Skip to content

Automations OverviewπŸ”—

Tip

The Secureworks Professional Services team is here to help you realize the full potential from your Taegis XDR investment if a higher level of support is desired. Our highly skilled consultants can help you deploy faster, optimize quicker, and accelerate your time to value. For more information, see Professional Services Overview.

Automation through Secureworks® Taegis™ XDR relieves your organization of common challenges, such as lack of resources and time to handle otherwise manual tasks, by automating manual tasks. This provides you with more time to investigate and respond to suspicious activity more efficiently.

How Does Automation Work?πŸ”—

Secureworks creates connectors to supported IT tools within your environment. These connections allow us to take read-and-write actions across your infrastructure, with your approval. You then create playbooks, which represent a series of actions and logic, specific and configurable to your organization. These playbooks take action on your network automatically, relieving the need for manual tasks.

Note

Secureworks® Taegis™ XDR Automations use the IP address range 216.9.204.0/22. Please allow connections from this range in your firewall rules and allow-lists.

What Types of Tasks Can I Automate?πŸ”—

Some tasks you can automate through Secureworks® Taegis™ include:

  • Creating and querying tickets through other ticketing systems
  • Creating custom email and instant messaging notifications
  • Managing alerts
  • Response actions
  • Repetitive XDR tasks, such as creating investigations and tagging endpoints

Automations PermissionsπŸ”—

The ability to perform certain Automation actions is limited to your user role. Therefore you may not see all of the documented actions or screens. For more information, see User Roles.

View Automations OverviewπŸ”—

To view Automations Overview in XDR, select Automations from the Taegis Menu and choose Overview.

Automations Overview

This dashboard provides the following widgets with at-a-glance information about your use of Automations in your tenant and a changelog of playbook templates and connectors.

Playbook ExecutionsπŸ”—

The Playbook Executions widget displays a graph of playbook executions from the previous 72 hours.

Playbook Executions Widget

Take the following actions from the widget:

  • Use the filter chips to adjust the graph to display only the selected playbook states.
  • Hover over a segment in the graph to view the execution count.
  • Select View All to navigate to the Playbook Executions overview tab.

Playbook Upgrades AvailableπŸ”—

The Playbook Upgrades Available widget lists all playbooks in use in your tenant that have major or other version upgrades available but not yet applied.

Playbook Upgrades Available Widget

Take the following actions from the widget:

  • Select the Include Disabled toggle to include disabled playbooks in the counts of playbooks that have upgrades available.
  • Select either playbook count to open a side panel that includes a link to the Playbook Version History where you can change the version or choose to automatically update the playbook when new versions are available.

Connection Upgrades AvailableπŸ”—

The Connection Upgrades Available widget lists all connections in use in your tenant that have major or other version upgrades available but not yet applied.

Connection Upgrades Available Widget

Take the following action from the widget:

Deprecated Playbooks and ConnectorsπŸ”—

The Deprecated Playbooks and Connectors widget lists any playbooks and connectors that have been deprecated but are still in use in your tenant. This helps you to identify playbooks and connections that need to be migrated to new implementations.

Deprecated Playbooks and Connectors Widget

Take the following action from the widget:

  • Select either of the counts to open a side panel that includes a link to the playbook or connector template that has been deprecated but is still in use. Use the Playbooks tab from a playbook template or the Configured Connections table from a connector template to identify configured instances that need to be migrated to a new template.

Upcoming Scheduled ExecutionsπŸ”—

The Upcoming Scheduled Executions widget lists upcoming scheduled playbook executions, including a link to the Playbook Details and the date and time of the next run.

Upcoming Scheduled Executions Widget

Take the following actions from the widget:

Latest UpdatesπŸ”—

The Latest Updates widget lists the most recently published playbook templates, actions, and connectors, as well as updates to existing templates and connectors. Each entry includes details about what changes were implemented in the change notes.

Latest Updates Widget

Take the following actions from the widget:

  • Select the Templates or Connectors tab to alter your view.
  • Select View all Templates to navigate to the Playbook Templates tab, or View all Connectors to navigate to the Connector Library.
  • Select the linked playbook or connector title to navigate to the Playbook Template Details or the Connector Details.
  • Select the down arrow at the left of an entry to expand and view more details.
  • Use the filters at the top of the widget to customize your view:
    • Author: View Secureworks-curated or custom playbooks and connectors available for your tenant.
    • In Use: Display only playbooks and connectors that are currently active in your tenant.
    • Created Date: Filter playbooks and connectors based on their creation dateβ€”either those created within the last 30 days, or those created earlier.

Help ResourcesπŸ”—

There are a few places to get specific guidance for using Automations in addition to this Documentation site.

  • Our Help Center has dozens of click-by-click instructions for setting up the most common playbooks. See the Automations article list and click Follow to receive email updates for articles in this section.
  • The in-app documentation for each connector and playbook in the XDR UI contains the technical information required for setup. Refer to the Documentation tab shown on each Automations connector or playbook for more information.

    Automations In-App Documentation