Samurai MDR Release Notes
June 17 2024
Samurai MDR Application
Advanced Query
There is now no need save your KQL queries offline!
- You can now save your KQL queries within a personal or shared library across MDR application users within your organization.
- We have created a standard library of useful queries which is populated by our SOC analysts that you can re-use. Expect to see this library updated regularly.
- You can now view the last 50 queries you have run and add them to a library as needed.
In support of this update we have updated the following article with addtional sections to reflect this update:
Security Incident Dashboard
Following the launch of the Situation Room in March, a new dashboard is available that provides useful security incident summary information over the past 12 months. Please review the following article:
To accomodate this update we renamed the existing dashboard to Telemetry Dashboard and updated the following article:
Save Views
You can now save filters you define for Collectors or Integrations using views, this is useful if, for example, you have a large number of integrations and wish to group them to view..
We have updated the following article to reflect this update:
General Improvements / Bug Fixes
- Mitigate excessive Security Incident Report PDF content.
- Align Security Incident Report PDF content - content was not always handled as expected in PDF version.
- Invite user bug fixed - if user was invited and did not complete registration and then invited again, the second registration would fail.
- UTC timezone clarity in all applicable areas.
Supported Integrations
Find links to newly supported telemetry sources and integration guides:
- Squid Proxy
- GestioIP IPAM (Note this integration only provides contextual data for use by the MDR SOC. No data from this integration will be visible in the Samurai MDR application)
April 2024
Samurai MDR Application
Following our announcement on 29 April 2024 we shall launch in application ticketing on May 2nd 2024. This allows you to create tickets and view all historical tickets within the Samurai MDR portal.
The update is intuitive however please review the following articles if needed:
To accomodate this update we have also amended our Dynamic Block List Configuration Guides outlining what information is required should you should raise a request for DBL onboarding
Samurai Documentation
We have launched our new Samurai Documentation Platform, hosted in GitHub Pages this allows us to manage our documentation just as we do with our code development! Expect to see alot more technical content in the coming months!
Supported Integrations
Find a link to the newly supported telemetry source and integration guide:
March 2024
Samurai MDR Application
The Situation Room
Following our announcement on February 16 2024 we have now launched The Situation Room! Through this launch, all Security Incident and associated details are found within the Samurai MDR application. We no longer support Security Incident notifications with PDF reports attached, all notifications now provide a link to the Security Incident within the Samurai MDR application. Security Incidents in PDF format can be downloaded within the associated Situation Room.
Please review the following articles:
Reports
We have updated the Executive Overview Report to align with data shown within the Security Monitoring funnel in relation to Alerts.
You will now find two additional sections within the report:
- Alerts analyzed per vendor (graph)
- Alerts analyzed (table)
Depicted within the additional sections are vendor based alerts but also includes alerts generated by the Samurai platform based on ingested data.
Supported Integrations
We are constantly expanding our list of supported integrations, see links to the newly supported telemetry sources and Integration guides:
- Microsoft Entra ID
- Microsoft Azure Activity Logs
- Microsoft Azure Firewall
- ESET Protect
- Linux Apache HTTP Server Logs
Other new or updated documentation
Microsoft Azure Management Plane
We have deprecated the Microsoft Azure Management Plane configuration guide as we now leverage individual guides listed above and a Cloud Native Collector.
January 2024
Samurai MDR Application
2FA Update
Following our announcement on January 11 2024 we have now deprecated support for SMS-based two factor authentication (2FA) and updated access to the Samurai MDR application through Time-based One-Time Passwords (TOTP) through authenticator apps. Please review the article if you require more information.
We have also updated Getting Started with Samurai Managed Detection & Response (MDR) to reflect this change.
Other new or updated documentation
Incident Response Retainer Service Description
We have made some updates to the Incident Response Retainer Service Description to include Emergency IR capabilities. Additional information can be found on our website Incident Response Services.
Supported Integration Categorization
We have updated Supported Integrations to include detection categories we define to provide clarity and set expectations on threat detection capabilities from each telemetry data source. You can read more on the categorization in Telemetry Data Source Categorization.
Microsoft Windows Defender
We have deprecated the dedicated Microsoft Windows Defender configuration guide as we now leverage the Microsoft Graph (Security).
Integration Actions
We have updated the Integration Actions article to include the Cloud Native Collector.
December 2023
Supported Integrations
See links to the newly supported telemetry sources and Integration guides:
Other new or updated documentation
We have updated the Local Collector Deployment guide to include deployment to an Azure Virtual Machine. View the updated article:
November 2023
Supported Integrations
We are constantly expanding our list of supported integrations, see links to the newly supported telemetry sources and Integration guides:
- Aruba Networks Clearpass
- Claroty xDome
- Trellix Endpoint Security (ENS)
- Microsoft Graph Security API
- Please review the guide for supported Microsoft products/services.
We have renamed FireEye HX to Trellix Endpoint Security (HX) to avoid any confusion.
October 2023
Samurai MDR Application
Reports
Get valuable insights into your MDR service through the reporting feature!
You can now generate reports based on a time period you define which utilizes a standard template. This template has been designed to provide various metrics based on security incidents reported, requests you have submitted and also your data ingested into the Samurai platform. Refer to Samurai MDR Reporting for additional information.
Telemetry Monitoring Notifications
Receive notifications of telemetry data ingestion issues we encounter whilst providing you the MDR service!
Users of your Samurai MDR application can now receive email notifications of telemetry health issues. Refer to Telemetry Monitoring for additional information.
We are improving our notifications functionality in coming releases - for example self service, user profile based selection of notifications…..watch this space!
Integration Descriptions
The integration description field has been extended to a larger multi-line text box of 256 characters and you can now edit the description field as required after an integration is complete.
Cloud Native Collector
We have released a new Collector type - we call it a Cloud Native Collector!
The Cloud Native Collector is effectively a new transport method to ingest telemetry from cloud based storage. It is built to monitor storage accounts and is completely agnostic to the data, it simply picks up any files for ingestion into the Samurai platform.
We currently support Azure Blob storage. Configuration is completed through an Azure Resource Manager (ARM) template in your subscription with a key to register with the Samurai platform.
The Cloud Native Collector will be used to support specific Azure products/services (for example Azure Firewall) and any supported third parties, therefore anticipate associated configuration guides that will utilize the new Collector type (we are currently in the process of writing the guides).
For more information on the Cloud Native Collector refer to Samurai Collectors and Samurai Cloud Native Collector.
Support for Amazon Web Services (AWS) S3 is coming soon.
Release Notes
You’ve already found them if you are reading this article!
We want to ensure you are aware of any new features, bug fixes and enhancements therefore all will be documented here in future. You can easily find the release notes from a link that is now displayed within the Samurai MDR application Main Menu under Documentation.
What’s been fixed/enhanced?
- Case sensitivity when searching for products/vendors when completing an integration.
- Telemetry monitoring indicator in the main menu that displays the number of integrations with potential issues.
Supported Integrations
We are constantly expanding our list of supported integrations, see links to the newly supported telemetry sources and Integration guides:
Other new or updated documentation
We have updated some Microsoft integration guides in support of our preferred method of using Beat agents. See the updated integration guides for more information:
We have updated the Local Collector Deployment guide to include deployment to an Amazon EC2 instance. View the updated article:
Samurai MDR Add-on: Dynamic Block List Support
We have added support for Cisco FirePower.
Please review Dynamic Blocklist and the associated configuration guide.
If you want to onboard your devices then submit a DBL Onboarding request via the Samurai MDR application.