BeyondTrust Endpoint Privilege Management (EPM)

Samurai [Local] Collector	Samurai [Cloud] Collector

This guide describes the steps required to configure BeyondTrust EPM Cloud to send events to a Samurai Cloud Collector.

Prerequisites

Ensure that a Samurai Cloud Collector of type Splunk HTTP Event Collector (HEC) has been deployed via the Samurai MDR portal. 

• Guide available here

If you are planning to reuse an already deployed Samurai HEC Cloud Collector you will need (displayed only upon creation):

• API URL
• Token

From the BeyondTrust Privilege Management Console

Follow the BeyondTrust SIEM settings documentation:

• Add Splunk to EPM

When following the vendor documentation, please use the following:

• Enter the details of your Splunk configuration:
  • Hostname: The Samurai Cloud Collector API URL
  • Index: (This is ignored by Samurai so enter a dummy value)
  • Token: The Samurai Cloud Collector token
• Data format:
  • CIM - Common Information Model

Our Integration guide was accurate at the time of writing but vendors change things frequently! If you find errors or anything is outdated, let us know by raising a request in the Samurai MDR application and we shall get it updated.