Collectors

Samurai Collectors are used to receive and transport telemetry from your security controls, network devices or cloud services to the Samurai platform.

There are two types of collectors:

1. Cloud Collector

  • Deployed within the Samurai platform and is used to gather telemetry from cloud services and/or security controls. Various use cases exist with differing requirements based on the Product/Service you are integrating with Samurai:
    • In some cases you simply need to complete the relevant integration and the cloud collector is automatically used.
    • When we gather telemetry from public cloud storage (specifically Microsoft Azure storage accounts and Amazon Web Services (AWS) S3 buckets) you must first deploy a cloud collector within the Samurai platform that is used to monitor your cloud storage for updated telemetry files.
    • When we ingest telemetry using Splunk HTTP Event Collection (HEC) you must also first deploy a cloud collector within the Samurai platform that is used to receieve telemetry data.

2. Local Collector

  • Deployed within your environment and is used to gather telemetry from your security controls and network devices. We have packaged the local collector to support multiple formats and envionments.

What type of Collector do you require?

This is dependent on the products you want to integrate with Samurai:

  • For products deployed in your internal network, a Local Collector will be required to gather (pull & push) telemetry data and securely transfer it to the Samurai platform.
  • For cloud based products providing API endpoints, a Cloud Collector will be used to pull the telemetry data and securely transfer it to the Samurai platform.
  • For cloud based products utilizing streaming of telemetry data to cloud storage, a Cloud Collector is also required to retrieve the telemetry data and securely transfer it to the Samurai platform.
  • For products that leverage streaming of telemetry via Splunk HTTP Event Collection (HEC), a Cloud Collector is required to receieve telemetry data to the Samurai platform.

Next steps:

  • Review our Supported Integrations and associated Integration Guides to determine the collector type(s) required. Within each Integration Guide there is a table denoting use of a Local or Cloud Collector, alternatively this is displayed in the Samurai MDR portal when working through an integration.
  • You may also choose to jump directly to the Samurai MDR portal and review integrations
  • If you have determined you require a local collector then click on Samurai Local Collector and follow the steps to create, configure and install.
  • If you have determined you require a cloud collector then click on Samurai Cloud Collector and follow the steps to create and configure.
Samurai Local Collector

Samurai Cloud Collector