Stream new security events into Secureworks TaegisXDR

TaegisXDR is an advanced security platform that provides organizations with enhanced threat detection and response capabilities.
It leverages machine learning and AI technologies to analyze vast amounts of security data in real-time, enabling quick identification and remediation of potential security threats.

TaegisXDR also offers comprehensive reporting and analytics tools, allowing security teams to gain greater visibility into their organization's security posture and identify areas for improvement.
Teagis XDR logo

TaegisXDR doesn’t support my event source, what can I do?

As the threat landscape continues to evolve, it's essential to have the ability to add new security event streams to TaegisXDR. This is where TriggerMesh comes in.
TriggerMesh has experience working with Secureworks TaegisXDR customers to ingest security events into TaegisXDR from sources that aren’t natively supported by Secureworks.

So how does it work? TriggerMesh can integrate applications and services across environments in real time. It does this by providing components that can ingest events from many sources and deliver them to many targets. In between, it provides a reliable event delivery pipeline that can transform events to fit the data schemas expected by the destination.

TriggerMesh provides a connector that can write events to TaegisXDR using the correct schemas so that automatic threat detection can then take place within TaegisXDR.

On the ingestion side, TriggerMesh can bring security events from the likes of Oracle Cloud, AWS, Google, Azure, and any bespoke systems into TaegisXDR for analysis.
See the full list of connectors, or take a look at this example of how to capture audit logs from Oracle Cloud and route them to a custom destination.
how Taegis works with TriggerMesh

How it works

TriggerMesh has created a connector designed to push security events from any source into TaegisXDR.
Like all TriggerMesh components, it can be easily configured with TriggerMesh’s command-line interface called tmctl.

The example shows the creation of an event flow from a Kafka topic into TaegisXDR. The events pass through a TriggerMesh broker and the Trigger filters for specific events to be sent to Taegis.

Additionally, TriggerMesh provides low-code transformation of the event’s JSON payload to tailor it to match TaegisXDR’s schemas.
tmctl create broker triggermesh
tmctl create source kafka
--name kafkasource
--bootstrapServers \
--topic <topic> \
--groupID <groupID>
tmcli create target taegisxdr
--name taegistarget \
--tenantId <tenantId> \
--sensorId <sensorId> \
--oauth2ClientId <clientId> \
--oauth2ClientSecret <clientSecret>
tmctl create trigger
--eventTypes loginFailedAttempt \
--target taegistarget
All of these components can also be configured declaratively using TriggerMesh’s Kubernetes CRDs.
You can then easily run this integration natively on Kubernetes, on Docker, or on DigitalOcean App Platform.

How can I use TriggerMesh today?

If you’d like to use TriggerMesh’s solution to add new security 
event sources to your TaegisXDR instance, please reach out to the