Tags

Box

• Box

CTU countermeasures

• Security Posture Dashboard

Darktrace

• Darktrace

ISE

• Cisco ISE

McAfee

• McAfee ePO

OT

• Claroty Continuous Threat Detection (CTD)
• Dragos Platform

abnormal

• Abnormal Inbound Email Security

access logs

• AWS S3 Server Access Logs

active directory

• Microsoft Entra Activity Reports

advanced search

• Advanced Search Builder
• Advanced Search Query Language
• Common Report Queries
• Configure Custom Reports
• Related Detections and Events Timeline View
• Saved Searches
• Search History
• Sensor Types
• Taegis AI for Search

adversary software coverage

• Adversary Software Coverage
• FAQ: Adversary Software Coverage

akamai

• Akamai App and API Protector
• Akamai Enterprise Application Access (EAA)
• Akamai Guardicore Segmentation

alerts

• CyberChef
• Detection Details
• Detection Group Key
• Detection Severity and Confidence
• Detections
• Entity Details
• Entity v2 Protocol Buffer Reference
• Event Details
• Pivot Search
• Process Event Lineage
• Related Detections and Events Timeline View
• Resolve Detections
• Start and Add to a Case
• Structured Entities
• Threat Score

alienvault

• AlienVault OTX (Legacy)

amazon

• AWS ALB Logs
• AWS CloudTrail
• AWS Data Collector
• AWS Lambda Lifecycle Policy Management
• AWS Lambda Trigger
• AWS Lambda Update
• AWS S3 Event Archiving
• AWS S3 Server Access Logs
• AWS VPC Flow Logs
• AWS WAF Logs
• Amazon CloudWatch Logs
• Amazon GuardDuty
• Find Your AWS Account ID
• Lambda Migration
• Multitenant CloudTrail Permissions
• Remove Cloud Permissions
• Test AWS Lambda Logs
• View AWS Lambda Logs

anomali

• Anomali

api

• Manage API Credentials
• XDR API Reporting

api guides

• Alerts GraphQL API
• Audits GraphQL API
• BYOTI GraphQL API
• Collector GraphQL API
• Connectors GraphQL API
• Datasources GraphQL API
• Endpoint Assets GraphQL API
• Get Started with XDR APIs
• Get Started with the Alerts GraphQL API
• Get Started with the Audits GraphQL API
• Get Started with the Automation GraphQL APIs
• Get Started with the BYOTI API
• Get Started with the Collector GraphQL APIs
• Get Started with the Countermeasures API
• Get Started with the Endpoint Assets GraphQL API
• Get Started with the Identity GraphQL APIs
• Get Started with the Investigations v2 GraphQL API
• Get Started with the Notifications API
• Get Started with the Tenants API
• Get Started with the Threat Intelligence GraphQL API
• Get Started with the Users API
• Identities GraphQL API
• Identity Credential Compromise GraphQL API
• Identity Findings GraphQL API
• Identity Posture GraphQL API
• Investigations GraphQL API
• Investigations v2 GraphQL API
• Playbooks GraphQL API
• Power BI for XDR
• Threat Intelligence GraphQL API
• XDR GraphQL APIs Authentication

api protector

• Akamai App and API Protector

aruba

• Aruba ClearPass

automation

• Automatic Cases
• Automations Overview
• CEL Explorer
• Configured Connections
• Configured Playbooks
• Connector Library
• Connector Versions
• Custom Automation Services
• Customization Services Overview
• On-Premise Automation Connector
• Playbook Executions
• Playbook Schedules
• Playbook Template Versions
• Playbook Templates
• Playbooks Overview
• Supported Connectors
• Supported Playbooks
• Taegis Actions

aws

• AWS ALB Logs
• AWS CloudTrail
• AWS Data Collector
• AWS Lambda Lifecycle Policy Management
• AWS Lambda Trigger
• AWS Lambda Update
• AWS Overview
• AWS S3 Event Archiving
• AWS S3 Server Access Logs
• AWS VPC Flow Logs
• AWS WAF Logs
• Amazon CloudWatch Logs
• Amazon GuardDuty
• Find Your AWS Account ID
• Lambda Migration
• Multitenant CloudTrail Permissions
• Remove Cloud Permissions
• S3 Ingest (Secureworks-Managed)
• Test AWS Lambda Logs
• View AWS Lambda Logs

azure

• Azure Data Collector
• Azure and O365 Overview
• Microsoft Azure Activity Log
• Microsoft Azure Application Gateway
• Microsoft Azure Event Hubs
• Microsoft Azure Firewall
• Microsoft Azure Front Door
• Microsoft Azure Network Watcher Flow Logs
• Microsoft Azure Storage Account
• Microsoft Entra Activity Reports
• Office 365 and Azure Data Availability
• Permissions Used by XDR for Microsoft 365 and Azure Integrations
• Removing Service Principals for Discontinued Integrations
• Transport via Azure Event Hub
• Transport via Azure Storage Account

azure waf

• Microsoft Azure Application Gateway
• Microsoft Azure Front Door

barracuda

• Barracuda NGFW
• Barracuda WAF

blue coat

• Symantec (Blue Coat) ProxySG

builder

• Advanced Search Builder
• Common Report Queries
• Configure Custom Reports
• Saved Searches
• Search History
• Sensor Types

byoti

• AlienVault OTX (Legacy)
• Anomali
• Bring Your Own Threat Intel (BYOTI)
• TAXII 2.1

carbon black

• VMWare Carbon Black
• VMWare Carbon Black Response Cloud
• VMware Carbon Black Cloud Endpoint Standard and Enterprise EDR

cases

• Automatic Cases
• Close a Case
• Detection Triage Dashboard
• Entity Details
• Entity v2 Protocol Buffer Reference
• Explore an Entity Graph
• Start and Add to a Case
• Structured Entities
• Taegis MDR Dashboard
• Work a Case

cato

• Cato Networks

central

• Policies
• Update Caches and Message Relays

check point

• Check Point

cisco

• Cisco ASA
• Cisco Duo
• Cisco IOS and NX-OS
• Cisco ISE
• Cisco Ironport
• Cisco Meraki
• Cisco Secure Firewall Threat Defense
• Cisco Umbrella

citrix

• Citrix ADC

claroty

• Claroty Continuous Threat Detection (CTD)

close codes

• Close a Case

cloud

• AWS ALB Logs
• AWS CloudTrail
• AWS Lambda Lifecycle Policy Management
• AWS Lambda Trigger
• AWS Lambda Update
• AWS Overview
• AWS S3 Event Archiving
• AWS S3 Server Access Logs
• AWS VPC Flow Logs
• AWS WAF Logs
• Abnormal Inbound Email Security
• Akamai App and API Protector
• Akamai Enterprise Application Access (EAA)
• AlienVault OTX (Legacy)
• Amazon CloudWatch Logs
• Amazon GuardDuty
• Anomali
• Azure and O365 Overview
• Box
• Cisco Duo
• Cisco Umbrella
• Find Your AWS Account ID
• GCP Overview
• Google Cloud Platform
• Google Workspace
• HTTP Ingest
• Lambda Migration
• Manage Cloud API Integrations
• Microsoft Azure Activity Log
• Microsoft Azure Application Gateway
• Microsoft Azure Event Hubs
• Microsoft Azure Firewall
• Microsoft Azure Front Door
• Microsoft Azure Network Watcher Flow Logs
• Microsoft Azure Storage Account
• Microsoft Entra Activity Reports
• Microsoft Entra Risk Detection
• Microsoft Graph Security Alerts
• Mimecast
• Multitenant CloudTrail Permissions
• Netskope SSE
• Office 365 Management API
• Office 365 and Azure Data Availability
• Okta
• Oracle Cloud Infrastructure (OCI)
• Palo Alto Prisma Access
• Permissions Used by XDR for Microsoft 365 and Azure Integrations
• Proofpoint Targeted Attack Protection (TAP)
• Remove Cloud Permissions
• Removing Service Principals for Discontinued Integrations
• Salesforce Real-Time Event Monitoring
• Snowflake
• TAXII 2.1
• Test AWS Lambda Logs
• View AWS Lambda Logs

cloud apis

• Cloud API Integration Update Overview
• Manage Cloud API Integrations
• Remove Cloud Permissions
• Update Cloud API Integrations

cloud waf

• Imperva Cloud

cloudflare

• Cloudflare

cloudtrail

• AWS CloudTrail
• Multitenant CloudTrail Permissions

cloudwatch

• Amazon CloudWatch Logs

collaboration

• Box

comments

• Work a Case

connections

• Configured Connections
• Connector Library

connectors

• Automations Overview
• Configured Connections
• Connector Library
• Connector Versions
• Supported Connectors

corelight

• Corelight

countermeasures

• Detector Explorer

crowdstrike

• CrowdStrike

ctu

• Threat Intelligence Explorer

custom

• Overview

custom parsers

• Customization Services Overview
• Overriding and Extending Global Parsers
• Overview
• Overview
• Repeating Fields
• Syntax
• XDR Custom Data Source Integration

cyberark

• CyberArk

dashboards

• Detection Triage Dashboard
• My Dashboards
• Security Posture Dashboard
• Taegis MDR Dashboard

data collectors

• AWS Data Collector
• Admiral Console
• Azure Data Collector
• GCP Data Collector
• Integration Overview
• Manage Data Collectors
• On-Premise Automation Connector
• On-Premises Data Collector
• On-Premises HA Data Collector
• Splunk Heavy Forwarder
• TLS Enabled Syslog
• Transport via Syslog
• eStreamer

data protection

• Snowflake

data security

• Box

data sources

• Capabilities at a Glance
• Integration Overview
• Monitor Data Sources

deep security

• Trend Micro Deep Security

detections

• Custom Detection Rules
• Detection Details
• Detection Enrichment
• Detection Group Key
• Detection Severity and Confidence
• Detection Suppression Rules
• Detection Triage Dashboard
• Detections
• Entity Details
• Entity v2 Protocol Buffer Reference
• Event Details
• Explore an Entity Graph
• Process Event Lineage
• Resolve Detections
• Structured Entities
• Taegis MDR Dashboard
• Threat Score

detectors

• Account Compromise
• Bring Your Own Threat Intel (BYOTI)
• Brute Force
• Business Email Compromise
• Capabilities at a Glance
• Cloud Recon to Change Detector
• Cloud Watchlist
• Detector Explorer
• Detector Test Detections
• Domain Generation Algorithms
• Domain Watchlist
• Email Watchlist
• Endpoint Watchlists
• Hands On Keyboard
• IP Watchlist
• Impossible Travel
• Kerberoasting
• NIDS
• Password Spray
• Penetration Test
• Portscanning and Broadscanning
• Punycode
• Quick Mail Consent (MS O365)
• Rare Program to Rare IP
• SharpHound
• Snapshot Exfiltration
• Stolen User Credentials
• Suspicious DNS Activity
• Tactic Graphs
• Taegis NDR
• Taegis Watchlist

downloads

• Data Exports

dragos

• Dragos Platform

ePO

• McAfee ePO

edr

• Agent Technical Details
• Agent Uninstall
• Application UI
• Beta Release Channel
• Capabilities at a Glance
• Changelog
• Changelog
• CrowdStrike
• Downloads
• Downloads
• EDR OCSF Ingest
• FAQ
• FAQ
• FAQ
• Get Started with XDR Endpoint Agent
• Group Policies
• Groups
• Groups
• Host Isolation Exceptions
• Installation Info and Prerequisites
• Installation Info and Prerequisites
• Introduction
• Introduction
• Isolation Exclusions
• Linux Installation
• Linux Installation
• Linux Troubleshooting
• Live Response
• Manage Endpoint Agents
• Microsoft Defender for Endpoint
• Microsoft Defender for Endpoint Integration Guide
• Policies
• Red Cloak Endpoint Agent
• SentinelOne
• Supported OS and System Recommendations
• Supported OS and System Recommendations
• Supported OS and System Requirements
• Technical Details
• Technical Details
• Troubleshooting
• Troubleshooting
• Uninstall
• Uninstall Sophos Agent
• Update Caches and Message Relays
• User Role Mappings
• VDI or Cloud Instance Deployments
• VMWare Carbon Black
• VMWare Carbon Black Response Cloud
• VMware Carbon Black Cloud Endpoint Standard and Enterprise EDR
• Windows Installation
• Windows Installation
• Windows Troubleshooting
• macOS Installation
• macOS Installation
• macOS Troubleshooting

elite threat hunting

• Service Description

email

• Abnormal Inbound Email Security
• Mimecast
• Proofpoint Targeted Attack Protection (TAP)

endpoint

• McAfee ePO

endpoint agents

• Integration Overview

endpoints

• Agent Technical Details
• Agent Uninstall
• Application UI
• Beta Release Channel
• Capabilities at a Glance
• Changelog
• Changelog
• CrowdStrike
• Downloads
• Downloads
• EDR OCSF Ingest
• FAQ
• FAQ
• FAQ
• Group Policies
• Groups
• Groups
• Host Isolation Exceptions
• Installation Info and Prerequisites
• Installation Info and Prerequisites
• Introduction
• Introduction
• Isolate a Red Cloak Endpoint Agent
• Isolation Exclusions
• Linux Installation
• Linux Installation
• Linux Servers
• Linux Troubleshooting
• Live Response
• Manage Endpoint Agents
• Microsoft DHCP
• Microsoft DNS
• Microsoft Defender for Endpoint
• Microsoft Defender for Endpoint Integration Guide
• Microsoft IIS
• Microsoft Windows Event Log
• Policies
• Red Cloak Endpoint Agent
• SentinelOne
• Supported OS and System Recommendations
• Supported OS and System Recommendations
• Supported OS and System Requirements
• Symantec Endpoint Protection
• Technical Details
• Technical Details
• Troubleshooting
• Troubleshooting
• Uninstall
• Uninstall Sophos Agent
• Update Caches and Message Relays
• User Role Mappings
• VDI or Cloud Instance Deployments
• VMWare Carbon Black
• VMWare Carbon Black Response Cloud
• VMware Carbon Black Cloud Endpoint Standard and Enterprise EDR
• What Does Secureworks Consider an Endpoint?
• Windows Installation
• Windows Installation
• Windows Troubleshooting
• macOS Installation
• macOS Installation
• macOS Troubleshooting

entities

• Entity Details
• Entity v2 Protocol Buffer Reference
• Structured Entities

entity graph

• Explore an Entity Graph

entra

• Microsoft Entra Activity Reports
• Microsoft Entra Risk Detection

estreamer

• eStreamer

event hubs

• Microsoft Azure Activity Log
• Microsoft Azure Application Gateway
• Microsoft Azure Event Hubs
• Microsoft Azure Firewall
• Microsoft Azure Front Door
• Microsoft Entra Activity Reports
• Microsoft Entra Risk Detection
• Transport via Azure Event Hub

events

• CyberChef
• Event Details
• Pivot Search
• Process Event Lineage
• Rate Limits on Event Search
• Related Detections and Events Timeline View
• Start and Add to a Case

export

• Data Exports

f5

• F5 ASM WAF
• F5 BIG-IP Local Traffic Manager

file upload

• Get Started with the File Upload API
• Transport via File Upload API

files

• File Details

filterlog

• OPNsense
• pfSense

firewall

• Cisco ASA
• Cisco Secure Firewall Threat Defense
• Forcepoint Firewall
• Palo Alto Firewall
• SonicWall Firewall
• Sophos XGS Firewall
• WatchGuard Firewall

forcepoint

• Forcepoint Firewall
• Forcepoint Web Security

fortinet

• Fortinet FortiWeb
• Fortinet Fortigate

gcc

• Office 365 Management API

gcc high

• Office 365 Management API

gcp

• GCP Data Collector
• GCP Overview
• Google Cloud Platform

get started

• Log In to XDR
• Log In to XDR (Legacy)
• Mobile App

google

• GCP Data Collector
• Google Cloud Platform
• Google Workspace

government

• Office 365 Management API

guardduty

• Amazon GuardDuty

host isolation

• Isolate a Red Cloak Endpoint Agent

http

• HTTP Ingest
• Transport via HTTP Ingest

http collector

• HTTP Ingest

hunting

• Hunting with Jupyter Notebooks

identity

• Credential Compromise
• IDR Integration Guide
• IDR Overview
• Identity Details
• Identity Findings
• Identity Risk Posture
• Identity Settings
• My Environment

imperva

• Imperva Cloud
• Imperva WAF

infoblox

• Infoblox

integrations

• AWS ALB Logs
• AWS CloudTrail
• AWS Data Collector
• AWS Lambda Lifecycle Policy Management
• AWS Lambda Update
• AWS Overview
• AWS S3 Event Archiving
• AWS S3 Server Access Logs
• AWS VPC Flow Logs
• AWS WAF Logs
• Abnormal Inbound Email Security
• Admiral Console
• Agent Technical Details
• Agent Uninstall
• Akamai App and API Protector
• Akamai Enterprise Application Access (EAA)
• Akamai Guardicore Segmentation
• AlienVault OTX (Legacy)
• Amazon CloudWatch Logs
• Amazon GuardDuty
• Anomali
• Application UI
• Aruba ClearPass
• Azure Data Collector
• Azure and O365 Overview
• Barracuda NGFW
• Barracuda WAF
• Beta Release Channel
• Box
• Capabilities at a Glance
• Cato Networks
• Changelog
• Changelog
• Check Point
• Cisco ASA
• Cisco Duo
• Cisco IOS and NX-OS
• Cisco ISE
• Cisco Ironport
• Cisco Meraki
• Cisco Secure Firewall Threat Defense
• Cisco Umbrella
• Citrix ADC
• Claroty Continuous Threat Detection (CTD)
• Cloudflare
• Corelight
• CrowdStrike
• Custom Transport Methods
• CyberArk
• Darktrace
• Downloads
• Downloads
• Dragos Platform
• EDR OCSF Ingest
• F5 ASM WAF
• F5 BIG-IP Local Traffic Manager
• FAQ
• FAQ
• FAQ
• Find Your AWS Account ID
• Forcepoint Firewall
• Forcepoint Web Security
• Fortinet FortiWeb
• Fortinet Fortigate
• GCP Data Collector
• GCP Overview
• Google Cloud Platform
• Google Workspace
• Group Policies
• Groups
• Groups
• HTTP Ingest
• Host Isolation Exceptions
• Imperva Cloud
• Imperva WAF
• Infoblox
• Installation Info and Prerequisites
• Installation Info and Prerequisites
• Integration Overview
• Introduction
• Introduction
• Isolation Exclusions
• Juniper Pulse Secure
• Juniper SRX Firewall
• Lambda Migration
• Lastline
• Linux Installation
• Linux Installation
• Linux Servers
• Linux Troubleshooting
• Live Response
• Manage Cloud API Integrations
• Manage Data Collectors
• Manage Endpoint Agents
• Manage NDR Devices
• McAfee ePO
• Microsoft Azure Activity Log
• Microsoft Azure Application Gateway
• Microsoft Azure Event Hubs
• Microsoft Azure Firewall
• Microsoft Azure Front Door
• Microsoft Azure Network Watcher Flow Logs
• Microsoft Azure Storage Account
• Microsoft DHCP
• Microsoft DNS
• Microsoft Defender for Endpoint
• Microsoft Defender for Endpoint Integration Guide
• Microsoft Entra Activity Reports
• Microsoft Entra Risk Detection
• Microsoft Graph Security Alerts
• Microsoft IIS
• Microsoft Windows Event Log
• Mimecast
• Monitor Data Sources
• Multitenant CloudTrail Permissions
• Netskope SSE
• Nozomi Guardian
• OPNsense
• Office 365 Management API
• Office 365 and Azure Data Availability
• Okta
• On-Premise Automation Connector
• On-Premises Data Collector
• On-Premises HA Data Collector
• Oracle Cloud Infrastructure (OCI)
• Overriding and Extending Global Parsers
• Overview
• Palo Alto Firewall
• Palo Alto Prisma Access
• Permissions Used by XDR for Microsoft 365 and Azure Integrations
• Policies
• Proofpoint Targeted Attack Protection (TAP)
• Red Cloak Endpoint Agent
• Remove Cloud Permissions
• Removing Service Principals for Discontinued Integrations
• Repeating Fields
• SCADAfence
• Sensor Types
• SentinelOne
• Skyhigh (McAfee/Trellix) Secure Web Gateway
• Snowflake
• SonicWall Firewall
• Sophos XGS Firewall
• Splunk Heavy Forwarder
• Supported OS and System Recommendations
• Supported OS and System Recommendations
• Supported OS and System Requirements
• Suricata
• Symantec (Blue Coat) ProxySG
• Symantec Endpoint Protection
• Syntax
• TAXII 2.1
• TLS Enabled Syslog
• Taegis NDR (Physical)
• Taegis NDR (Virtual)
• Technical Details
• Technical Details
• Test AWS Lambda Logs
• Transport via Azure Event Hub
• Transport via Azure Storage Account
• Transport via File Upload API
• Transport via HTTP Ingest
• Transport via Secureworks-Managed S3
• Transport via Syslog
• Trend Micro Deep Security
• Troubleshooting
• Troubleshooting
• Uninstall
• Uninstall Sophos Agent
• Update Caches and Message Relays
• User Role Mappings
• VDI or Cloud Instance Deployments
• VMWare Carbon Black
• VMWare Carbon Black Response Cloud
• VMware Carbon Black Cloud Endpoint Standard and Enterprise EDR
• VMware vCenter
• View AWS Lambda Logs
• WatchGuard Firewall
• Windows Installation
• Windows Installation
• Windows Troubleshooting
• XDR Custom Data Source Integration
• Zscaler
• eStreamer
• macOS Installation
• macOS Installation
• macOS Troubleshooting
• pfSense

investigations

• Close a Case
• CyberChef
• Entity Details
• Entity v2 Protocol Buffer Reference
• Explore an Entity Graph
• Start and Add to a Case
• Structured Entities
• Work a Case

juniper

• Juniper Pulse Secure
• Juniper SRX Firewall

jupyter

• Hunting with Jupyter Notebooks

jupyter notebooks

• Taegis Magic Jupyter Integration

lambda

• AWS Lambda Lifecycle Policy Management
• AWS Lambda Trigger
• AWS Lambda Update
• Lambda Migration
• Test AWS Lambda Logs
• View AWS Lambda Logs

lastline

• Lastline

lifecycle

• AWS Lambda Lifecycle Policy Management

linux

• Linux Servers

log in

• Log In to XDR
• Log In to XDR (Legacy)
• Mobile App

magic

• Taegis Magic Jupyter Integration

malware

• Threat Intelligence Explorer

mcafee

• Skyhigh (McAfee/Trellix) Secure Web Gateway

mcafee web gateway

• Skyhigh (McAfee/Trellix) Secure Web Gateway

mdr

• Configuring Proactive Response Actions Using Tags
• FAQ
• Onboarding Guide
• Overview
• Proactive Response Naming Convention
• Service Description
• Taegis MDR Dashboard
• Taegis NDR (Physical)
• Taegis NDR (Virtual)

mdr elite

• Onboarding Guide
• Taegis NDR (Physical)
• Taegis NDR (Virtual)

mdr plus

• Taegis MDR Plus

mfa

• Log In to XDR
• Log In to XDR (Legacy)

microsegmentation

• Akamai Guardicore Segmentation

microsoft

• Azure Data Collector
• Microsoft Azure Activity Log
• Microsoft Azure Application Gateway
• Microsoft Azure Event Hubs
• Microsoft Azure Firewall
• Microsoft Azure Front Door
• Microsoft Azure Network Watcher Flow Logs
• Microsoft Azure Storage Account
• Microsoft DHCP
• Microsoft DNS
• Microsoft Defender for Endpoint
• Microsoft Defender for Endpoint Integration Guide
• Microsoft Entra Activity Reports
• Microsoft Entra Risk Detection
• Microsoft Graph Security Alerts
• Microsoft IIS
• Microsoft Windows Event Log
• Office 365 Management API
• Office 365 and Azure Data Availability
• Permissions Used by XDR for Microsoft 365 and Azure Integrations
• Removing Service Principals for Discontinued Integrations

mimecast

• Mimecast

mitre att&ck

• Adversary Software Coverage
• FAQ: Adversary Software Coverage

ndr

• Manage NDR Devices
• Taegis NDR
• Taegis NDR (Physical)
• Taegis NDR (Virtual)
• Taegis NDR Overview
• Taegis NDR Service Description
• Transitioning from CTP to Taegis XDR

netskope

• Netskope SSE

network

• Aruba ClearPass
• Barracuda NGFW
• Barracuda WAF
• Check Point
• Cisco ASA
• Cisco IOS and NX-OS
• Cisco Ironport
• Cisco Meraki
• Cisco Secure Firewall Threat Defense
• Citrix ADC
• Corelight
• CyberArk
• Darktrace
• F5 ASM WAF
• F5 BIG-IP Local Traffic Manager
• Fortinet FortiWeb
• Fortinet Fortigate
• Imperva WAF
• Infoblox
• Juniper Pulse Secure
• Juniper SRX Firewall
• Lastline
• OPNsense
• Palo Alto Firewall
• Skyhigh (McAfee/Trellix) Secure Web Gateway
• SonicWall Firewall
• Sophos XGS Firewall
• Suricata
• Symantec (Blue Coat) ProxySG
• Taegis NDR (Physical)
• Taegis NDR (Virtual)
• Trend Micro Deep Security
• VMware vCenter
• WatchGuard Firewall
• Zscaler
• pfSense

network flow logs

• Microsoft Azure Network Watcher Flow Logs

network watcher

• Microsoft Azure Network Watcher Flow Logs

notifications

• Notifications
• User Profile & Settings

nozomi

• Nozomi Guardian

nsg flow logs

• Microsoft Azure Network Watcher Flow Logs

ocsf

• EDR OCSF Ingest

office 365

• Office 365 Management API
• Office 365 and Azure Data Availability
• Permissions Used by XDR for Microsoft 365 and Azure Integrations
• Removing Service Principals for Discontinued Integrations

okta

• Okta

on-premises

• Admiral Console
• On-Premise Automation Connector
• On-Premises Data Collector
• On-Premises HA Data Collector

onboarding

• Onboarding Guide
• Onboarding Guide
• Overview
• XDR Onboarding & Enablement Services

opnsense

• OPNsense

oracle

• Oracle Cloud Infrastructure (OCI)

ot

• Nozomi Guardian
• SCADAfence

palo alto

• Palo Alto Firewall
• Palo Alto Prisma Access

pandas dataframe

• Hunting with Jupyter Notebooks
• Taegis Magic Jupyter Integration

password

• Log In to XDR
• Log In to XDR (Legacy)

pfsense

• pfSense

platform-status

• VDR Status

playbooks

• Automations Overview
• Configured Playbooks
• Playbook Executions
• Playbook Schedules
• Playbook Template Versions
• Playbook Templates
• Playbooks Overview
• Supported Playbooks

policies

• Copyright
• Log Retention
• Privacy Policy
• Subprocessors for XDR, MDR, IDR, VDR, and Advisory Services
• Taegis AI Usage Information
• Taegis Security Posture
• XDR Ask an Expert Support
• XDR Basic Application Support
• XDR Data Retention Policy
• XDR EULA
• XDR Service Level Agreement

post

• Transport via HTTP Ingest

prisma access

• Palo Alto Prisma Access

process events

• File Details
• Process Event Lineage

professional services

• Custom Automation Services
• Customization Services Overview
• Overview
• Taegis Health Check
• XDR API Reporting
• XDR Custom Data Source Integration
• XDR Onboarding & Enablement Services
• XDR Remote Training

profile settings

• Access Support PIN
• Notifications
• Preview Modes
• User Profile & Settings

proofpoint

• Proofpoint Targeted Attack Protection (TAP)

python

• Hunting with Jupyter Notebooks
• Taegis Magic Jupyter Integration

queries

• Advanced Search Builder
• Advanced Search Query Language
• Common Report Queries
• Configure Custom Reports
• Pivot Search
• Quick Search
• Rate Limits on Event Search
• Saved Searches
• Search History
• Sensor Types
• Taegis AI for Search

query language

• Advanced Search Query Language
• Common Report Queries
• Configure Custom Reports
• Saved Searches
• Search History
• Sensor Types

red cloak

• Changelog
• FAQ
• Manage Endpoint Agents
• Red Cloak End of Support
• Red Cloak Endpoint Agent
• Supported OS and System Requirements
• Technical Details
• Troubleshooting
• Uninstall
• VDI or Cloud Instance Deployments

reporting

• XDR API Reporting

reports

• Archived Reports
• Common Report Queries
• Completed Reports
• Configure Custom Reports
• Create Reports from a Template
• Scheduled Reports

rules

• Custom Detection Rules
• Customization Services Overview
• Detection Suppression Rules
• Overview

s3

• AWS S3 Event Archiving
• AWS S3 Server Access Logs
• S3 Ingest (Secureworks-Managed)
• Transport via Secureworks-Managed S3

salesforce

• Salesforce Real-Time Event Monitoring

sase

• Cato Networks

scadafence

• SCADAfence

sd-wan

• Cato Networks

search

• Advanced Search Builder
• Advanced Search Query Language
• File Details
• Pivot Search
• Quick Search
• Rate Limits on Event Search
• Saved Searches
• Search History
• Sensor Types
• Taegis AI for Search

secureworks

• Admiral Console
• Agent Technical Details
• Agent Uninstall
• Application UI
• Beta Release Channel
• Changelog
• Changelog
• Downloads
• Downloads
• FAQ
• FAQ
• FAQ
• Group Policies
• Groups
• Groups
• Host Isolation Exceptions
• Installation Info and Prerequisites
• Installation Info and Prerequisites
• Introduction
• Introduction
• Isolation Exclusions
• Linux Installation
• Linux Installation
• Linux Troubleshooting
• Live Response
• Manage Endpoint Agents
• On-Premises Data Collector
• On-Premises HA Data Collector
• Policies
• Red Cloak Endpoint Agent
• Supported OS and System Recommendations
• Supported OS and System Recommendations
• Supported OS and System Requirements
• Taegis NDR
• Taegis NDR (Physical)
• Taegis NDR (Virtual)
• Technical Details
• Technical Details
• Troubleshooting
• Troubleshooting
• Uninstall
• Uninstall Sophos Agent
• Update Caches and Message Relays
• User Role Mappings
• VDI or Cloud Instance Deployments
• Windows Installation
• Windows Installation
• Windows Troubleshooting
• macOS Installation
• macOS Installation
• macOS Troubleshooting

sentinelone

• SentinelOne

service descriptions

• Service Description
• Service Description
• Taegis MDR Plus
• Taegis NDR Service Description

shield

• Salesforce Real-Time Event Monitoring

skyhigh

• Skyhigh (McAfee/Trellix) Secure Web Gateway

snowflake

• Snowflake

sonicwall

• SonicWall Firewall

sophos

• Sophos XGS Firewall

sophos endpoint

• Application UI
• Downloads
• FAQ
• Groups
• Installation Info and Prerequisites
• Introduction
• Isolation Exclusions
• Linux Installation
• Live Response
• Policies
• Supported OS and System Recommendations
• Technical Details
• Troubleshooting
• Uninstall Sophos Agent
• Update Caches and Message Relays
• User Role Mappings
• Windows Installation
• macOS Installation

splunk

• Splunk Heavy Forwarder

sse

• Cato Networks
• Cloudflare

storage

• Microsoft Azure Storage Account

storage account

• Transport via Azure Storage Account

support

• Access Support PIN
• Browser Requirements
• Help Resources
• Subscriptions
• Taegis AI Usage Information
• XDR Ask an Expert Support
• XDR Basic Application Support

suricata

• Suricata

symantec

• Symantec (Blue Coat) ProxySG
• Symantec Endpoint Protection

syslog

• Transport via Syslog

taegis agent

• Agent Technical Details
• Agent Uninstall
• Beta Release Channel
• Changelog
• Downloads
• FAQ
• Get Started with XDR Endpoint Agent
• Group Policies
• Groups
• Host Isolation Exceptions
• Installation Info and Prerequisites
• Introduction
• Linux Installation
• Linux Troubleshooting
• Manage Endpoint Agents
• Supported OS and System Recommendations
• Taegis Agent End of Support
• Windows Installation
• Windows Troubleshooting
• macOS Installation
• macOS Troubleshooting

taegis magic

• Hunting with Jupyter Notebooks
• Taegis Magic Jupyter Integration

taxii

• TAXII 2.1

telemetry

• Integration Overview

tenant settings

• Audit Logs
• Automatic Cases
• Data Usage
• Subscriptions

threat groups

• Threat Intelligence Explorer

threat intelligence

• AlienVault OTX (Legacy)
• Anomali
• Bring Your Own Threat Intel (BYOTI)
• CTU Countermeasures
• Detection Enrichment
• Security Posture Dashboard
• TAXII 2.1
• Threat Groups
• Threat Intelligence Explorer
• Threat Intelligence Overview
• Threat Intelligence Reports

threat reports

• Threat Intelligence Explorer

threat score

• Threat Score

tls syslog

• TLS Enabled Syslog

tools

• CEL Explorer
• CyberChef

training

• Overview
• XDR Remote Training

transport

• AWS Overview
• Azure and O365 Overview
• Custom Transport Methods
• GCP Overview
• S3 Ingest (Secureworks-Managed)
• Transport via Azure Event Hub
• Transport via Azure Storage Account
• Transport via File Upload API
• Transport via HTTP Ingest
• Transport via Secureworks-Managed S3
• Transport via Syslog

trend micro

• Trend Micro Deep Security

troubleshooting

• Troubleshooting

umbrella

• Cisco Umbrella

user management

• Audit Logs
• Custom Roles
• Manage Users
• User Roles

vcenter

• VMware vCenter

vmware

• CrowdStrike
• VMWare Carbon Black
• VMWare Carbon Black Response Cloud
• VMware Carbon Black Cloud Endpoint Standard and Enterprise EDR
• VMware vCenter

vpc

• AWS VPC Flow Logs

vulnerabilities

• Vulnerability Management

waf

• AWS WAF Logs
• F5 ASM WAF
• Imperva Cloud
• Imperva WAF
• Microsoft Azure Application Gateway
• Microsoft Azure Front Door

watchguard

• WatchGuard Firewall

web security

• Forcepoint Web Security

widgets

• Detection Triage Dashboard
• My Dashboards
• Security Posture Dashboard
• Taegis MDR Dashboard
• Threat Intelligence Reports

zscaler

• Zscaler