Alerts

What is an alert?

An alert is a security detection made by the Samurai platform or third party vendor where Samurai is ingesting telemetry.

How are alerts triggered?

Alerts are triggered by detection engines based on single or multiple events. The Samurai MDR portal displays alerts categorized according to the underlying detection engine. These categories include:

  • Samurai platform

    • Real-time engine - Proprietary NTT developed detection engine that leverages behaviour modeling, machine learning, and the latest threat research to automatically identify suspected threats during real-time analysis of ingested telemetry into the Samurai platform.
    • Hunting engine - Intelligence-driven detection engine based on the Sigma project but customized by NTT with additional detection capabilities. The Samurai hunting engine performs automated threat hunting to idenfiy and alert on possible adversary activity.
  • Vendor

    • Alerts generated by and collected from third-party vendor technologies which are integrated with the Samurai platform (e.g Endpoint Detection & Response (EDR) and Firewall technologies)

What alerts are displayed within the Samurai MDR portal?

We display the same alerts as our Samurai Security Operation Centre (SOC) analysts view.

Do I need to review and act on alerts?

No. The Samurai SOC analysts triage, investigate and validate alerts as part of your Managed Detection & Response (MDR) service. As alerts are validated by the Samurai SOC analysts and investigated, they may potentially lead to a reported Security Incident and are marked accordingly. Our strategy includes visibility and transparency of the service we provide to you therefore this feature provides you that visibility showcasing the value of the service. Refer to the Alert Dashboard which provides some key alert metrics over a given time period.

Next Steps

To further understand Alerts within the Samurai MDR portal we recommend you review the Alerts View article.