Taegis Endpoint Agent Installation Information and Prerequisites🔗
Network Connectivity Requirements🔗
| Source | Destination | Protocol/Port | Reason |
|---|---|---|---|
| Taegis Endpoint Agent | https://reg.<ENV>.taegiscloud.com/ |
TCP/443 | Taegis Endpoint Agent Registration Service |
| Taegis Endpoint Agent | wss://telemetry.<ENV>.taegiscloud.com/ |
TCP/443 | Taegis Endpoint Agent Network Connectivity - Primary * |
| Taegis Endpoint Agent | wss://sink.<ENV>.taegiscloud.com/ |
TCP/8443 | Taegis Endpoint Agent Network Connectivity - Standby |
| Taegis Endpoint Agent | https://taegis-agent-prod-builds.s3.us-east-2.amazonaws.com/ | TCP/443 | Taegis Endpoint Agent Auto Updates |
| Taegis Endpoint Agent | https://file-receiver.<ENV>.taegiscloud.com/ |
TCP/9443 | Taegis Endpoint Agent File Receiver |
| Taegis Endpoint Agent | https://file-receiver-<ENV>.s3.us-east-2.amazonaws.com/ |
TCP/443 | Taegis Endpoint Agent File Receiver |
| Taegis Endpoint Agent for Linux | https://drivers.taegiscloud.com/* | TCP/443 | Required for Linux Agent to pull down correct drivers for kernel your system is running |
| Taegis Endpoint Agent for Windows | http://www.microsoft.com/pkiops/crl/ http://www.microsoft.com/pkiops/certs http://crl.microsoft.com/pki/crl/products http://www.microsoft.com/pki/certs http://crl3.digicert.com/ http://crl4.digicert.com/ http://ocsp.digicert.com/ http://crl.rootca1.amazontrust.com/ |
TCP/80 | Required for CRL revocation checks performed by the OS on behalf of Windows Agent and other applications |
Note
On Windows (version 2.0.10 and later) and Linux (version 2.1.4), the Taegis Endpoint Agent uses the following URL as the primary network connectivity destination:
wss://telemetry.<ENV>.taegiscloud.com/
and uses the following URL as a secondary fallback destination:
wss://sink.<ENV>.taegiscloud.com/
On macOS, the agent uses wss://sink.<ENV>.taegiscloud.com/ as its primary network connectivity destination.
<ENV> varies depending on the region your tenant is in:
Cif your tenant is in US1: https://ctpx.secureworks.com/Dif your tenant is in US2: https://delta.taegis.secureworks.com/Eif your tenant is in EU: https://echo.taegis.secureworks.com/Fif your tenant is in US3: https://foxtrot.taegis.secureworks.com/
Note
The Taegis Endpoint Agent for Windows also requires connectivity to Google DNS 8.8.8.8 if you do not provide a DNS override during installation.
Note
Secureworks does not recommend the use of IP addresses or CIDR blocks to perform allow-listing of connections from the Taegis Endpoint Agent to the backend, as the addresses associated with the preceding domains have changed and may continue to change in the future.
System Recommendations🔗
- RAM — 4 GB
- CPU — 2 Cores
Note
These system recommendations are for the majority of installations, but because every endpoint is different and operates under varying conditions, additional resources may be needed.
Data Provided from Integration🔗
| Alerts | Auth | DNS | File Collection | HTTP | NIDS | Netflow | Process | File Modification | API Call | Registry | Scriptblock | Management | Persistence | Thread Injection | Generic | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Taegis Windows Endpoint Agent | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||||
| Taegis macOS Endpoint Agent | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||||||||
| Taegis Linux Endpoint Agent | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
Prerequisites🔗
Prior to installation, navigate to Endpoints Agents from the Taegis Menu and review each of the following sections:
Important
For Windows agents, to ensure uninterrupted connectivity to the Taegis™ XDR Endpoint Agent update service, we recommended you periodically update CA certificates with the latest trusted root certificates.
Configure Group Policies🔗
From Endpoint Agents → Group Policies, create one or more policies to assign to groups. Each policy has a set of configuration settings that are then assigned to one or more groups.
See Agent Group Policies for more information on configuring group policies.
Configure Groups🔗
From Endpoint Agents → Groups, configure one or more groups and assign a policy to each. Each group has a unique registration key that is used during installation to associate endpoints to the group and its policy.
See Agent Groups for more information on configuring groups.
Copy Registration Server & Registration Key🔗
From Endpoint Agents → Groups, copy and document the Registration Server URL above the table and the Registration Key for the group you would like the agents you are installing to be associated to.
Important
You must use the appropriate Registration Key when installing agents to associate them with the correct group and its policy. For more information, see Agent Groups.
Download Package🔗
Download the installation package relevant to your operating system from Endpoint Agents → Downloads.
For more information on downloading agent packages, see Taegis Endpoint Agent Downloads.
Note
All installations begin with the latest Stable version recommended for production environments available from Endpoint Agent Downloads. See Agent Group Policies for more information on configuring an alternative release channel.
Install the Taegis Endpoint Agent🔗
Install the Taegis Endpoint Agent by following the instructions relevant to your operating system: