Agent Management

View Agents

To view all deployed agents:

Login go the Samurai MDR Portal
Click Telemetry and select SamurAI Agent from the main menu.

SamurAI agents communicate with the SamurAI platform every minute and are marked offline if no communication is receieved after five minutes.

Agent Dashboard

The SamurAI Agent dashboard panel displays summary information as:

Nodes: the total deployed and seen by the SamurAI platform
Online: the total currently online (have communicated with the SamurAI platform within five minutes)
Offline: the total number offline (have not communicated with the SamurAI platform for five minutes)
Platforms: the total number of platforms i.e Windows / MacOS / Linux

A table displays all deployed agents with node specific information:

Field	Description
Status Description	Status of the agent. Potential status displayed: Online or Offline
Name	Hostname of the endpoint
Platform	Platform and architecture - icon depicting OS and processor e.g AMD64
OS Name	The underlying operating system
OS Version	The operating system version
SamurAI Agent	The SamurAI agent version installed
Sysmon Version	The System Monitor (sysmon) version installed (applicable to Windows only)
Last external IP	The external IP address of the agent as seen by the SamurAI platform
Last Seen	Date and timestamp of when the agent last checked-in to the SamurAI platform

Delete Agent(s)

The SamurAI platform does not remove or delete offline agents that are displayed. For example you may have uninstalled or removed the agent from a node but it will still be displayed as offline.

You can delete SamurAI Agents from the table:

Select the nodes you wish to Delete
Click Actions and select Delete selected nodes
To ensure you intended to delete the agents you will need to type DELETE in the field and select Delete

If you have deleted an agent and it is still installed and starts communicating back to the SamurAI platform, it will re-appear in the table.

Agent Settings

You can change the SamurAI Agent Update and Sysmon EULA selections by clicking Settings.

Auto Managed : Auto updates of agents is enabled by default, select this option if you want the agent updates to occur automatically without any action needed on your part.
Self Managed : Select this option should you wish to manage agent updates yourself.

Self Managed

If Self Managed is selected a new option entitled Update Tasks is displayed.

Update Tasks

Selecting Update Tasks allows you to configure tasks for updating your deployed agents.

Click on Create Update Task

Within the Create Update Task view we recommend that you use filters and save as views. This is useful if, for example you want to run an update task against a specific set of deployed agents. Click Views to save/reset/delete your different filters. Once saved you can toggle between views.

Enter a Name for the task e.g Windows 10 Pro Update
Toggle whether you wish to Start immediately. If you do not start the task immediately you have the option to update the status at a later date/time. See Update the Task.
Select whether you wish to update:

SamurAI agent version (the latest version will always be displayed)
Sysmon version (applicable to Windows only)

Select if you wish to Rate Limit the update task. Read more about Rate Limiting
Once complete, select Review Selection and review your tasks
Click on Create Update Task

Rate Limiting

Rate limiting allows you to roll out updates to endpoint agents gradually instead of updating all systems at once. This controlled approach reduces risk of disruption, avoids overloading networks and ensures that if an unexpected issue occurs, only a small number of endpoints are affected.

Enabling rate limiting allows you to configure the number of agents to update per time duration (which can be set as minute/hour/day/month/week/year).

When rate limiting is recommended:

Large fleets (typically 500+ endpoints)
Networks with remote sites, VPN’s or limited bandwidth
Critical workloads where uptime and stability are essential
Major agent version upgrades or significant configuration changes

When rate limiting may not be necessary:

Small fleets with a few hundred endpoints
Minor, low-risk updates

View Update Tasks

From the SamurAI Agent view, click Update Tasks.

A table displays all Update Tasks with specific information:

Field	Description
Status	Status of the Update Task (hover over for text, potential status displayed Paused/Running/Completed/Failed
Name	Name provided for the task
Rate Limit	If Rate Limiting was enabled
Sysmon Version	Updated Sysmon version (if applicable)
SamurAI agent	Updated SamurAI Agent version
Target Node Count	The number of agents within the update task
Completed Node Count	The number of completed agent updates
Failed Node Count	The number of failed agent updates
Created	Date/Timestamp of update task creation
Updated	Date/Timestamp of updates to the update task

Select an Update Task from the list to display status of individual agent updates.

A summary will be displayed including:

Update task status
Number completed
Number failed
Target
Rate Limit

Additional details for each agent are also included:

Field	Description
Name	Hostname of the agent to be updated
Node Update Task Status	The status of the agent update, potential status are New/Pending/Completed/Failed
Message	A short decription of progress
Start Date	Date/Timestamp of agent update
End Date	Date/Timestamp of agent update end
SamurAI Agent before	SamurAI agent version before the update
SamurAI Agent after	SamurAI agent version after the update
Sysmon before	Sysmon version before update
Sysmon after	Sysmon version after update

Update the Task

You can update the State of an Update Task to either Paused or Running.

For example, if you previously set an Update Task NOT to Start Immediately you can set the state to Running to begin the update:

Select More Options ().
Click Update the Task
Select the State to Paused to pause the update task or to Running to begin or resume the update task.