Hi larst1
Maybe you need some sort of intermediate system to do some analysis and then forward events to Secureworks. Port mirroring could be a good data source but then you will need something to process the packets. One option is to use a network activity monitoring system like NetFort LANGuardian and then configure it to send the specific events you are interested in via syslog to a system like secureworks. The LANGuardian comes with a built in database with summary information of every flow and for some critical protocols like http, SMB, SQL, critical detail like user names, file names, domains, URIs, transfer sizes, etc.
Hope this helps,
Darragh