This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Claroty xDome

    Samurai [Local] CollectorSamurai [Cloud] Collector
    Picture1.svg

    This guide describes the steps required to configure Claroty xDome to send logs to a Samurai Local Collector deployed in your network.

    Connectivity Requirements

    You must ensure the following connectivity requirements are available:

    SourceDestinationPortsDescription
    Claroty xDome Collection ServerSamurai Local CollectorTCP/514 (syslog)For log transmission

    Table 1: Connectivity requirements

    Configure Claroty Syslog

    Follow the steps outlined in About Claroty Syslog (Claroty login is required) using the following parameters:

    Field NameParameter
    Destination IPIP address of your Samurai Local Collector
    Transport ProtocolTCP
    Destination Port514
    Message FormatJSON
    Syslog Protocol StandardRFC 5424
    Installation ServerSelect your xDome collection server
    Export Comm. EventsON. Select All Event Types and All Devices
    Export AlertsON. Select All Alert Types
    Export VulnerabilitiesON. Select All

    Table 2: Claroty Syslog Configuration

    For integrations that utilize a Local Collector where we ingest syslog only, you do not need to follow specific steps in the Samurai MDR portal as we auto detect the vendor and product. The only reason you need to use the Samurai MDR portal is if you need to determine the Local Collector IP address. Of course you will still need to ensure the integration is functioning! See Integrations for more information on checking status.

    Our Integration guide was accurate at the time of writing but vendors change things frequently! If you find errors or anything is outdated, let us know by raising a request in the Samurai MDR application and we shall get it updated.