Skip to content

Tactic Graphs🔗

The Tactic Graphs™ Detector models adversary behavior in order to detect malicious behaviors by anticipating adversary tactics. Security applications typically identify threats using countermeasures that detect known malicious adversary actions and activities. When countermeasures block or detect these, the adversaries are forced to modify their tactics in order to continue to operate. It’s an arms race where threat actors and countermeasure developers are constantly iterating on their tactics and the countermeasures to stop them. The Secureworks® Taegis™ XDR Tactic Graphs Detector breaks this cycle through adversary behavior modeling.

Tactic Graphs Detector Detection

Note

The Events Timeline displays when available.

When tactics are identified in your environment, XDR generates detections that are displayed in your XDR tenant. The Tactic Graphs Detector detections contain the individual behaviors that were identified, and the order of the malicious behaviors.

Requirements🔗

This detector requires the following data sources, integrations, or schemas:

Inputs🔗

Detections are from the following normalized sources:

  • Detections, Antivirus, ApiCall, Auth, Cloudaudit, Detection Finding, DNS, Email, File Modification, HTTP, Management, Netflow, NIDS, Process, Script Block, Taegis Agent Detection, Third Party

Outputs🔗

Detections from this detector are pushed to the XDR Detection Database and Detection Triage Dashboard.

Configuration Options🔗

This detector is enabled by default when the required data sources or integrations are available in the tenant.

MITRE ATT&CK Category🔗

The XDR Tactic Graphs Detector has no single MITRE Mapping. Check the detection for the specific mapping.

Detector Testing🔗

This detector does have a supported testing method.

See Tactic Graph Detector for testing information.

FROM detection WHERE metadata.creator.detector.detector_id='app:detect:tactic-detector'

References🔗