Authenticate with the Taegis SDK for Python🔗
Below is the authentication flow for the Taegis SDK for Python:
Cached Token > Authenticate via OAuth > Authenticate via SSO or Username/Password/MFA
Tokens will be cached in the ~/.taegis_sdk_python/config file. Please ensure that this path is writable by your script.
OAuth🔗
By default, OAuth tokens will be utilized from environment variables CLIENT_ID and CLIENT_SECRET.
Generate a CLIENT_ID and CLIENT_SECRET:
from taegis_sdk_python import GraphQLService
from pprint import pprint as pp
service = GraphQLService(environment="US1")
result = service.clients.mutation.create_client(name="my_awesome_app", roles=None)
print(f"CLIENT_ID: {result.client.client_id}")
print(f"CLIENT_SECRET: {result.client_secret}")
pp(result)
Important
Store these results in an encrypted vault.
Replace <client_id> and <client_secret> with your values from above:
Customizing Environment Variables🔗
You can use write_to_config to set custom environment variable names for your application. This is useful if you are automating and need to access different environments from the same script.
from taegis_sdk_python import GraphQLService
from taegis_sdk_python.config import write_to_config
# write_to_config(environment, default_reference, custom_reference)
# these are not template strings, but environment reference names
# see next cell for usage example
write_to_config("charlie", "CLIENT_ID", "CHARLIE_CLIENT_ID")
write_to_config("charlie", "CLIENT_SECRET", "CHARLIE_CLIENT_SECRET")
service = GraphQLService()
User🔗
User logins are handled by device code authorization. The user receives a link to Secureworks® Taegis™ XDR, where their organizational settings will be applied for authentication.
Universal Authentication🔗
Users and clients with access to multiple environments can reduce logins with the use_universal_authentication configuration value. This is set to False by default.
For all API calls:
Per API call:
Clearing Authorization Tokens🔗
If you would like to manually clear the authentication tokens: