Taegis Enablement: Plus🔗
Service Overview🔗
This Service is comprised of the following:
| Taegis Enablement Plus | |
|---|---|
| Personnel | Secureworks Consultant & Project Manager |
| Discovery Session | Up to 4 Hours |
| Taegis Administrator Training | Up to 4 Hours |
| Taegis Analyst Training | Up to 4 Hours |
| Standard Taegis Playbook Deployment | Up to 8 Playbooks |
| Custom Alert Rule Creation | Up to 12 Rules |
| Report Creation (using Taegis Search) | Up to 3 Reports |
| Dedicated Project Manager | Up to 12 Hours |
| Proactive Response Enablement | |
| Project Closure & CSM Transition | |
| And 30 Hours of Taegis Enablement Hours to use across the following activities: | |
| Data Collector Deployment Assistance | |
| Data Source & Cloud Integration Support | |
| Taegis Agent Deployment Support | |
| New Data Source Data Validation | |
| Auto Investigation Creation | |
| NDR Configurations | |
| Taegis API Support & Guidance | |
| Additional Taegis Playbook Deployment | |
| Additional Custom Rule Creation | |
| Taegis Custom Parser Training | |
| Scenario Based Training | |
| Advanced Search Training | |
| Taegis VDR Admin Training | |
| Taegis VDR Configuration Support |
Service Methodology🔗
Secureworks will provide Customer with Taegis Enablement Plus as such Service is described in detail below.
High-Level Project Management🔗
Secureworks will provide a project manager to oversee management of the Service. The scope of the project management includes the following:
- Act as the Secureworks project team's primary point of contact for the Service
- Provide early visibility of essential Customer responsibilities and required deliverables to allow the Secureworks project team to successfully complete in-scope activities
- Engage directly with identified stakeholders for the duration of the project to ensure Customer and Secureworks are progressing with mutually agreed upon responsibilities and action items
- Initiate corrective action where required, managing risks and issues with proposed mitigation plans
- Monitor and manage the Service against the established scope, to include project schedule, RAID, and quality requirements
- Obtain approval on scope definition and ensure completed deliverables are accepted by Customer
Discovery Session🔗
The Discovery session is a consultant-led workshop that aims to uncover key areas of Customer environment to aid deployment, integration, and consumption of XDR. The session is structured to understand and validate further detail on the following areas:
- Technical Infrastructure
- Data Center Locations
- Server & Endpoint Technologies
- Cloud Utilization, (SaaS, PaaS & IaaS)
- Security Controls & Technologies
- User Distribution
- Security Operations
- The current security monitoring state
- Current Security Operations
Once the people, process, and technology has been identified, the following can be identified:
Assets & services that are in scope for XDR integration including:
- Required integration methods for the supported data sources
- Recommended prioritization for asset onboarding into XDR
- Recommended XDR Data Collector numbers and deployment locations
- Integration options for non-supported data sources
- The target security monitoring state
Completion Criteria: This activity is complete when the Discovery workshop has been delivered. Recording of the session is optional and shall be subject to Secureworks Privacy Policy. If required by Customer, Secureworks can provide a copy of the recording together with copies of training materials, if any, via an agreed electronic transfer method.
XDR Administrator Training Session🔗
Listed below are the planned topics for training platform administrators:
- Overview of XDR and its architecture
- How to use the Chat function to communicate with Secureworks experts
- XDR Dashboards
- User management and Tenant Settings
- Deploying a data collector and verifying health
- Configuring data Integrations and verifying health
- Deploying and managing Taegis Endpoint Agents
- XDR APIs
- Custom Parser Overview
- Automations & Proactive Response Overview
- Auditing & Version Control
- Quick Search Function
Completion Criteria: This activity is complete when the Administrator Training session has been delivered. Recording of the session is optional and shall be subject to Secureworks Privacy Policy. If required by Customer, Secureworks can provide a copy of the recording together with copies of training materials, if any, via an agreed electronic transfer method.
XDR Analyst Training Session🔗
Listed below are the planned topics for training Customer's security analysts:
- Overview of XDR and its architecture
- Operating model explanation for XDR Alerting
- Custom Rule Creation
- Suppressing Alerts in XDR
- Searching and reporting in XDR
- MITRE ATT&CK Framework Overview and XDR applicability
- Working with investigations in XDR
- XDR Detectors
- Security Posture Dashboard Overview
- Report Creation
- Using Taegis Automations & Proactive Response
Completion Criteria: This activity is complete when the Analyst Training session has been delivered. Recording of the training session is optional and shall be subject to Secureworks Privacy Policy. If required by Customer, Secureworks can provide a copy of the recording together with copies of training materials, if any, via an agreed electronic transfer method.
Operational Report Creation (Utilizing Taegis Search)🔗
XDR's Data Lake principle allows for operational staff to create granular reports based upon all event data received from the integrated data sources. In this module, a Secureworks consultant will work with Customer to define and create operationally focused reports using the Taegis Advanced Search and widget functions.
Completion Criteria: This activity is complete when the agreed number of reports (up to a maximum of 3) have been created and demonstrated in the Customer tenant.
XDR Custom Rule Creation🔗
The Rule Creation service provides Customer with expert creation of rules used in XDR that are specific to Customer's organization's objectives and goals. Secureworks security experts will collaborate with Customer to understand Customer's requirements and make recommendations, using best practices to define, create, and validate detection or suppression rules. Secureworks will also evaluate and determine the best course of action using Taegis automations and reporting capabilities to accomplish Customer's objectives in an efficient and effective manner that enables Customer's security team to focus on the most critical threats in Customer's IT environment.
Detection rules are for detecting non-standard requirements in Customer's specific environment. These rules are created for events (what Customer wants to detect) through use of the Advanced Search feature that enables searching, detecting, notifying, and reporting your business-related interests, gathered from data collected in XDR.
Alert suppression rules are created to suppress unwanted alerts within XDR (alerts that are referred to as false positives or "noise"). Alert suppression rules are created through use of criteria and regular expressions (RegEx).
Completion Criteria: This activity is complete when the agreed number of custom rules (up to a maximum of 12) have been created and demonstrated and enabled in the Customer tenant.
XDR Standard Playbook Deployment🔗
XDR has an ever-growing library of automations designed to provide efficiencies for Security Operations in areas such as proactive response and alert & investigation handling. A Secureworks Consultant will work with you to create and enable playbooks from the list of currently offered Taegis automations and provide the following:
- Best practice connection creation including authentication and authorization support
- Playbook creation focusing on field completion, required trigger options and actions
- Activation and demonstration of playbook instances in your XDR tenant
Completion Criteria: This activity is complete when the agreed number of standard Taegis playbooks (Up to a maximum of 8) have been created and demonstrated in the Customer XDR tenant.
Proactive Response Enablement🔗
Proactive Response Actions enable Secureworks® Taegis™ MDR analysts to act on Customer's behalf on assets without first notifying Customer and waiting for a response, which could otherwise delay critical actions taking place in a timely manner.
In this activity, a Secureworks Consultant will explain more about Proactive Response, its benefits to the business, and guide Customer in how to configure and enable response actions aligned to Customer's available options.
XDR Enablement Assistance Activities🔗
Onboarding Assistance🔗
XDR Deployment and Integration Assistance is designed to allow for Secureworks Consultants to provide best practice guidance and advise on the distribution, configuration of:
- Cloud and on-premises data collectors for supported environments
- XDR supported data source integrations
- Taegis Endpoint Agents or Red Cloak Endpoint Agents
- New data source data validation
Each session will allow customers to achieve the integration of XDR supported on-premises, cloud, and EDR data sources and ensure that these new integrations are correctly configured, and parsing received data as expected. To ensure greatest return from these sessions, it is highly recommended, to have appropriate change controls and personnel in place, so they can be centered on the integration of the target data sources.
Additional Taegis Playbook or Custom Rule Creation🔗
If additional Custom Rules or Standard playbooks are required on top of the numbers listed in the previous section, then Enablement assistance hours can be used to create the additional required numbers. Please note that the number of additional Playbook or Custom rules that can be created will be determined through discussion with Secureworks Consultant based on the amount of remaining Enablement hours.
Taegis NDR Configuration Assistance🔗
Secureworks NDR customers can control their configuration settings via XDR. A Secureworks Consultant can provide guidance on setting up Customer's NDR IPS technology.
Automatic Investigation Creation🔗
The Taegis platform can automatically create Investigations from alerts that are most important to the business. If required, a Secureworks Consultant will demonstrate, create and deploy the templates and rules required for these investigations when Medium severity or Custom Alerts are detected.
Please note that the number of Automatic Investigations that can be created will be determined through discussion with Customer's Consultant based on the amount of remaining Enablement hours.
Taegis API Support & Guidance🔗
Taegis has an expansive API capability which can be used for reporting and integration into other business tools. In these sessions, Secureworks Consultants can provide insight, guidance, and assistance in the following areas:
- API Authentication and General Usage
- Best practice query utilization
- Building reports in 3rd party reporting tools
XDR Advanced Search Training🔗
Listed below are example topics for operators of the Advanced Search function.
- Recap on Taegis Schema and Detectors
- Using the Advanced Search
- Data Validation (Integration use-case)
- SecOps Triage (Analyst use-case)
- Explaining & using Logical Types
- Search History & Saving Searches
- Creating a search query with Schema Types
- Build with Me
- Statements & Conditions
- Operators and when to use them
- Creating Aggregated searches
- Creating Operational Reports
XDR Custom Parser Training🔗
Listed below are the planned topics for training Customer's on Custom Parser creation:
- Overview of XDR Schema
- Syslog Data Formats
- Recommended Methodology for Custom Parser creation
- Sampling and analyzing data source events
- Creating Parent Parsers
- Creating Child Parsers
- Creating Custom Alerts
XDR Scenario Based Training🔗
The Scenario-Based Training (SBT) is an interactive workshop that enables your SecOps team to use XDR more efficiently and effectively in their continuous efforts to protect and defend Customer's environment against threats. The scenarios for the SBT use current attack vectors aligned to tactics and techniques from the MITRE ATT&CK framework and use existing data in Customer's XDR instance.
Each scenario includes the following:
- Creating advanced searches
- Extracting MITRE tactics and techniques that Secureworks identifies
- Creating and appending data to Investigations
One of Secureworks Consultants facilitates the interactive workshop that consists of fictional attack scenarios based on current real-world threats. Customer's SecOps team uses Customer's XDR instance—just like they would in their everyday work—to complete SecOps activities during the workshop. Participation in the SBT is highly recommended for enhancing understanding of functions and features available within XDR. The Secureworks Consultant will challenge Customer's SecOps team to demonstrate extensive use of XDR features and provide them with professional guidance to adopt and optimize XDR.
During the SBT, Customer's SecOps team will learn to effectively use XDR to do the following:
- Develop and use advanced searches to collect primary artifacts
- Conduct proactive security functions
- Create and update an investigation
- Triage and investigate an alert effectively, including analysis of telemetry using tools and features within XDR
- Report on investigation findings
Additionally, the Secureworks Consultant will provide ad-hoc XDR training during the SBT to assist your SecOps team in completing the tasks if necessary. With this training, you can accelerate adoption of XDR and the Taegis platform and equip your SecOps team to act faster and better protect your environment.
VDR Administrator Training🔗
A Secureworks Consultant will host a session to provide best practice guidance and advice on how to deploy, configure, and utilize Secureworks® Taegis™ VDR optimally within Customer's environment. The duration of the session can vary in length and can provide insight into the following areas:
- Deploying Edge Scanners
- Basic Configuration and Discovery scanning
- How to create Teams and Tags and when to use them
- Explaining the difference between Authenticated and Non-Authenticated Scanning
- How to create and enable scanning profiles
- Understanding vulnerability prioritization and how to use it
- How to create successful remediation plans
VDR Configuration Support🔗
Taegis Enablement Assistance hours can also be used to support the configuration and deployment of VDR. Available hours can be used against the following:
- Ad-hoc feature & function training
- Edge Scanner Deployment assistance
- Team & Tag creation guidance & assistance
- Scanning Profile guidance and assistance
- Exception creation guidance & advice
- Vulnerability Prioritizations insights and overview
- Remediation plan guidance & advice
- Report creation guidance and assistance
Completion Criteria: The activities described within the Taegis Enablement Assistance Hours section are considered complete when all enablement assistance hours have been exhausted. Recording of the deployment sessions is optional and shall be subject to Secureworks Privacy Policy. If required by Customer, Secureworks can provide a copy of the recording together with copies of training materials, if any, via an agreed electronic transfer method.
Outcome🔗
- Delivery of One XDR Taegis Enablement: Plus Service.
Service Units🔗
| Service Name | Required Service Units |
|---|---|
| Taegis Enablement: Plus | 15 |
Scheduling and Booking Information🔗
To find out more or to book an Enablement project, contact your Account Manager or Customer Success Manager.