HTTP Ingest Transport Method Overview

Summary

In certain scenarios, security telemetry is generated as a continuous stream rather than in periodic batches, allowing for near real-time analysis and inspection of potential threats. In these scenarios, a more direct per-message integration with Secureworks® Taegis™ XDR is ideal.

XDR HTTP Ingest enables a customer to post security-relevant logs in a streaming fashion.

Since XDR HTTP Ingest supports the capability to post logs in a streaming manner, it facilitates near-real-time monitoring and inspection of emerging threats, enhancing the responsiveness to potential security incidents. Additionally, this streaming functionality broadens the platform's integration scope, making it compatible with a wider array of applications and systems that necessitate this real-time approach to logging.

Reference Architecture

HTTP Ingest Reference Architecture

Example Scenario

The local IT security team utilizes a cloud-based API that collects audit logs of user actions by calling the API on a regular basis and retrieves all new audited actions users have performed. The security team utilizes a customized script to post the messages retrieved from the API to XDR as they are collected, enabling near real-time ingest of the audited actions to XDR.

Setup

HTTP Ingest can be configured by following the setup documentation.