Download and Installation

Before you begin download and installation of the SamurAI Agent you must first select how you wish to manage Agent Updates and decide the settings for SamurAI Agent for Windows.

  1. From the SamurAI MDR Portal select Telemetry and click SamurAI Agent

Upon first browsing to this page, the following will be displayed:

samurai_agent_settings.png

Figure 1: SamurAI Agent settings

SamurAI Agents Updates

By default, SamurAI Agents are updated automatically. However if you require flexibility to update individual or groups of agents you can select this option (leaving blank denotes automatic updates).

  • Self Managed : Select this option should you wish to manage agent updates yourself. See Self Managed for more information.

SamurAI Agent for Windows

  1. Determine whether to Accept Microsoft Sysinternals Software Licence Terms (Sysmon EULA).
  1. If you accept the Sysmon EULA, you can select to Install Sysmon if missing

  2. Click Apply SamurAI Agent Settings

The SamurAI Agent and Sysmon

For enhanced telemetry on Windows, the SamurAI Agent optionally leverages Microsoft System Monitor (Sysmon), a vital component for collecting detailed process and system activity. Read more about Sysmon from Microsoft Documentation.

Sysmon is not bundled with the SamurAI Agent therefore if you Accept Microsoft Sysinternals Software Licence Terms (Sysmon EULA) upon installation of the SamurAI Agent, sysmon will be downloaded and installed or updated silently using standard Microsoft provided installation flags.

The SamurAI Agent leverages a custom Sysmon configuration tuned and maintained by the SamurAI detection engineering team. This provides:

  • Noise reduction: a default Sysmon deployment generates an extremely high volume of data, our tuned configuration filters out unnecessary events which are irrelevant for SamurAI Managed Detection and Response.

  • High Fidelity detections: we selectively enable and enrich valuable event IDs (e.g process creation, network connections, registry modification etc) aligned with the MITRE ATT&CK framework.

  • Consistency across environments: ensures standardized event coverage across deployment.

  • Ongoing Tuning: we regularly update the configuration to reflect emerging attacker techniques, new ATT&CK mappings and lessons learned.

What’s Next

You can now proceed to Agent Download