Samurai Cloud Native Collector

The Cloud Native Collector is used to ingest data from public cloud storage. The Collector itself is agnostic to the data sent to cloud storage and monitors for new or updated files and pulls the data to the Samurai platform for ingestion - therefore there are minimum cloud storage retention requirements.

mceclip0.png We recommend a minimum cloud storage retention period of 7 days

The Cloud Native Collector is used for specific integrations and is typically a requirement for Samurai to ingest events from Microsoft Azure, Amazon Web Services and third parties that leverage cloud storage. This will be clearly indicated within the Product Integration Guide.

If you have determined that you require a Cloud Native Collector then follow the steps below to configure and create the collector from the Samurai MDR portal and ensure it is working as expected.

Create Cloud Native Collector

  1. From your Samurai MDR portal tenant, click Telemetry and select Collectors from the main menu

  2. Select Create Collector

  3. Select Cloud collector

  4. Complete the fields as required.

Collector nameA nickname for the collector
Description (Optional)A description of your collector
ProviderSelect the correct Provider
  1. Select Create Collector

  2. Based on your Provider selection a Deploy to <Provider> will be displayed

  3. Select Deploy to <Provider> - this will launch a template you should follow based on your Provider.

  4. Click Close and follow the relevant section below based on your Provider.

mceclip0.png The deployment button will only be displayed once after selecting Create Collector, therefore be sure to click the button before closing the dialog window.

Microsoft Azure

Selecting Microsoft Azure will launch an Azure Resource Manager (ARM) template. Follow the steps.

  1. Complete the necessary fields within the template:

Project Details

SubscriptionSelect your Azure subscription to deploy the Collector into
Resource GroupCreate or select your Resource Group to deploy the Collector into

Instance Details

RegionSelect the Azure region to deploy the Collector into
Collector Name(this is auto populated from the Samurai MDR portal Collector name you defined)
Collector Id(this is auto populated from Samurai)
Passkey(this is auto populated from Samurai)
  1. Select Next

  2. Select Review and Create

  3. You are now complete and can navigate to the Samurai MDR portal.

Validate Collector Status

  1. Select Collectors from the left-hand menu

  2. Select the relevant Collector from the presented list

  3. View Status

StatusDescription
OfflineCollector created but offline
Not availableCollector has been online but no longer available
HealthyCollector deployed and healthy
Not-HealthyCollector not healthy
ProvisioningCollector is being setup / provisioning

What’s next?

You should now have a collector running!

The next step is to start configuring integrations which will allow the Samurai platform to collect your telemetry data.

Select Integrations Overview for more information on integrations and where to start.

Deleting a Collector

mceclip0.png If you delete a Cloud collector it cannot be reversed! In addition, all of your integrations related to the local collector will also be deleted!

If you need to delete a Cloud collector you can do so by following the steps below:

  1. From your Samurai MDR portal click Telemetry and select Collectors from the main menu
  2. Select the relevant collector from your list
  3. On the right hand side of the relevant collector, click on mceclip1.png (more options) and select Delete Collector
  4. The following warning will appear: ‘Warning: This is a destructive action and cannot be reversed.’. To ensure you intended to delete the collector you will need to type DELETE in the window and select Delete Collector