☰
🌙
☀
Taegis Docs Home
About XDR
Capabilities At a Glance
Release Notes
Mobile App
Glossary
XDR Status
Taegis Roadmap
Preview Mode
Frequently Asked Questions
Getting Started
Getting Started with Taegis XDR
Getting Started with Taegis Endpoint Agent
XDR Navigation
Help Resources
Integrate with XDR
Integration Overview
All Available Integration Guides
Add Data Collectors
AWS Data Collector
Azure Data Collector
GCP Data Collector
On-Premises Data Collector
On-Premises HA Data Collector
Applications
Admiral Console
Splunk Heavy Forwarder
eStreamer
TLS Enabled Syslog
Add Endpoint Agents
Taegis Endpoint Agent
Introduction
Beta Release Channel
Groups
Group Policies
Isolation Exceptions
Downloads
Supported OS and System Recommendations
Agent Technical Details
Installation Info and Prerequisites
Windows Agent Installation
macOS Agent Installation
Linux Agent Installation
Windows Agent Troubleshooting
macOS Agent Troubleshooting
Linux Agent Troubleshooting
Agent Uninstall
Agent FAQ
Agent Known Issues
Agent Changelog
Taegis NGAV
Taegis NGAV
Taegis NGAV FAQ
Red Cloak Endpoint Agent
Installation
Supported OS and System Requirements
FAQ
Changelog
Technical Details
Isolate a Red Cloak Endpoint
Uninstall
VDI or Cloud Instance Deployments
Troubleshooting
CrowdStrike
Microsoft Defender for Endpoint
SentinelOne
VMware Carbon Black
VMware Carbon Black Cloud Endpoint Standard and Enterprise EDR
VMware Carbon Black Response Cloud
Add Data Sources
Custom Integrations
Custom Transport Methods Overview
Transport via Event Hubs
Transport via File Upload API
Transport via HTTP Ingest
Transport via Secureworks-Managed S3
Transport via Syslog
Transport via Azure Storage Account
Integrate with AWS
AWS Overview
Amazon CloudWatch Logs
Amazon GuardDuty
Amazon AWS ALB
Amazon AWS CloudTrail
Amazon AWS VPC Flow Logs
Amazon AWS WAF Logs
Amazon S3 Event Archiving
AWS Supporting Documents
Amazon AWS Account ID
Amazon AWS Lambda Deployment Test
Amazon AWS Lambda Logs
Amazon AWS Lambda Migration
Amazon AWS Lambda Update
Amazon AWS Add Lambda Trigger
Amazon Multitenant CloudTrail Permissions
Integrate with Azure
Azure Overview
Microsoft Azure Active Directory Activity Reports
Microsoft Azure Activity Log
Microsoft Azure Application Gateway
Microsoft Azure Event Hubs
Microsoft Azure Firewall
Microsoft Azure Flow Logs
Microsoft Azure Front Door
Microsoft Azure Storage Account
Azure & Office 365 Supporting Documents
Microsoft Office 365 and Azure Data Availability
Microsoft Office 365 and Azure Permissions
Integrate with GCP
GCP Overview
Google Cloud Platform
Integrate with OCI
Oracle Cloud Infrastructure
Cloud API Integration Updates
Cloud API Integration Update Overview
Update Cloud API Integrations
Abnormal Inbound Email Security
Akamai App and API Protector
Akamai Enterprise Application Access
Akamai Guardicore Segmentation
AlienVault OTX
Anomali
Aruba ClearPass
Barracuda NGFW
Barracuda WAF
Cato Networks
Check Point
Cisco ASA
Cisco Duo
Cisco FTD Firewall
Cisco IOS and NX-OS
Cisco IronPort
Cisco ISE
Cisco Meraki
Cisco Umbrella
Citrix ADC
Claroty
Cloudflare
Corelight
CyberArk
Darktrace
Dragos
F5 ASM WAF
F5 LTM
Forcepoint Firewall
Forcepoint Web Security
Fortinet Fortigate
Fortinet FortiWeb
Google Workspace
HTTP Ingest
Imperva Cloud
Imperva WAF
Infoblox
Juniper Pulse Secure
Juniper SRX Firewall
Lastline
Linux Server
McAfee ePO
Microsoft DHCP
Microsoft DNS
Microsoft Entra Identity Protection
Microsoft Graph Security API Alerts
Microsoft IIS
Microsoft Office 365 Management API
Microsoft Windows Event Log
Mimecast
Netskope
Nozomi Guardian
Okta
OPNsense
Palo Alto Firewall
Palo Alto Prisma Access
Proofpoint
pfSense
S3 Ingest - Secureworks-Managed
SCADAfence
Skyhigh Secure Web Gateway
SonicWall Firewall
Sophos XG Firewall
Suricata
Symantec Endpoint Protection
Symantec (Blue Coat) ProxySG
Taegis NDR - Physical
Taegis NDR - Virtual
TAXII 2.1
Trend Micro Deep Security
VMWare vCenter
WatchGuard Firewall
Zscaler
Create Custom Parsers
Overview
Syntax
Repeating Fields
Overriding and Extending Global Parsers
Supported Schemas
All Schemas
Antivirus
Auth
CloudAudit
DHCP
DNS
Email
Encrypt
FileMod
HTTP
Management Event
Netflow
NIDS
Process
Registry
Thirdparty
Types
Manage Integrations
Manage NDR Devices
Monitor Data Sources
Manage Cloud APIs
Remove Cloud Permissions
Manage Data Collectors
Manage Endpoint Agents
Alerts, Events, and Investigations
Alerts
Alerts
Alert Details
Alert Severity and Confidence
Resolve Alerts
Alert Enrichment
Alert Group Key
Threat Score
Alert Suppression Rules
Custom Alert Rules
Events
Event Details
Process Trees
Related Alerts and Events
FAQ - Generic Events and Normalized Data
Investigations
Work an Investigation
Start and Add to an Investigation
Close an Investigation
Automatic Investigations
Explore an Entity Graph
CyberChef
Dashboards
Alert Triage Dashboard
Security Posture Dashboard
ManagedXDR Dashboard
My Dashboards
Search and Reports
Search
Advanced Search Query Language
Advanced Search Builder
Saved Searches
Search History
Quick Search
Pivot Search
Rate Limits on Event Search
Sensor Types
File Details
Reports
Create Reports from a Template
Configure Custom Reports
Completed Reports
Scheduled Reports
Archived Reports
Common Report Queries
Automation
Automation Overview
Supported Playbooks
Supported Connectors
Actions
Playbooks
Playbooks Overview
Configured Playbooks
Playbook Executions
Playbook Templates
Playbook Template Versions
Connectors
Configured Connections
Connector Library
Connector Versions
On-Premise Automation Connector
Automation Authoring
Building Connector Definitions
Custom Connector Editor
Connector Definition Language
Defining Functions in Taegis
Defining Your First Connector
Building Playbook Templates
Playbook Template Editor
Playbook Definition Language
Working with Playbook Tasks
Building Your First Playbook
Common Expression Language (CEL)
CEL Explorer
Overview of CEL
Supported CEL Macros
Getting Started with CEL
Example Use Cases for CEL
Threat Intelligence, Hunting, and Detection
Threat Intelligence
Threat Intelligence Overview
Threat Intelligence Reports
Threat Groups
CTU Countermeasures
Threat Hunting
Hunting with Jupyter Notebooks
Detectors
Detector Overview
Detector Test Alerts
Account Compromise
Bring Your Own Threat Intel
Brute Force
Business Email Compromise
Cloud Recon to Change
Cloud Watchlist
Domain Generation Algorithms
Domain Watchlist
Email Watchlist
Endpoint Watchlists
File Analysis
Hands-On-Keyboard
Impossible Travel
IP Watchlist
Kerberoasting
Network IDS
Password Spray
Penetration Test
Portscanning and Broadscanning
Punycode
Quick Mail Consent (MS o365)
Rare Program to Rare IP
SharpHound
Snapshot Exfiltration
Stolen User Credentials
Suspicious DNS Activity
Tactic Graph
Taegis NDR
Taegis Watchlist
Adversary Software Coverage
Adversary Software Coverage
Frequently Asked Questions
Vulnerabilities
Vulnerability Management
Identity
IDR Overview
Identity Risk Posture
Identity Findings
My Environment
Identity Details
Identity Settings
IDR Integration Guide
XDR Admin
Your Account
Log In to XDR
Tenant Switcher
User Profile & Settings
Notifications
Access Support PIN
Data Exports
Tenant Settings
Manage Users
User Roles
Custom Roles
Tenant Profile
Notification Configs
Single Sign-On
Subscriptions
Data Usage
Audit Logs
APIs, SDK, and Magic
Using XDR GraphQL APIs
API Authentication
XDR Python SDK
Overview
Getting Started
Authentication
Proxy Configuration
Queries
Extend and Customize
Deprecation
Usage Examples
Taegis Magic Jupyter Integration
Overview
Alerts API
Using the Alerts API
Alerts GraphQL API
Assets API
Using the Assets API
Assets GraphQL API
Endpoint Assets GraphQL API
Audits API
Using the Audits API
Audits GraphQL API
Automations APIs
Using the Automations GraphQL APIs
Connectors GraphQL API
Playbooks GraphQL API
Bring Your Own Threat Intelligence API
Using the BYOTI API
BYOTI GraphQL API
Collector APIs
Using the Collector APIs
Collector GraphQL API
Datasource GraphQL API
Investigations API
Using the Investigations v2 API
Investigations v2 GraphQL API
Investigations GraphQL API
Threat Intelligence API
Using the Threat Intelligence API
Threat Intelligence GraphQL API
Using the Users GraphQL API
Using the Tenants GraphQL API
Using the Countermeasures API
Using the File Upload API
Using the Notifications API
Power BI for XDR
Secureworks Products, Services, and Policies
Taegis NDR
Overview
Service Description
Transitioning from CTP
Legacy iSensor Service Descriptions
Managed iSensor
Managed iSensor Add-on
ManagedXDR
Service Description
Onboarding Guide
Proactive Response
Overview
Proactive Response Naming Convention
Endpoint Proactive Response Example
Cloud Proactive Response Example
Network Proactive Response Example
Configuring Proactive Response Actions Using Tags
Addendum - Secureworks Services for ManagedXDR
FAQ
ManagedXDR Plus
Elite Threat Hunting
Service Description
Onboarding Guide
ManagedXDR for OT
ManagedXDR Enhanced
Service Description
Onboarding Guide
Secureworks Professional Services
Overview
Onboarding & Enablement Services
Remote Training
Custom Data Source Integration
Customization Services Overview
XDR Health Check
API Reporting
Custom Automation Services
Legal
Ask an Expert Support Policy
Browser Requirements
Copyright
Data Retention Policy
Log Retention
Privacy Policy
Red Cloak End of Support
Security Posture
Service Level Agreement
Subprocessors for SaaS Security
Support Policy
Taegis AI Usage Information
What’s an Endpoint?
XDR EULA
Oops, 404
Well, that didn’t go as planned.
⫘
Try the
main page
or you may also go
back from whence you came
.