Custom Transport Methods

Summary

Secureworks® Taegis™ XDR supports several methods to ingest data in a data source agnostic way. This enables customers of XDR to build custom integrations with the platform for data sources that are not currently optimized integrations.

Note

With Custom Integrations, only the transport of data from a data source into Taegis is guaranteed; downstream outcomes such as normalization, search, and alerting have not been tested and may require additional work beyond ingest to be achieved.

If the data source you wish to integrate with XDR has not yet been optimized by Secureworks, or you wish to explore additional options for integration, there are several available custom transport methods you can use.

Supported Custom Transport Methods

• Data Collector:
  • Forward data to an XDR Collector via syslog
• File Upload API:
  • Create a custom integration using XDR-provided API documentation
• HTTP Ingest:
  • Configure HTTP Ingest to facilitate ingestion from data sources that can send logs to an HTTP server
  • Integrate a data source via Azure Storage Accounts
• S3 Ingest - Secureworks-Managed:
  • Send data to a Secureworks-managed S3 bucket to enable data ingest with XDR
• Taegis Remote Ingest Platform:
  • Integrate a data source via Azure Event Hubs

Follow on Actions

Once XDR is ingesting your data, take the following actions to fully integrate with the data source:

• Set up Custom Parsers to enable normalization of the ingested data
• Set up Custom Alert Rules to enable alerting on security findings from the normalized data