Automations Overviewπ
Tip
The Secureworks Professional Services team is here to help you realize the full potential from your Taegis XDR investment if a higher level of support is desired. Our highly skilled consultants can help you deploy faster, optimize quicker, and accelerate your time to value. For more information, see Professional Services Overview.
Automation through Secureworks® Taegis™ XDR relieves your organization of common challenges, such as lack of resources and time to handle otherwise manual tasks, by automating manual tasks. This provides you with more time to investigate and respond to suspicious activity more efficiently.
How Does Automation Work?π
Secureworks creates connectors to supported IT tools within your environment. These connections allow us to take read-and-write actions across your infrastructure, with your approval. You then create playbooks, which represent a series of actions and logic, specific and configurable to your organization. These playbooks take action on your network automatically, relieving the need for manual tasks.
Note
Secureworks® Taegis™ XDR Automations use the IP address range 216.9.204.0/22. Please allow connections from this range in your firewall rules and allow-lists.
What Types of Tasks Can I Automate?π
Some tasks you can automate through Secureworks® Taegis™ include:
- Creating and querying tickets through other ticketing systems
- Creating custom email and instant messaging notifications
- Managing alerts
- Response actions
- Repetitive XDR tasks, such as creating investigations and tagging endpoints
Automations Permissionsπ
The ability to perform certain Automation actions is limited to your user role. Therefore you may not see all of the documented actions or screens. For more information, see User Roles.
View Automations Overviewπ
To view Automations Overview in XDR, select Automations from the Taegis Menu and choose Overview.
This dashboard provides the following widgets with at-a-glance information about your use of Automations in your tenant and a changelog of playbook templates and connectors.
Playbook Executionsπ
The Playbook Executions widget displays a graph of playbook executions from the previous 72 hours.
Take the following actions from the widget:
- Use the filter chips to adjust the graph to display only the selected playbook states.
- Hover over a segment in the graph to view the execution count.
- Select View All to navigate to the Playbook Executions overview tab.
Playbook Upgrades Availableπ
The Playbook Upgrades Available widget lists all playbooks in use in your tenant that have major or other version upgrades available but not yet applied.
Take the following actions from the widget:
- Select the Include Disabled toggle to include disabled playbooks in the counts of playbooks that have upgrades available.
- Select either playbook count to open a side panel that includes a link to the Playbook Version History where you can change the version or choose to automatically update the playbook when new versions are available.
Connection Upgrades Availableπ
The Connection Upgrades Available widget lists all connections in use in your tenant that have major or other version upgrades available but not yet applied.
Take the following action from the widget:
- Select either connection count to open a side panel that includes a link to the Connection Version History where you can change the version or choose to automatically update the connection when new versions are available.
Deprecated Playbooks and Connectorsπ
The Deprecated Playbooks and Connectors widget lists any playbooks and connectors that have been deprecated but are still in use in your tenant. This helps you to identify playbooks and connections that need to be migrated to new implementations.
Take the following action from the widget:
- Select either of the counts to open a side panel that includes a link to the playbook or connector template that has been deprecated but is still in use. Use the Playbooks tab from a playbook template or the Configured Connections table from a connector template to identify configured instances that need to be migrated to a new template.
Upcoming Scheduled Executionsπ
The Upcoming Scheduled Executions widget lists upcoming scheduled playbook executions, including a link to the Playbook Details and the date and time of the next run.
Take the following actions from the widget:
- Select the linked playbook title to open the Playbook Details.
- Select View All to navigate to the Playbook Schedules overview tab.
Latest Updatesπ
The Latest Updates widget lists the most recently published playbook templates, actions, and connectors, as well as updates to existing templates and connectors. Each entry includes details about what changes were implemented in the change notes.
Take the following actions from the widget:
- Select the Templates or Connectors tab to alter your view.
- Select View all Templates to navigate to the Playbook Templates tab, or View all Connectors to navigate to the Connector Library.
- Select the linked playbook or connector title to navigate to the Playbook Template Details or the Connector Details.
- Select the down arrow at the left of an entry to expand and view more details.
- Use the filters at the top of the widget to customize your view:
- Author: View Secureworks-curated or custom playbooks and connectors available for your tenant.
- In Use: Display only playbooks and connectors that are currently active in your tenant.
- Created Date: Filter playbooks and connectors based on their creation dateβeither those created within the last 30 days, or those created earlier.
Help Resourcesπ
There are a few places to get specific guidance for using Automations in addition to this Documentation site.
- Our Help Center has dozens of click-by-click instructions for setting up the most common playbooks. See the Automations article list and click Follow to receive email updates for articles in this section.
-
The in-app documentation for each connector and playbook in the XDR UI contains the technical information required for setup. Refer to the Documentation tab shown on each Automations connector or playbook for more information.