FAQ

Yes, the SamurAI Endpoint Agent is available to all SamurAI Managed Detection & Response (MDR) clients.

No, despite having similar capabilities to commercial EDR solutions it is not intended as a replacement. The intent is for a SamurAI platform native agent, allowing full customization, built and configured in support of SamurAI Managed Detection & Response (MDR) and Incident Response engagements.

The SamurAI Endpoint Agent is optional, however there are advantages to its use such as the ability to gather advanced data and metrics optimized specifically for the SamurAI platform and detection engines in addition to aiding our SOC analysts to investigate and validate threats.

Yes, the SamurAI Endpoint Agent can run in conjunction with your existing EDR solution for maximum visibility and response.

The SamurAI Endpoint Agent has been tested alongside other agents e.g EDR solutions, and no limitations or problems were identified. In some cases you may need to 'whitelist' the SamurAI Endpoint Agent on your existing EDR deployments to ensure no issues. As the SamurAI Endpoint Agent is lightweight with a low footprint, resource contention is unlikely but is highly dependant on the underlying endpoint and network connectivity. There is a potential for duplicate security alerts, however the SamurAI platform handles this.

This is dependant on the underlying operating system, however for Microsoft Windows we gather event data using System Monitor (Sysmon) which is part of the Sysinternals Suite developed by Microsoft (if you have accepted the Microsoft UELA see SamurAI Endpoint Agent for Windows for additional information). We leverage a custom Sysmon configuration (which we maintain) that collects detailed information about system activity (logged to the Windows Event Log) to help with security monitoring and investigations. The SamurAI Endpoint Agent also leverages osquery which allows the SamurAI platform / SOC to query the endpoint operating system as if it were a relational database, for example gather system information (hostname,OS version, uptime), user and login activity, processes and services, networking (active network connections, listening ports).

This can vary depending on the type of endpoint and activity however typically 30MB per day but can go up to approximately 200MB per day.

Please review Support and Pre-requisites for a current list of supported operating systems.

Yes, Please review Support and Pre-requisites for a current list of supported operating systems.

Yes, however please adhere to supported operating systems. Please review Support and Pre-requisites for a current list of supported operating systems

Please review Communication Pre-Requisites for network connectivity requirements.

Ideally all endpoints – laptops, servers. Alternatively you can install the SamurAI Endpoint Agent on specific endpoints where you have limited or no EDR coverage.

There are no restrictions on installation other than supported OS and connectivity requirements.

It is your responsibility to deploy the SamurAI Endpoint Agent after download from the SamurAI portal. We recommend deploying the SamurAI Endpoint Agent using your organization's preferred software distribution tools. For Windows environments, this may include Group Policy Objects (GPO) in an Active Directory domain or Microsoft Intune for cloud-based management.

We periodically make SamurAI Endpoint Agent software updates as needed to ensure the latest enhancements are available. We keep you updated via announcements in the SamurAI Portal and the latest Release Notes.

You can update automatically or choose how and when to update deployed SamurAI Endpoint Agents. Please review Agent Updates.

A Node is a registered instance of an Endpoint with the SamurAI Endpoint Agent installed. Please review the SamurAI Glossary of Terms.

The SamurAI Endpoint Agent operates under the name Spiral, which are expected internal identifiers by the SamurAI platform.