Actions for Secureworks Taegis XDR #
- Send Data to Secureworks Taegis XDR. Sends a custom set of Lucidum data to Secureworks Taegis XDR.
Use Cases #
Below are the possible use cases for these actions:
-
If you want to run Lucidum “headless”, you can send relevant data to Secureworks Taegis XDR on a regular schedule.
- You can send normalized, enriched Lucidum data to Secureworks Taegis XDR to be indexed, searched, and analyzed.
Prerequisites #
To execute Secureworks Taegis XDR actions, you must:
- Configure a Secureworks Taegis XDR API connection beforehand. The required parameters are described in the instructions for creating a Secureworks Taegis XDR connector in Lucidum https://lucidum.io/docs/secureworks-taegis-xdr/.
NOTE. The specified account should have read and write permissions.
Workflows #
- Creating a new Configuration and a new Action
- Cloning an Existing Action
- Creating a new Action from the Location Results page
- Editing a Configuration
- Editing an Action
- Viewing Information about an Action
Secureworks Taegis XDR Configuration #
To create a configuration for Secureworks Taegis XDR actions:
-
Configuration Name. Identifier for the Configuration. This name will appear in the Lucidum Action Center.
-
URL. The URL of the Secureworks Taegis XDR API. For example, https://api.ctpx.secureworks.com.
-
Client ID. Client ID for an account with read and write access to the Secureworks Taegis XDR APIs. For details, see https://docs.taegis.secureworks.com/apis/api_authenticate/#part-1-create-client-credentials.
-
Client Secret. Client Secret for an account with read and write access to the Secureworks Taegis XDR APIs. For details, see https://docs.taegis.secureworks.com/apis/api_authenticate/#part-1-create-client-credentials.
-
Max # of Records per Payload. The maximum number of records to send to Secureworks Taegis XDR in each action. The default value is “50”.
Create a New Action #
To create an action for Secureworks Taegis XDR, contact Lucidum customer care.
