The Cloud Native Collector is used to ingest data from public cloud storage. The Collector itself is agnostic to the data sent to cloud storage and monitors for new or updated files and pulls the data to the Samurai platform for ingestion - therefore there are minimum cloud storage retention requirements.
We recommend a minimum cloud storage retention period of 7 days
The Cloud Native Collector is used for specific integrations and is typically a requirement for Samurai to ingest events from Microsoft Azure, Amazon Web Services and third parties that leverage cloud storage. This will be clearly indicated within the Product Integration Guide.
If you have determined that you require a Cloud Native Collector then follow the steps below to configure and create the collector from the Samurai MDR portal and ensure it is working as expected.
Create Cloud Native Collector
From your Samurai MDR portal tenant, click Telemetry and select Collectors from the main menu
Select Create Collector
Select Cloud collector
Complete the fields as required.
| Collector name | A nickname for the collector |
|---|---|
| Description (Optional) | A description of your collector |
| Provider | Select the correct Provider |
Select Create Collector
Based on your Provider selection a Deploy to <Provider> will be displayed
Select Deploy to <Provider> - this will launch a template you should follow based on your Provider.
Click Close and follow the relevant section below based on your Provider.
The deployment button will only be displayed once after selecting Create Collector, therefore be sure to click the button before closing the dialog window.
Microsoft Azure
Selecting Microsoft Azure will launch an Azure Resource Manager (ARM) template. Follow the steps.
- Complete the necessary fields within the template:
Project Details
| Subscription | Select your Azure subscription to deploy the Collector into |
|---|---|
| Resource Group | Create or select your Resource Group to deploy the Collector into |
Instance Details
| Region | Select the Azure region to deploy the Collector into |
|---|---|
| Collector Name | (this is auto populated from the Samurai MDR portal Collector name you defined) |
| Collector Id | (this is auto populated from Samurai) |
| Passkey | (this is auto populated from Samurai) |
Select Next
Select Review and Create
You are now complete and can navigate to the Samurai MDR portal.
Validate Collector Status
Select Collectors from the left-hand menu
Select the relevant Collector from the presented list
View Status
| Status | Description |
|---|---|
| Offline | Collector created but offline |
| Not available | Collector has been online but no longer available |
| Healthy | Collector deployed and healthy |
| Not-Healthy | Collector not healthy |
| Provisioning | Collector is being setup / provisioning |
What’s next?
You should now have a collector running!
The next step is to start configuring integrations which will allow the Samurai platform to collect your telemetry data.
Select Integrations Overview for more information on integrations and where to start.
Deleting a Collector
If you delete a Cloud collector it cannot be reversed! In addition, all of your integrations related to the local collector will also be deleted!
If you need to delete a Cloud collector you can do so by following the steps below:
- From your Samurai MDR portal click Telemetry and select Collectors from the main menu
- Select the relevant collector from your list
- On the right hand side of the relevant collector, click on
(more options) and select Delete Collector - The following warning will appear: ‘Warning: This is a destructive action and cannot be reversed.’. To ensure you intended to delete the collector you will need to type DELETE in the window and select Delete Collector