Samurai Agent (BETA)

What is the SamurAI Agent?

The SamurAI Agent is a light weight, universal agent that provides deep visibility, detection and response across your endpoints for SamurAI services. Capabilities include:

Telemetry Data Collection

  • Standardized and targeted telemetry data collection independent of operating system (e.g the agent utilizes a custom Sysmon configuration, specifically tuned for the SamurAI platform applied to Microsoft Windows to optimize event collection and analysis).
  • Eliminates the need for 3rd party integrations to the Samurai platform (e.g winlogbeat agents installed on the Microsoft Windows OS).
  • Eliminates the need for any endpoint configuration in telemetry collection.

Detection

  • Leverages the Samurai Real-Time Engine for detection of threats.
  • We apply our global threat intelligence feeds to enrich data with context about known malicious actors, emerging threats, and attack patterns enhancing accuracy and speed of threat detection.
  • Leverages the Samurai Hunting Engine for automated and analyst driven threat hunting.

Investigate

  • Provides a powerful query capability (osquery) with real-time visibility into endpoints (e.g query for installed browser extensions to help analysts detect potential persistance mechanisms used by threat actors and accelerate investigations).
  • Event driven threat hunting to investigate, validate and contextualize a threat/incident.

Respond

  • Provides incident response tooling and aids endpoint forensics.

What’s Next?

Review the SamurAI Agent Support and Pre-requisites.