🌙
 

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

What is Taegis™ XDR?

To help you understand the Taegis platform and XDR application, this section provides an overview of Service Deliverables & Deployment Milestones, the XDR Solution Architecture, and the Alert Triage & Investigation Workflow.

Service Deliverables and Deployment Milestones

There are three main Secureworks® Taegis™ XDR offerings: Taegis™ XDR, Taegis™ ManagedXDR, and Taegis™ ManagedXDR Elite.

  • XDR is a cloud-based technology application designed to detect, prevent, and respond to continuously evolving security threats. Purchase of the XDR software includes access to the Ask an Expert chat feature. Leverage the Taegis™ XDR Documentation to assist with integrating and using the XDR application.

  • ManagedXDR is a service wrapper purchased in conjunction with the XDR application. Review the ManagedXDR Service Description and ManagedXDR Onboarding Guide for more information on deliverables of the ManagedXDR service.

  • ManagedXDR Elite is another service wrapper option that includes all the deliverables from the ManagedXDR service, but also includes Elite Threat Hunting. You can find more information on the ManagedXDR service deliverables by reviewing the ManagedXDR Elite Service Description and ManagedXDR Elite Onboarding Guide.

Important

Neither the ManagedXDR service nor ManagedXDR Elite service begins until 40% of your endpoint agents have been deployed. Until the 40% deployment milestone is met, and your Onboarding Specialist confirms you have entered the Steady State stage, our team of analysts does not review your data. We often find that our most successful customers move into Steady State within 30 days.

In most cases, the 40% deployment milestone is the only deployment requirement, but talk with your Customer Success Manager to ensure there are no other requirements.

Once you achieve the 40% deployment requirement, your Onboarding Specialist works to move you into Steady State. In this stage, our team of analysts begins the process of reviewing and alerting on your data as needed, and other deliverables from your service commence.

XDR Solution Architecture

As you prepare to integrate your endpoints and security controls with XDR, it is important to understand the XDR Solution Architecture and how your data flows to the XDR Cloud.

The Red Cloak™ Endpoint Agent is configured to communicate and forward telemetry to the XDR Cloud upon deployment. Reference Red Cloak Endpoint Agent documentation for additional information.

Other supported EDR agents and supported Cloud environments have their own unique way of integrating with XDR. Communication with the XDR Cloud is built into the integration process. Reference Deploy an Endpoint Agent for more information.

XDR also has the ability to ingest data from a variety of popular security controls via syslog forwarding. A Taegis™ XDR Collector is deployed in the application. Security controls, such as firewalls, web proxies, routers, and switches, are then configured to forward data via syslog to the Data Collector. The Data Collector transmits the data to the XDR Cloud.

Alert Triage and Investigation Workflow

Secureworks Security Analysts proactively review your High and Critical alerts. Learn the workflow that analysts leverage, from triaging alerts to creating investigations to working with your team to make recommendations for resolution.