Skip to content

Taegis Endpoint Agent Introduction๐Ÿ”—

New Users๐Ÿ”—

Deploying EDR Agents on user endpoints and servers in your organization will obtain premium visibility and detection value for you to leverage in Secureworks® Taegis™ XDR. To guide your experience with the Taegis Endpoint Agent, use the following documents and Knowledge Base articles. These are categorized to provide a quick reference to assist with installation, troubleshooting, and use of the Taegis Endpoint Agent:

Taegis Endpoint Agent Benefits๐Ÿ”—

Benefits of the Taegis Endpoint Agent:

  • Natively integrates and optimally operates with XDR to aide in the detection and response of real security threats
  • Is an always-connected agent, providing better visibility into online and agent health status
  • Provides enhanced telemetry collection by XDR with near-real-time alerting
  • Provides native support of Windows, macOS and Linux
  • Has an improved system impact with 50%+ less CPU overhead vs. Red Cloak Endpoint Agent
  • Ensures endpoints are always running the latest agent version through auto updates
  • Provides easy-to-use performance configuration tiers that offer a balance of visibility vs. performance for specific assets

Migrate from Red Cloak Endpoint Agent to Taegis Endpoint Agent๐Ÿ”—

Guidance for migrating from the Red Cloak™ Endpoint Agent to the Taegis Endpoint Agent can be found in the following Knowledge Base article: Red Cloak to Taegis Agent Migration.

Additionally, Secureworks has provided an Agent Migrator PowerShell script intended to support customers with the migration. Customers are encouraged to leverage this script for new Windows deployments. The script is dynamic and can recognize if Red Cloak removal is needed or not. For more information, see Windows Agent Installation.

Agent Deployment๐Ÿ”—

Tip

Prior to deploying Taegis Endpoint Agent in your organization, it is best-practice to test the Agent software on a group of test endpoints.

Agent Setup๐Ÿ”—

When you have access to your XDR tenant, you will be able to start using the Taegis Endpoint Agent. Follow these steps to setup and install the agent:

  1. Review Agent Groups and consider a logical group structure to associate alike types of systems. Or alternatively, register all systems with the single default group, if desired.

  2. Review Group Policies and consider what set of policy configuration settings should apply to each group you create. Or alternatively, configure a single policy for all systems.

  3. Create one or more required group policies and one or more required groups with the desired policy assigned.

  4. Once required groups are configured in your XDR tenant with an assigned policy, review Agent Downloads to download the Taegis Endpoint Agent installation package to your machine.

  5. Before starting the installation process, check the following points:

    • Network controls are configured to support the network requirements for Taegis Endpoint Agents and do NOT inspect the SSL/TLS traffic from endpoint to the destinations listed in the network connectivity requirements.
    • Target machines are installed with a supported OS for the Taegis Endpoint Agent.
    • Target machines meet the recommended system requirements for the Taegis Endpoint Agent.

  6. Once the preceding points are fulfilled, refer to the relevant documentation for your platform for guidance on installing the Taegis Endpoint Agent on your system:

    The Knowledge Base contains several articles supporting Taegis Endpoint Agent deployment and installation via MDM (Mobile Device Management) tools such as SCCM and Workspace ONE. See the following articles if distributing Taegis Endpoint Agent software using MDM tools:

  7. After the installation process, review Manage Endpoint Agents. Use the information to understand how to navigate and manipulate the Endpoint Agents Summary in XDR and validate that deployed and installed agents are reporting into your tenant.

Troubleshoot Installation Issues๐Ÿ”—

If you experience issues during installation, consult the following dedicated troubleshooting documentation and Knowledge Base articles specific to your platform.

Troubleshooting Documentation๐Ÿ”—

Troubleshooting Knowledge Base Articles๐Ÿ”—

If the troubleshooting guidance provided here does not resolve your issue, seek assistance from Product Support via chat or support ticket.

Manage Agents in XDR๐Ÿ”—

Reassign Taegis Endpoint Agent Group๐Ÿ”—

Taegis Endpoint Agents are associated to a group and its policy by a Registration Key in Agent Groups during installation.

Once installed, you can reassign an agent to another group by following Reassign Taegis Agent Group.

Tagging๐Ÿ”—

Tagging agents can provide context to your endpoints in XDR. This information can be used for filtering the view of your endpoints by specific tags, or as criteria for executing an Automations Playbook, for example.

To add or remove a tag individually or in bulk in XDR, see Add and Remove Endpoint Tags.

Update Taegis Endpoint Agents๐Ÿ”—

When there is a new agent release, Production Stable and Preview agents are automatically updated over the course of the staged rollout, which may take up to two weeks. Beta agents do not participate in a staged rollout. Agents update upon a connection to the registration server, which occurs under the following conditions:

  • During initial registration, the agent connects to the registration server, checks if there is a newer version available, and updates if there is.
  • After a force restart of the service.
  • After a reboot of the endpoint.
  • When an endpoint is reassigned to a different group.
  • Upon selecting the Reconnect Agent action; see Endpoint Management Actions for more information.

Create Agent Host Isolation and Restore Playbooks๐Ÿ”—

XDR can isolate and restore hosts installed with Taegis Endpoint Agents, preventing them from communicating within or outside of the network environment. Using the Automations capabilities within XDR, you can quickly react to a situation where endpoints are considered to be compromised.ย ย 

Isolating or restoring hosts running Taegis Endpoint Agents requires the definition of Automations Playbooks. The following article explains the configuration and operation of the Taegis Endpoint Agent isolation and restoreย Playbooks: How To: Configure Host Isolation and Restore Playbook - Taegis Endpoint Agent.

Archive or Unarchive Agents๐Ÿ”—

If you wish to remove agents that appear in the Endpoint Agent Summary table from view, such as agents that have been uninstalled, you can archive them.

See Agent Status Options to understand status labels for Taegis Endpoint Agents in your tenant and how to filter by each status, including archived agents.

Note

Permanently removing agents from XDR is not possible. Archive the agents instead.

Archive and unarchive agents manually in XDR by following Archive and Unarchive Selected Endpoints, or configure Auto Archive in group policies.

Note

Archived agents that continue to send telemetry to XDR are automatically unarchived. When an agent is initially archived, a brief grace period is provided before unarchiving occurs if the agent continues to send telemetry.

Uninstall Agents๐Ÿ”—

To uninstall Taegis Endpoint Agents to remove them from the endpoint or system, see Taegis Endpoint Agent Uninstall.

More Information๐Ÿ”—

Technical Information and Taegis Endpoint Agent Specifications๐Ÿ”—

Release Notes for Taegis Endpoint Agent๐Ÿ”—

Tip

If you would like notifications when there is an update to the Taegis Endpoint Agent, subscribe to theย Changelog RSS Feed. You'll need anย RSS Readerย or anย RSS Extensionย for your browser.

Submit a Feature Request๐Ÿ”—

If there is a feature you would like that is not currently available, such as a Linux OS not yet supported, please review Product Roadmap to submit your idea in Product Board.