How to Create a Secureworks Taegis XDR Agent Group
Summary: Learn about how to create an agent group in Secureworks Taegis XDR. Agent groups are used to associate endpoints to specific groups and assigned policies.
Instructions
An administrator may create a Secureworks Taegis XDR agent group. This is used during installations to associate endpoints to specific group and assigned policy.
Affected Products:
- Secureworks Taegis XDR
- Secureworks Taegis ManagedXDR
Secureworks Taegis XDR agent groups are used to assign an endpoint to a policy during installation of the agent. Each group that is created is assigned a telemetry policy tier and registration key.
There are two tiers available. The two tiers impact the behavior, the amount of telemetry collected, and the level of performance impacted on the endpoint.
- Low - A lower fidelity telemetry setting for resource-constrained devices or environments.
- Standard - The recommended default policy setting.
Overview of telemetry gathered by policy tier:
| Secureworks Taegis XDR Agent Telemetry Data | Low | Standard |
|---|---|---|
| Process | Create Only | Create, Terminate |
| Thread Injection | Enabled | Enabled |
| ETW (Auth, Scriptblock, DNS) | Enabled | Enabled |
| Netflow | Connect1 | Connect, Disconnect |
| Registry | Disabled | Modifications |
| File | Open for mod, del, ren1 | Open for mod, del, ren |
1Netflow and File modification are disabled for Windows agents with a Low policy tier.
- Only Process, Netflow, Auth, and FileMod are available for macOS and Linux.
- For more information, reference the Telemetry Overview from Taegis Agent Technical Details
.
An administrator may Create, Update, or Delete a Taegis agent group. Click the appropriate process for more information.
- In a web browser, go to https://ctpx.secureworks.com/login
- Log in to the Secureworks Taegis XDR web console.
- From the left pane, select Endpoints and then click Taegis.
- Select the Group Configuration tab.
- Select the New Group button on the upper right.
- From the New Group menu:
- Populate the Name of Group.
- Populate the Description.
- Select a policy tier of Low or Standard.
- Click Create.
Updating the Taegis agent group allows you to rename the group and change the policy tier.
- In a web browser, go to https://ctpx.secureworks.com/login
- Log in to the Secureworks Taegis XDR web console.
- From the left pane, select Endpoints and then click Taegis.
- Select the Group Configuration tab.
- Click an existing Group Name.
- From the Group Details menu, make any appropriate changes and then click Update.
- Verify that changes have been made.
- In a web browser, go to https://ctpx.secureworks.com/login
- Log in to the Secureworks Taegis XDR web console.
- From the left pane, select Endpoints and then click Taegis.
- Select the Group Configuration tab.
- Click an existing Group Name.
- Select Delete Group in the lower right corner.
To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.