SamurAI Endpoint Agent

What is the SamurAI Endpoint Agent?

The SamurAI Endpoint Agent is a light weight, software component installed on an endpoint (such as a workstation or server) providing deep visibility and enabling SamurAI Managed Detection and Response across your endpoints. Capabilities include:

Telemetry Data Collection

• Standardized and targeted telemetry data collection independent of operating system (e.g the agent utilizes a custom Sysmon configuration, specifically tuned for the SamurAI Platform applied to Microsoft Windows to optimize event collection and analysis).
• Eliminates the need for 3rd party integrations to the SamurAI Platform (e.g winlogbeat agents installed on the Microsoft Windows OS).
• Eliminates the need for any endpoint configuration in telemetry collection.

Detection

• Leverages the SamurAI Real-Time Engine for detection of threats.
• We apply our global threat intelligence feeds to enrich data with context about known malicious actors, emerging threats, and attack patterns enhancing accuracy and speed of threat detection.
• Leverages the SamurAI Hunting Engine for automated and analyst driven threat hunting.

Investigate

• Provides a powerful query capability (osquery) with real-time visibility into endpoints (e.g query for installed browser extensions to help analysts detect potential persistance mechanisms used by threat actors and accelerate investigations).
• Event driven threat hunting to investigate, validate and contextualize a threat/incident.

Respond

• Provides incident response tooling and aids endpoint forensics.

What’s Next?

Review the SamurAI Endpoint Agent Support and Pre-requisites.