Skip to content

Release 3.8.11 is now available.

Documentation

Supported Integrations

English
日本語

XDR RSS
VDR RSS
Taegis Agent RSS

Initializing search

Home
XDR
Integrations
VDR
Services & Legal
API Guides
Onboarding
Help Center

Documentation

Home
XDR
XDR
- About XDR
  About XDR
- Getting Started
  Getting Started
- Manage Integrations
  Manage Integrations
- Detections, Events, and Entities
  Detections, Events, and Entities
  - Detections
    Detections
    
    Detections
    
    Detection Details
    
    Detection Severity and Confidence
    
    Resolve Detections
    
    Detection Enrichment
    
    Detection Group Key
    
    Threat Score
    
    Custom Detection Rules
    
    Detection Suppression Rules
  - Events
    Events
    
    Event Details
    
    Process Event Lineage
    
    Related Detections and Events Timeline View
    
    FAQ: Generic Events and Normalized Data
  - Entities
    Entities
    
    Entity Details
    
    Structured Entities
    
    Entity v2 Protocol Buffer Reference
    
    Explore an Entity Graph
  - CyberChef
- Cases
  Cases
- Dashboards
  Dashboards
- Search and Reports
  Search and Reports
  - Search
    Search
    
    Advanced Search Query Language
    
    Advanced Search Builder
    
    Taegis AI for Search
    
    Saved Searches
    
    Search History
    
    Quick Search
    
    Pivot Search
    
    Rate Limits on Event Search
    
    Sensor Types
    
    File Details
  - Reports
    Reports
    
    Create Reports from a Template
    
    Configure Custom Reports
    
    Completed Reports
    
    Scheduled Reports
    
    Archived Reports
    
    Common Report Queries
- Automation
  Automation
  - Automations Overview
  - Supported Playbooks
  - Supported Connectors
  - Taegis Actions
  - Playbooks
    Playbooks
    
    Playbooks Overview
    
    Configured Playbooks
    
    Playbook Executions
    
    Playbook Templates
    
    Playbook Template Versions
    
    Playbook Schedules
  - Connectors
    Connectors
    
    Configured Connections
    
    Connector Library
    
    Connector Versions
    
    On-Premise Automation Connector
  - Automation Authoring
    Automation Authoring
    
    Building Connector Definitions
    Building Connector Definitions
    
    Custom Connector Editor
    
    Connector Definition Language
    
    Define Functions in Taegis
    
    Define Your First Connector
    
    Building Playbook Templates
    Building Playbook Templates
    
    Playbook Template Editor
    
    Playbook Definition Language
    
    Work with Playbook Tasks
    
    Build Your First Playbook
  - Common Expression Language (CEL)
    Common Expression Language (CEL)
    
    CEL Overview
    
    Get Started with CEL
    
    CEL Examples
    
    Supported CEL Macros
    
    CEL Explorer
- Threat Intelligence, Hunting, and Detectors
  Threat Intelligence, Hunting, and Detectors
  - Threat Intelligence
    Threat Intelligence
    
    Threat Intelligence Overview
    
    Threat Intelligence Explorer
    
    Threat Intelligence Reports
    
    Threat Groups
    
    CTU Countermeasures
  - Threat Hunting
    Threat Hunting
    
    Hunting with Jupyter Notebooks
  - Detectors
    Detectors
    
    Detector Explorer
    
    Detector Overview
    
    Detector Test Detections
    
    Account Compromise
    
    Bring Your Own Threat Intel (BYOTI)
    
    Brute Force
    
    Business Email Compromise
    
    Cloud Recon to Change Detector
    
    Cloud Watchlist
    
    Domain Generation Algorithms
    
    Domain Watchlist
    
    Email Watchlist
    
    Endpoint Watchlists
    
    Hands On Keyboard
    
    Impossible Travel
    
    IP Watchlist
    
    Kerberoasting
    
    NIDS
    
    Password Spray
    
    Penetration Test
    
    Portscanning and Broadscanning
    
    Punycode
    
    Quick Mail Consent (MS O365)
    
    Rare Program to Rare IP
    
    SharpHound
    
    Snapshot Exfiltration
    
    Stolen User Credentials
    
    Suspicious DNS Activity
    
    Tactic Graphs
    
    Taegis NDR
    
    Taegis Watchlist
  - Adversary Software Coverage
    Adversary Software Coverage
    
    Adversary Software Coverage
    
    FAQ: Adversary Software Coverage
- Vulnerabilities
  Vulnerabilities
  - Vulnerability Management
- Identity
  Identity
- XDR Admin
  XDR Admin
  - Your Account
    Your Account
    
    Log In to XDR
    
    Multi-Tenancy
    
    Tenant Switcher
    
    User Profile & Settings
    
    Notifications
    
    Access Support PIN
    
    Data Exports
  - Tenant Settings
    Tenant Settings
    
    Manage Users
    
    Manage API Credentials
    
    User Roles
    
    Custom Roles
    
    Tenant Profile
    
    Notification Configurations
    
    Single Sign-On (SSO)
    
    Subscriptions
    
    Data Usage
    
    Audit Logs
Integrations
Integrations
- Integration Overview
- Supported Integrations
- Data Collectors
  Data Collectors
  - AWS Data Collector
  - Azure Data Collector
  - GCP Data Collector
  - On-Premises Data Collector
  - On-Premises HA Data Collector
  - Applications
    Applications
    
    Admiral Console
    
    Splunk Heavy Forwarder
    
    eStreamer
    
    TLS Enabled Syslog
- Endpoint Agents
  Endpoint Agents
  - Sophos Endpoint Agent
    Sophos Endpoint Agent
    
    Introduction
    
    Groups
    
    Policies
    
    Isolation Exclusions
    
    Installation Info and Prerequisites
    
    Supported OS and System Recommendations
    
    Update Caches and Message Relays
    
    Downloads
    
    Technical Details
    
    Windows Installation
    
    Linux Installation
    
    macOS Installation
    
    Uninstall Sophos Agent
    
    FAQ
    
    User Role Mappings
    
    Live Response
    
    Sophos Endpoint App UI
    Sophos Endpoint App UI
    
    Application UI
    
    Troubleshooting
  - Taegis Endpoint Agent
    Taegis Endpoint Agent
    
    Introduction
    
    Beta Release Channel
    
    Groups
    
    Group Policies
    
    Host Isolation Exceptions
    
    Downloads
    
    Supported OS and System Recommendations
    
    Agent Technical Details
    
    Installation Info and Prerequisites
    
    Windows Installation
    
    macOS Installation
    
    Linux Installation
    
    Windows Troubleshooting
    
    macOS Troubleshooting
    
    Linux Troubleshooting
    
    Agent Uninstall
    
    FAQ
    
    Known Issues
    
    Changelog
  - Red Cloak Endpoint Agent
    Red Cloak Endpoint Agent
    
    Red Cloak Endpoint Agent
    
    Supported OS and System Requirements
    
    FAQ
    
    Changelog
    
    Technical Details
    
    Isolate a Red Cloak Endpoint Agent
    
    Uninstall
    
    VDI or Cloud Instance Deployments
    
    Troubleshooting
  - CrowdStrike
  - Microsoft Defender for Endpoint
  - SentinelOne
  - VMWare Carbon Black
  - VMware Carbon Black Cloud Endpoint Standard and Enterprise EDR
  - VMWare Carbon Black Response Cloud
- Data Sources
  Data Sources
  - Custom Integrations
    Custom Integrations
    
    Custom Transport Methods
    
    EDR OCSF Ingest
    
    Transport via Azure Event Hub
    
    Transport via File Upload API
    
    Transport via HTTP Ingest
    
    Transport via Secureworks-Managed S3
    
    Transport via Syslog
    
    Transport via Azure Storage Account
  - Integrate with AWS
    Integrate with AWS
    
    AWS Overview
    
    Amazon CloudWatch Logs
    
    Amazon GuardDuty
    
    AWS ALB Logs
    
    AWS CloudTrail
    
    AWS VPC Flow Logs
    
    AWS WAF Logs
    
    AWS S3 Event Archiving
    
    AWS S3 Server Access Logs
  - AWS Supporting Documents
    AWS Supporting Documents
    
    Find Your AWS Account ID
    
    Test AWS Lambda Logs
    
    View AWS Lambda Logs
    
    Lambda Migration
    
    AWS Lambda Update
    
    AWS Lambda Trigger
    
    AWS Lambda Lifecycle Policy Management
    
    Multitenant CloudTrail Permissions
  - Integrate with Azure
    Integrate with Azure
    
    Azure and O365 Overview
    
    Microsoft Entra Activity Reports
    
    Microsoft Azure Activity Log
    
    Microsoft Azure Application Gateway
    
    Microsoft Azure Event Hubs
    
    Microsoft Azure Firewall
    
    Microsoft Azure Network Watcher Flow Logs
    
    Microsoft Azure Front Door
    
    Microsoft Azure Storage Account
  - Azure & Office 365 Supporting Documents
    Azure & Office 365 Supporting Documents
    
    Office 365 and Azure Data Availability
    
    Permissions Used by XDR for Microsoft 365 and Azure Integrations
    
    Removing Service Principals for Discontinued Integrations
  - Integrate with GCP
    Integrate with GCP
    
    GCP Overview
    
    Google Cloud Platform
  - Integrate with OCI
    Integrate with OCI
    
    Oracle Cloud Infrastructure (OCI)
  - Cloud API Integration Updates
    Cloud API Integration Updates
    
    Cloud API Integration Update Overview
    
    Update Cloud API Integrations
  - Abnormal Inbound Email Security
  - Akamai App and API Protector
  - Akamai Enterprise Application Access (EAA)
  - Akamai Guardicore Segmentation
  - AlienVault OTX (Legacy)
  - Anomali
  - Aruba ClearPass
  - Barracuda NGFW
  - Barracuda WAF
  - Box
  - Cato Networks
  - Check Point
  - Check Point Harmony Email Security
  - Cisco ASA
  - Cisco Duo
  - Cisco Secure Firewall Threat Defense
  - Cisco IOS and NX-OS
  - Cisco Ironport
  - Cisco ISE
  - Cisco Meraki
  - Cisco Umbrella
  - Citrix ADC
  - Claroty Continuous Threat Detection (CTD)
  - Cloudflare
  - Corelight
  - CyberArk
  - Darktrace
  - Dragos Platform
  - F5 ASM WAF
  - F5 BIG-IP Local Traffic Manager
  - Forcepoint Firewall
  - Forcepoint Web Security
  - Fortinet Fortigate
  - Fortinet FortiWeb
  - Google Workspace
  - HTTP Ingest
  - Imperva Cloud
  - Imperva WAF
  - Infoblox
  - Ivanti Pulse Secure
  - Juniper SRX Firewall
  - Lastline
  - Linux Servers
  - McAfee ePO
  - Microsoft DHCP
  - Microsoft DNS
  - Microsoft Entra Risk Detection
  - Microsoft Graph Security API v1
  - Microsoft Graph Security API v2
  - Microsoft IIS
  - Office 365 Management API
  - Microsoft Windows Event Log
  - Mimecast
  - Netskope SSE
  - Nozomi Guardian
  - Okta
  - OPNsense
  - Palo Alto Firewall
  - Palo Alto Prisma Access
  - Proofpoint Targeted Attack Protection (TAP)
  - pfSense
  - S3 Ingest (Secureworks-Managed)
  - Salesforce Real-Time Event Monitoring
  - SCADAfence
  - Skyhigh (McAfee/Trellix) Secure Web Gateway
  - Snowflake
  - SonicWall Firewall
  - Sophos XGS Firewall
  - Suricata
  - Symantec Endpoint Protection
  - Symantec (Blue Coat) ProxySG
  - Taegis NDR (Physical)
  - Taegis NDR (Virtual)
  - TAXII 2.1
  - Trend Micro Deep Security
  - VMware vCenter
  - WatchGuard Firewall
  - Zscaler
- Custom Parsers
  Custom Parsers
VDR
VDR
- Taegis VDR Home
- Contextual Prioritization Score Tuning
- About VDR
  About VDR
- Get Started
  Get Started
  - Get Started with VDR
- Edge Services
  Edge Services
  - Create New Edge Services
  - Edge Services Virtual Machine Requirements
  - Generic Post-Configured ES
    Generic Post-Configured ES
    
    Installation
    
    Generic Edge Service Images
  - Fully Preconfigured ES Installation
  - Set up an AMI-Based Edge Service in AWS
  - Edge Service Images Deployment
    Edge Service Images Deployment
    
    Edge Service Installation - Azure
    
    Edge Service Installation - Hyper-V
    
    Edge Service Installation - VMWare ESXi Web
    
    Edge Service Installation - VMWare Player
  - Secured Edge Services Data Transfer
  - Edge Services Recommended Ubuntu Update
- Asset Discovery
  Asset Discovery
- Asset Management (Servers & Websites)
  Asset Management (Servers & Websites)
- Vulnerability Scanning Prerequisites
  Vulnerability Scanning Prerequisites
  - Reach Firewalled & Internal Assets
  - IP Ranges from Internet & Perimeter Scans
- Asset Scanning
  Asset Scanning
  - Schedule Scans
  - Consult Scan Results
  - Emergency Stop
  - Scan Rules
  - Authenticated Scans
    Authenticated Scans
    
    Run Authenticated (Whitebox) Scans
    
    Add New Credentials
    
    Associate Credentials to Tags
- Vulnerabilities
  Vulnerabilities
- Executive Summary Dashboard
  Executive Summary Dashboard
- Search and Reports
  Search and Reports
- Remediation
  Remediation
  - Create, View, and Update Remediation Plans
- Connectors
  Connectors
- Troubleshooting
  Troubleshooting
- VDR Admin
  VDR Admin
  - Your Account
    Your Account
    
    Log in to VDR
    
    Multi-Factor Authentication
    Multi-Factor Authentication
    
    Two-Factor Authentication
    
    XDR Single Sign-On
    
    Set up SAML2 SSO with Azure AD
    
    Okta Authorization Server
    
    Change Your Password
    
    Activate User Notifications
  - User & Team Management
    User & Team Management
    
    Create New Users
    
    Create and Manage Teams
    
    Access Rights for Users in Teams
    
    Activate Team Notifications
- APIs
  APIs
Services & Legal
Services & Legal
- Taegis MDR
  Taegis MDR
  - Service Description
  - Onboarding Guide
  - Proactive Response
    Proactive Response
    
    Proactive Response Actions Overview
    
    Authorize and Enable Proactive Response Actions
    
    Configure Endpoint Proactive Response Policy Using Tags
  - Addendum - Secureworks Services for Taegis MDR
  - FAQ
- Taegis MDR Plus
- Elite Threat Hunting
  Elite Threat Hunting
  - Service Description
  - Onboarding Guide
- Taegis MDR for OT
- Taegis MDR Enhanced
  Taegis MDR Enhanced
  - Service Description
  - Onboarding Guide
- Secureworks Professional Services
  Secureworks Professional Services
- Consulting
  Consulting
  - Incident Management Retainer Service
  - Incident Management Retainer Service References
    Incident Management Retainer Service References
    
    Service Handbook
    Service Handbook
    
    Incident Management Retainer Service Handbook
    
    Incident Management Retainer Operating Model Reference
    
    Incident Management Retainer Escalation Channels Reference
    
    Incident Management Retainer Ticketing Guidance
    
    Cybersecurity Emergency Guidance
    
    Incident Management Retainer Service References
  - Incident Management Retainer Services Catalog
    Incident Management Retainer Services Catalog
    
    Incident Management Retainer Services Catalog Overview
    
    Incident Readiness and Advisory Services
    Incident Readiness and Advisory Services
    
    Incident Response Plan Development
    
    Incident Response Plan Review
    
    Incident Response (IR) Playbook Development
    
    Special
    Special
    
    Cloud Configuration Review
    
    Cloud Security Architecture Assessment
    
    Secureworks Information Security Controls Assessment
    
    Security Controls Assessment
    
    Security Maturity Assessment
    
    Testing and Validation Services
    Testing and Validation Services
    
    Active Directory Security Assessment
    
    Custom Application Security Assessment
    
    Cloud Penetration Test
    
    Device Penetration Test
    
    External Penetration Test
    
    Internal Penetration Test
    
    Laptop Penetration Test
    
    Medical Device Test
    
    Microsoft Entra ID Security Assessment
    
    Mobile Application Security Assessment
    
    Password Cracking and Analysis
    
    Physical Security Testing
    
    SAP Penetration Test
    
    Secure Code Analysis
    
    Threat Hunting Assessment
    
    Vulnerability Assessment
    
    Web Application Security Assessment
    
    Web Service / API Test
    
    Wireless Network Penetration Test
    
    Threat Intelligence Services
    Threat Intelligence Services
    
    Enterprise Brand Surveillance (EBS) Information Brief
    
    Threat Brief
    
    Threat Intelligence Support Services
    
    Workshops and Exercises
    Workshops and Exercises
    
    Cybersecurity Awareness and Readiness Training
    Cybersecurity Awareness and Readiness Training
    
    End User Security Awareness (EUSA)
    
    Vishing Drill
    
    Phishing Drills
    
    Adversary Exercises
    
    Adversary Emulation Exercise
    
    Adversary Simulation Exercise
    
    Collaborative Adversary Exercise
    
    Functional Exercise
    
    Incident Response Fundamentals Training
    Incident Response Fundamentals Training
    
    Incident Response Fundamentals Training
    
    Principles of Incident Response Training
    
    Incident Commander Training
    
    Attacking and Defending Active Directory
    
    Tabletop Exercise
    
    Professional Services
    Professional Services
    
    Taegis XDR Health Check
    
    Taegis Enablement -- Core
    
    Taegis Enablement -- Plus
    
    Taegis Training
    
    XDR Custom Data Source Integration
    
    XDR Customization Services
    
    Programs
    Programs
    
    Ransomware Preparedness Program
    
    Technical Assistance Services
  - Incident Response Services Technology Guidance
    Incident Response Services Technology Guidance
    
    Red Cloak Endpoint Agent for Incident Response Services
  - Secureworks Services for Taegis MDR Add-on
    Secureworks Services for Taegis MDR Add-on
    
    Secureworks Services for Taegis MDR
    
    Secureworks Services for MDR Catalog Overview
    
    Incident Readiness and Advisory Services
    Incident Readiness and Advisory Services
    
    Incident Response Plan Development
    
    Incident Response Plan Review
    
    Incident Response (IR) Playbook Development
    
    Testing and Validation Services
    Testing and Validation Services
    
    Active Directory Security Assessment
    
    Custom Application Security Assessment
    
    Cloud Penetration Test
    
    Device Penetration Test
    
    External Penetration Test
    
    Internal Penetration Test
    
    Laptop Penetration Test
    
    Medical Device Test
    
    Microsoft Entra ID Security Assessment
    
    Mobile Application Security Assessment
    
    Password Cracking and Analysis
    
    Physical Security Testing
    
    SAP Penetration Test
    
    Secure Code Analysis
    
    Threat Hunting Assessment
    
    Vulnerability Assessment
    
    Web Application Security Assessment
    
    Web Service / API Test
    
    Wireless Network Penetration Test
    
    Threat Intelligence Services
    Threat Intelligence Services
    
    Enterprise Brand Surveillance (EBS) Information Brief
    
    Threat Brief
    
    Threat Intelligence Support Services
    
    Workshops and Exercises
    Workshops and Exercises
    
    Cybersecurity Awareness and Readiness Training
    Cybersecurity Awareness and Readiness Training
    
    End User Security Awareness (EUSA)
    
    Vishing Drill
    
    Phishing Drills
    
    Adversary Exercises
    
    Adversary Emulation Exercise
    
    Adversary Simulation Exercise
    
    Collaborative Adversary Exercise
    
    Functional Exercise
    
    Incident Response Fundamentals Training
    Incident Response Fundamentals Training
    
    Incident Response Fundamentals Training
    
    Principles of Incident Response Training
    
    Incident Commander Training
    
    Attacking and Defending Active Directory
    
    Tabletop Exercise
    
    Professional Services
    Professional Services
    
    Taegis XDR Health Check
    
    Taegis Enablement -- Core
    
    Taegis Enablement -- Plus
    
    Taegis Training
    
    XDR Custom Data Source Integration
    
    XDR Customization Services
    
    Programs
    Programs
    
    Ransomware Preparedness Program
    
    Technical Assistance Services
- Taegis NDR
  Taegis NDR
  - Taegis NDR Overview
  - Taegis NDR Service Description
  - Transitioning from CTP to Taegis XDR
  - Legacy iSensor Service Descriptions
    Legacy iSensor Service Descriptions
    
    Secureworks Managed iSensor on Taegis XDR (Legacy)
    
    Secureworks MDR-Managed iSensor Add-on (Legacy)
- Legal
  Legal
API Guides
API Guides
- Get Started with XDR APIs
- XDR GraphQL APIs Authentication
- Taegis Python SDK
  Taegis Python SDK
- Taegis Magic Jupyter Integration
  Taegis Magic Jupyter Integration
  - Taegis Magic Jupyter Integration
- Alerts API
  Alerts API
  - Get Started with the Alerts GraphQL API
  - Alerts GraphQL API
- Assets API
  Assets API
  - Get Started with the Endpoint Assets GraphQL API
  - Endpoint Assets GraphQL API
- Audits API
  Audits API
  - Get Started with the Audits GraphQL API
  - Audits GraphQL API
- Automations APIs
  Automations APIs
- Bring Your Own Threat Intelligence API
  Bring Your Own Threat Intelligence API
  - Get Started with the BYOTI API
  - BYOTI GraphQL API
- Collector APIs
  Collector APIs
- Identity APIs
  Identity APIs
- Investigations API
  Investigations API
- Threat Intelligence API
  Threat Intelligence API
  - Get Started with the Threat Intelligence GraphQL API
  - Threat Intelligence GraphQL API
- Get Started with the Users API
- Get Started with the Tenants API
- Get Started with the Countermeasures API
- Get Started with the File Upload API
- Get Started with the Notifications API
- Power BI for XDR
Onboarding
Onboarding
- Taegis MDR Onboarding
  Taegis MDR Onboarding
  - Introduction
  - 1. Getting Started
    1. Getting Started
    
    1.1 Access XDR and Manage Users
    
    1.2 What is Taegis?
    
    1.3 Navigate XDR
    
    1.4 Your Secureworks Team
  - 2. Integrate an EDR Agent
    2. Integrate an EDR Agent
    
    2.1 Deploy an Endpoint Agent
    
    Available Agents
    Available Agents
    
    Sophos Endpoint Agent
    
    Taegis XDR Endpoint Agent
    
    Red Cloak Endpoint Agent
    
    CrowdStrike
    
    Microsoft Defender for Endpoint
    
    SentinelOne Endpoint
    
    Carbon Black Cloud Endpoint Standard and Enterprise EDR
    
    2.2 Manage Endpoints
    
    2.3 Achieve 40% Deployment Milestone
  - 3. Integrate Data Sources
    3. Integrate Data Sources
    
    3.1 Set Up Data Collectors
    
    3.2 Add Data Sources
  - 4. Using XDR
    4. Using XDR
    
    4.1 Cases
    
    4.2 Searching & Reporting
    
    4.3 Custom Rules & Automation
    
    4.4 Configure Proactive Response Actions
    
    4.5 CTU Countermeasures & Threat Intelligence
    
    4.6 Tools
  - 5. Steady State
    5. Steady State
    
    5.1 Readiness Check
    
    5.2 Steady State Achieved
    
    5.3 Quarterly Updates
- VDR Onboarding
  VDR Onboarding
  - Introduction
  - 1. Getting Started
    1. Getting Started
    
    1.1 Access the Application
    
    1.2 User Settings
    
    1.3 Create Teams and Invite Users
    
    1.4 Commencement Call
  - 2. Asset Discovery & Scan
    2. Asset Discovery & Scan
    
    2.1 Asset Discovery and Scan
    
    2.2 Set Up Edge Services and Other Prerequisites
    
    Deployment Options
    Deployment Options
    
    Generic Post-Configured Edge Service
    
    Fully Preconfigured Edge Service
    
    AMI-Based Edge Service in AWS
    
    Create and Configure an Edge Service through the Public API
    
    Internet and Perimeter Assets Prerequisites
    
    2.3 Import and Discover Assets
    
    2.4 Scans
    
    2.5 Asset Management
  - 3. Vulnerability Management
    3. Vulnerability Management
    
    3.1 Consult Scans
    
    3.2 Vulnerability Remediation
    
    3.3 Advanced Search and Reporting
  - 4. Support
    4. Support
    
    4.1 Troubleshooting and Support
Help Center

Supported Integrations🔗

Secureworks® Taegis™ XDR can ingest data from the following third-party sources:

Was this page helpful?

Thanks for your feedback!

Thanks for your feedback!

© 2025 Secureworks®, Inc. | v. 3.8.11