Skip to content

Taegis Enablement: Core🔗

Service Overview🔗

This Service is comprised of the following:

Taegis Enablement Core
Personnel Secureworks Consultant
Discovery Session Up to 2 Hours
Taegis Administrator Training Up to 4 Hours
Taegis Analyst Training Up to 4 Hours
Standard Taegis Playbook Deployment Up to 3 Playbooks
Custom Alert Rule Creation Up to 5 Rules
Proactive Response Enablement
Project Closure & CSM Transition
And 10 Hours of Taegis Enablement Hours to use across the following activities:
Data Collector Deployment Assistance
Data Source & Cloud Integration Support
Taegis Agent Deployment Support
New Data Source Data Validation
Auto Investigation Creation
iSensor Configurations

Service Methodology🔗

The sections below contain details about the Service and how it will be delivered.

Service Initiation🔗

Secureworks will schedule a preparatory meeting (up to 30 minutes in length) with Customer to plan for and discuss delivery of the service.

Discovery Session🔗

The Discovery session is a consultant-led workshop that aims to uncover key areas of Customer environment to aid deployment, integration, and consumption of Secureworks® Taegis™ XDR. The session is structured to understand and validate further detail on the following areas:

  • Technical Infrastructure
  • Data Center Locations
  • Server & Endpoint Technologies
  • Cloud Utilization, (SaaS, PaaS & IaaS)
  • Security Controls & Technologies
  • User Distribution
  • Security Operations
  • The current security monitoring state
  • Current Security Operations

Once the people, process, and technology has been identified, the following can be identified:

  • Assets & services that are in scope for XDR integration including:
  • Required integration methods for the supported data sources
  • Recommended prioritization for asset onboarding into XDR
  • Recommended XDR Data Collector numbers and deployment locations
  • Integration options for non-supported data sources
  • The target security monitoring state

Completion Criteria: This activity is complete when the Discovery workshop has been delivered. Recording of the session is optional and shall be subject to Secureworks Privacy Policy. If required by Customer, Secureworks can provide a copy of the recording together with copies of training materials, if any, via an agreed electronic transfer method.

XDR Administrator Training Session🔗

Listed below are the planned topics for training platform administrators:

  • Overview of XDR and its architecture
  • How to use the Chat function to communicate with Secureworks experts
  • XDR Dashboards
  • User management and Tenant Settings
  • Deploying a data collector and verifying health
  • Configuring data Integrations and verifying health
  • Deploying and managing Taegis Endpoint Agents
  • XDR APIs
  • Custom Parser Overview
  • Automations & Proactive Response Overview
  • Auditing & Version Control
  • Quick Search Function

Completion Criteria: This activity is complete when the Administrator Training session has been delivered. Recording of the session is optional and shall be subject to Secureworks Privacy Policy. If required by Customer, Secureworks can provide a copy of the recording together with copies of training materials, if any, via an agreed electronic transfer method.

XDR Analyst Training Session🔗

Listed below are the planned topics for training Customer's security analysts:

  • Overview of XDR and its architecture
  • Operating model explanation for XDR Alerting
  • Custom Rule Creation
  • Suppressing Alerts in XDR
  • Searching and reporting in XDR
  • MITRE ATT&CK Framework Overview and XDR applicability
  • Working with investigations in XDR
  • XDR Detectors
  • Security Posture Dashboard Overview
  • Report Creation
  • XDR Automations and Proactive Response
  • Using Automations and Proactive Response

Completion Criteria: This activity is complete when the Analyst Training session has been delivered. Recording of the training session is optional and shall be subject to Secureworks Privacy Policy. If required by Customer, Secureworks can provide a copy of the recording together with copies of training materials, if any, via an agreed electronic transfer method.

XDR Custom Rule Creation🔗

The Rule Creation service provides Customer with expert creation of rules used in XDR that are specific to Customer's organization's objectives and goals. Secureworks security experts will collaborate with Customer to understand Customer's requirements and make recommendations, using best practices to define, create, and validate detection or suppression rules.

Secureworks will also evaluate and determine the best course of action using XDR automations and reporting capabilities to accomplish Customer's objectives in an efficient and effective manner that enables Customer's security team to focus on the most critical threats in Customer's IT environment.

Detection rules are for detecting non-standard requirements in Customer's specific environment. These rules are created for events (what Customer wants to detect) through use of the Advanced Search feature that enables searching, detecting, notifying, and reporting your business-related interests, gathered from data collected in XDR.

Alert suppression rules are created to suppress unwanted alerts within XDR (alerts that are referred to as false positives or "noise"). Alert suppression rules are created through use of criteria and regular expressions (RegEx).

Completion Criteria: This activity is complete when the agreed number of custom rules (up to a maximum of 5) have been created and demonstrated and enabled in the Customer tenant.

XDR Standard Playbook Deployment🔗

XDR has an ever-growing library of automations designed to provide efficiencies for Security Operations in areas such as proactive response and alert & investigation handling.

A Secureworks Consultant will work with you to create and enable playbooks from the list of currently offered XDR automations and provide the following:

  • Best practice connection creation, including authentication and authorization support

  • Playbook creation focusing on field completion, required trigger options, and actions

  • Activation and demonstration of playbook instances in your XDR tenant

Completion Criteria: This activity is complete when the agreed number of standard XDR playbooks (Up to a maximum of 3) have been created and demonstrated in the Customer XDR tenant.

Proactive Response Enablement🔗

Proactive Response Actions enable Secureworks® Taegis™ MDR analysts to act on Customer's behalf on assets without first notifying Customer and waiting for a response, which could otherwise delay critical actions taking place in a timely manner.

In this activity, a Secureworks Consultant will explain more about Proactive Response, its benefits to the business and guide Customer in how to configure and enable response actions aligned to Customer's available options.

XDR Enablement Assistance Activities🔗

Onboarding Assistance🔗

XDR Deployment and Integration Assistance is designed to allow for Secureworks Consultants to provide best practice guidance and advise on the distribution, configuration of:

  • Cloud and on-premises data collectors for supported environments
  • XDR supported data source integrations
  • Taegis Endpoint Agents or Red Cloak Endpoint Agents
  • New data source data validation

Each session will allow customers to achieve the integration of XDR supported on-premises, cloud, and EDR data sources and ensure that these new integrations are correctly configured, and parsing received data as expected.

To ensure greatest return from these sessions, it is highly recommended to have appropriate change controls and personnel in place, so they can be centered on the integration of the target data sources.

Taegis NDR Configuration Assistance🔗

Secureworks NDR customers can control their configuration settings via XDR. A Secureworks Consultant can provide guidance on setting up Customer's Taegis NDR IPS technology.

Automatic Investigation Creation🔗

The Taegis platform can automatically create Investigations from alerts that are most important to the business. If required, a Secureworks Consultant will assist, create, and deploy the templates and rules required for these investigations when Medium severity or Custom Alerts are detected.

Please note that the number of Automatic Investigations that can be created will be determined through discussion with Customer's Consultant based on the amount of remaining Enablement hours.

Completion Criteria: The activities described within the Taegis Enablement Assistance Hours section are considered complete when all available enablement assistance hours have been exhausted. Recording of deployment sessions is optional but if required can be provided to you via an agreed electronic transfer method.

Project Closure and Customer Service Manager Transition🔗

Once activities are complete, a Secureworks consultant will host a session via teleconference and provide an overview of the achieved outcomes of the project and any identified recommendations for further tenant enhancement. The meeting will be attended by your Customer Success Manager (CSM) and the end of the session will mark the transition to their care.

Service Units🔗

Service Name Required Service Units
Taegis Enablement: Core 5

Scheduling and Booking Information🔗

To find out more or to book an Enablement project, contact your Account Manager or Customer Success Manager.