AI Features FAQ

Frequently asked questions about the AI assistant in Secureworks® Taegis™ XDR.

How does the AI assistant work?

The AI assistant lets you enter predefined natural-language queries or your own queries to investigate threats. The AI responds with information and insights from various plug-ins, such as Data Lake queries or threat look-up websites.

You can use follow-up prompts or queries to refine the investigation and produce recommendations for action. For more information, see AI Assistant Overview.

What data sources does the AI assistant analyze?

The AI assistant can retrieve and analyze data from the following XDR-integrated sources:

• Sophos Endpoint (Windows)
• Sophos Server (Windows)

As the feature matures, data from other sources will be accessible using the AI assistant.

Are AI features available for all case types?

The AI assistant includes a Security Analyst assistant and a Threat Hunter assistant.

The Security Analyst assistant is available for Taegis MDR-managed cases, which are handled by the Taegis MDR Operations team, and for cases that you create and manage yourself.

The Threat Hunter assistant is available only for cases that you create and manage yourself.

How does the AI assistant improve investigations?

The AI assistant improves investigations as follows:

• Enables less experienced admins to investigate threats. It doesn't need knowledge of complex SQL syntax.
• Interprets and correlates historical case data, threat intelligence, and logs.
• Speeds up analysis by doing a series of tasks, from endpoint queries to threat lookups, in a single workflow.

Can the AI assistant respond to threats?

No. Currently, the AI assistant focuses on investigation rather than taking direct remediation actions. Analysts can use its insights as the basis for fast human-initiated actions.

Who can use AI assistant?

You must be a Tenant Administrator to access AI assistant.

Which languages are supported?

Currently, English is the only supported language for AI assistant.

Which third-party AI services does the AI assistant rely on?

AI assistant uses LLMs (Large Language Models) hosted on Azure (Azure OpenAI) and Amazon Bedrock.

How does AI assistant use my data?

When you activate an AI feature, the system does as follows:

1. Evaluates the request.
2. Coordinates tasks between relevant components and data sources.
3. Uses a secure API to decide which resources are needed.

For tasks requiring third-party LLM services, all data transferred is encrypted in transit, ensuring its integrity.

To learn more about data handling practices in XDR, see these documents:

• Sophos XDR Privacy Data Sheet
• Sophos Group Privacy Notice

Will Azure OpenAI or Amazon Bedrock train its model on the inputs or outputs?

No. Azure OpenAI or Amazon Bedrock won't use any inputs or outputs from our AI features to train models, or to improve their services.

Who can see my chat with the AI assistant?

Only you can see your chat with the AI assistant.

You have access to an AI assistant thread for each case but only one thread is active at a time.

How does Secureworks prevent unauthorized access to data?

The AI features adhere to the existing roles-based access (RBAC) policies of Taegis. Users of these features can only operate strictly within the boundaries of their designated roles.

How does Secureworks ensure accuracy?

AI can generate false or misleading information. To avoid this, we do as follows:

• Restrict interactions with Azure OpenAI or Amazon Bedrock to topics related to Secureworks products and security.
• Use testing and validation to minimize errors and improve relevance.
• Monitor AI responses to evaluate their accuracy.
• Gather user feedback about the accuracy of responses and use it to improve response quality.

Responsible Usage

Use these features responsibly. AI-generated outputs aren't always perfect. Always check for accuracy and relevance before you use the generated content.

We set limits on the use of our AI features. For details, see Usage Limits.