This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

BeyondTrust Endpoint Privilege Management (EPM)

    Samurai [Local] CollectorSamurai [Cloud] Collector
    Picture1.svg

    This guide describes the steps required to configure BeyondTrust EPM Cloud to send events to a Samurai Cloud Collector.

    Prerequisites

    Ensure that a Samurai Cloud Collector of type Splunk HTTP Event Collector (HEC) has been deployed via the Samurai MDR portal. 

    If you are planning to reuse an already deployed Samurai HEC Cloud Collector you will need (displayed only upon creation):

    • API URL
    • Token

    From the BeyondTrust Privilege Management Console

    Follow the BeyondTrust SIEM settings documentation:

    When following the vendor documentation, please use the following:

    • Enter the details of your Splunk configuration:
      • Hostname: The Samurai Cloud Collector API URL
      • Index: (This is ignored by Samurai so enter a dummy value)
      • Token: The Samurai Cloud Collector token
    • Data format:
      • CIM - Common Information Model

    Our Integration guide was accurate at the time of writing but vendors change things frequently! If you find errors or anything is outdated, let us know by raising a request in the Samurai MDR application and we shall get it updated.