Nozomi Networks Guardian
| Samurai [Local] Collector | Samurai [Cloud] Collector |
|---|---|
 |
Connectivity Requirements
You must ensure the following connectivity requirements are available:
| Source | Destination | Ports | Description |
|---|---|---|---|
| Guardian | Samurai Local Collector | TCP/514 (Syslog) | For log transmission |
| Samurai Local Collector | Guardian | TCP/443 (Default HTTPS) | Alerts and related evidence |
Configure syslog to the Samurai Local Collector
Ensure that the Syslog Capture Feature is enabled:
Follow the steps outlined within the Nozomi documentation to send logs to your Samurai Local Collector. We reference the CMC documentation:
Use the following parameters when completing the steps:
- Configuration: Syslog Forwarder
- To URI: TCP://LOCALCOLLECTOR:514
Extended Telemetry Collection Prerequisites
Perform the following steps to allow Extended Telemetry Collection.
Configure User Group
Follow the steps outlined within the Nozomi Networks documentation:
Use the following parameters when completing the steps:
- Allowed sections: Enable Queries and Exports
Configure User
Follow the steps outlined within the Nozomi Networks documentation:
Use the following parameters when completing the steps:
- Source: Local
- Group: Select the group created under Configure User Group
- Must update password: Uncheck
Complete the Nozomi Guardian Integration
- Login to the Samurai MDR portal
- Click Telemetry and select Integrations from the main menu
- Click Create
- Find and select Nozomi Guardian
- Select the relevant Local Collector and click Next
- You will be presented with the Local Collector IP Address on the left of the screen
- To configure Extended Telemetry Collection ensure it is enabled via the toggle
- Enter the following information
- Name for the Integration - The name will appear in the Samurai MDR portal for you to easily reference
- Description - Optional but if completed will appear in the Samurai MDR portal for you to easily reference
- Username - Enter the username created in Configure User
- Password - Enter the password created in Configure User
- Hostname / IP - Enter the Hostname or IP address of the Guardian
- Custom port - Optional if you have changed the port for access
- Click on Finish
Our Integration guide was accurate at the time of writing but vendors change things frequently! If you find errors or anything is outdated, let us know by raising a request in the Samurai MDR application and we shall get it updated.