Samurai Agent (BETA)
SamurAI Agent BETA
The SamurAI ‘Endpoint’ Agent is currently in BETA.
This section is only applicable to participants of the BETA program and is work in progress, therefore will be updated accordingly.
If you are interested in participating, please contact your Cyber Security Advisor (CSA) or NTT representative.
What is the SamurAI Agent?
The SamurAI Agent is a light weight, universal agent that provides deep visibility, detection and response across your endpoints for SamurAI services. Capabilities include:
Telemetry Data Collection
- Standardized and targeted telemetry data collection independent of operating system (e.g the agent utilizes a custom Sysmon configuration, specifically tuned for the SamurAI platform applied to Microsoft Windows to optimize event collection and analysis).
- Eliminates the need for 3rd party integrations to the Samurai platform (e.g winlogbeat agents installed on the Microsoft Windows OS).
- Eliminates the need for any endpoint configuration in telemetry collection.
Detection
- Leverages the Samurai Real-Time Engine for detection of threats.
- We apply our global threat intelligence feeds to enrich data with context about known malicious actors, emerging threats, and attack patterns enhancing accuracy and speed of threat detection.
- Leverages the Samurai Hunting Engine for automated and analyst driven threat hunting.
Investigate
- Provides a powerful query capability (osquery) with real-time visibility into endpoints (e.g query for installed browser extensions to help analysts detect potential persistance mechanisms used by threat actors and accelerate investigations).
- Event driven threat hunting to investigate, validate and contextualize a threat/incident.
Respond
- Provides incident response tooling and aids endpoint forensics.
You can read more about osquery here.
What’s Next?
Review the SamurAI Agent Support and Pre-requisites.