Nozomi Networks Guardian

Samurai [Local] Collector	Samurai [Cloud] Collector

Connectivity Requirements

You must ensure the following connectivity requirements are available:

Source	Destination	Ports	Description
Guardian	Samurai Local Collector	TCP/514 (Syslog)	For log transmission
Samurai Local Collector	Guardian	TCP/443 (Default HTTPS)	Alerts and related evidence

Configure syslog to the Samurai Local Collector

Ensure that the Syslog Capture Feature is enabled:

Enable Syslog Capture Feature

Follow the steps outlined within the Nozomi documentation to send logs to your Samurai Local Collector. We reference the CMC documentation:

Configure data integration

You can read more about Nozomi data integrations at Data Integration Overview

Use the following parameters when completing the steps:

Configuration: Syslog Forwarder
To URI: TCP://LOCALCOLLECTOR:514

Replace LOCALCOLLECTOR with the IP address of your Samurai Local Collector

Extended Telemetry Collection Prerequisites

Perform the following steps to allow Extended Telemetry Collection.

Configure User Group

Follow the steps outlined within the Nozomi Networks documentation:

Add a local group

Use the following parameters when completing the steps:

Allowed sections: Enable Queries and Exports

Configure User

Follow the steps outlined within the Nozomi Networks documentation:

Add a user

Use the following parameters when completing the steps:

Source: Local
Group: Select the group created under Configure User Group
Must update password: Uncheck

You will need the Username and Password that was setup during this step to complete the next section.

Complete the Nozomi Guardian Integration

Login to the Samurai MDR portal
Click Telemetry and select Integrations from the main menu
Click Create
Find and select Nozomi Guardian
Select the relevant Local Collector and click Next
You will be presented with the Local Collector IP Address on the left of the screen
To configure Extended Telemetry Collection ensure it is enabled via the toggle
Enter the following information
- Name for the Integration - The name will appear in the Samurai MDR portal for you to easily reference
- Description - Optional but if completed will appear in the Samurai MDR portal for you to easily reference
- Username - Enter the username created in Configure User
- Password - Enter the password created in Configure User
- Hostname / IP - Enter the Hostname or IP address of the Guardian
- Custom port - Optional if you have changed the port for access
Click on Finish

Our Integration guide was accurate at the time of writing but vendors change things frequently! If you find errors or anything is outdated, let us know by raising a request in the Samurai MDR application and we shall get it updated.