Skip to content

XDR Health Check🔗

Service Overview🔗

The purpose of the Service is to analyze Customer's setup for several features within a Customer's XDR Tenant and provide Customer with actionable recommendations for improvement. Recommendations will be categorized according to severity based on the impact that the recommendation can make to improve security monitoring and detection within Customer's XDR Tenant.

The scope includes the following:

  • Analysis of XDR utilization across the following features:
    • Integrations
    • Automations
    • Customer created customizations
  • Creation and Delivery of the Health Check Report (also referred to as the Final Report)
  • One (1) three-hour Enhancement Session to allow for agreed-upon improvements to be made to Customer's XDR Tenant based on the documented recommendations.

Service Methodology🔗

Service Initiation🔗

Secureworks will schedule a preparatory meeting with Customer to plan for and discuss topics such as Customer's challenges, understand Customer's current XDR environment, and agree upon scheduling the delivery of the Service.

The Service consists of a Preparatory Meeting, Health Check Report (also referred to as the Final Report), Final Report Delivery Session, and an Enhancement Session, as described in detail below.

Health Check Report Creation🔗

The Taegis Health Check provides a complete tenant overview but chiefly focuses on three key areas of operation:

  • Data Ingestion
  • Automations
  • Customizations

Data Ingestion🔗

XDR searching and alerting capabilities are dependent on data ingested from Customer assets and cloud services. This data needs to be normalized and parsed in-line with Secureworks detailed requirements to ensure correct schema alignment. In this module, Secureworks analyzes the integration and asset data coming into XDR and provides feedback when sub-optimal data ingestion practices are observed, ensuring Customer can be confident that event data is maximizing XDR detection possibilities.

Automations🔗

Through customer engagements, Secureworks knows many Security Operations Centers are resource constrained. To reduce the potential impacts of this challenge, process automation and proactive responses are a core feature of XDR.

In this section of the Health Check, Secureworks analyzes the current utilization of the playbooks and connectors in the tenant and provides actionable feedback as to where improvements can be made. Secureworks also makes recommendations for additional automations that are beneficial based on Customer's integrated assets, as well as alert trends and investigation handling.

Customizations🔗

Every business has monitoring needs linked to regulatory requirements or internal security use cases. To support these desires, XDR provides multiple opportunities for customization, including:

  • Custom Rules for business defined use cases
  • Custom Parsers to normalize and parse data from currently unsupported data sources
  • Custom Automations providing proactive responses or enrichment and notification of Security Operations Centre (SOC) processes
  • Auto Investigations to promote alerts of interest to SOC personnel
  • Service, platform, and operational reporting

To ensure that Customer is utilizing these important features optimally, Secureworks analyzes and documents utilization of these areas and provides actionable, best practice recommendations for enhancement.

Final Report Delivery Session🔗

Once all modules have been analyzed, Secureworks will create a Final Report and present the findings to Customer for discussion. The Final Report will provide an overview of the perceived tenant health aligned to the three core areas, and the observations and recommendations for each area. All Secureworks recommendations are actionable, meaning that changes can be made within the tenant immediately to improve and enhance a Customer XDR experience.

Enhancement Session🔗

The final element of the Health Check is the Enhancement Session. This three-hour session looks to implement as many of the recommendations made within the report as possible to further enhance the Customer XDR experience. Typical outcomes from these sessions can include:

  • New asset or integration onboarding assistance
  • XDR standard playbook creation
  • XDR custom rule or report creation
  • Ad-hoc training on XDR related topics

Note: The Service only allows for a limited-time session (as described herein) for implementing agreed-upon recommendations; thus, not all tactical recommendations may be implemented during this session. Customer can implement the additional recommendations or purchase additional hours for Secureworks to implement the additional recommendations.

Outcome🔗

  • One (1) XDR Health Check Report
  • One (1) Three (3) hour XDR Enhancement Session to allow for agreed-upon improvements to be made to Customer's XDR Tenant based on the documented recommendations

Service Units🔗

Service Name Required Service Units
XDR Health Check 5

Scheduling and Booking Information🔗

To find out more or to book a Taegis Health Check, contact your Account Manager or Customer Success Manager.