedXDR Onboarding Guide for more information on deliverables of the ManagedXDR service.
ManagedXDR Elite is another service wrapper option that includes all the deliverables from the ManagedXDR service, but also includes Elite Threat Hunting. You can find more information on the ManagedXDR service deliverables by reviewing the ManagedXDR Elite Service Description and ManagedXDR Elite Onboarding Guide.

Important

Neither the ManagedXDR service nor ManagedXDR Elite service begins until 40% of your endpoint agents have been deployed. Until the 40% deployment milestone is met, and your Onboarding Specialist confirms you have entered the Steady State stage, our team of analysts does not review your data. We often find that our most successful customers move into Steady State within 30 days.

In most cases, the 40% deployment milestone is the only deployment requirement, but talk with your Customer Success Manager to ensure there are no other requirements.

Once you achieve the 40% deployment requirement, your Onboarding Specialist works to move you into Steady State. In this stage, our team of analysts begins the process of reviewing and alerting on your data as needed, and other deliverables from your service commence.

XDR Solution Architecture ⫘

As you prepare to integrate your endpoints and security controls with XDR, it is important to understand the XDR Solution Architecture and how your data flows to the XDR Cloud.

The Red Cloak™ Endpoint Agent is configured to communicate and forward telemetry to the XDR Cloud upon deployment. Reference Red Cloak Endpoint Agent documentation for additional information.

Other supported EDR agents and supported Cloud environments have their own unique way of integrating with XDR. Communication with the XDR Cloud is built into the integration process. Reference Deploy an Endpoint Agent for more information.

XDR also has the ability to ingest data from a variety of popular security controls via syslog forwarding. A Taegis™ XDR Collector is deployed in the application. Security controls, such as firewalls, web proxies, routers, and switches, are then configured to forward data via syslog to the Data Collector. The Data Collector transmits the data to the XDR Cloud.

Alert Triage and Investigation Workflow ⫘

Secureworks Security Analysts proactively review your High and Critical alerts. Learn the workflow that analysts leverage, from triaging alerts to creating investigations to working with your team to make recommendations for resolution.