Management
SamurAI Endpoint Agents registered with the SamurAI Platform are referred to as Nodes within the SamurAI MDR Portal.
View Nodes
To view all deployed agents:
Login go the SamurAI MDR Portal
Click Telemetry and select SamurAI Endpoint Agent from the main menu.
Dashboard
The dashboard panel displays summary information:
- Nodes: the total deployed and seen by the SamurAI platform
- Online: the total currently online (have communicated with the SamurAI platform within five minutes)
- Offline: the total number offline (have not communicated with the SamurAI platform for five minutes)
- Platforms: the total number of platforms i.e Windows / MacOS / Linux
Nodes Table
A table displays all deployed agents with node specific information:
| Field | Description |
|---|
| ID | Universally Unique Identifier (UUID) of the node |
| Status Description | Status of the agent. Potential status displayed: Online or Offline |
| Name | Hostname of the endpoint |
| Platform | Platform and architecture - icon depicting OS and processor e.g AMD64 |
| OS Name | The underlying operating system |
| OS Version | The operating system version |
| Agent Version | The SamurAI Endpoint Agent version installed |
| Sysmon Version | The System Monitor (sysmon) version installed |
| Last external IP | The external IP address of the agent as seen by the SamurAI platform |
| Last Seen | Date and timestamp of when the agent last checked-in to the SamurAI platform |
| Inactivity Threshold | An indicator displaying time until the agent will be deemed inactive and purged from view |
Inactive Node(s)
Nodes communicate with the SamurAI platform every minute and are marked offline if no communication is received after five minutes.
Offline nodes will be visible for 90 days, after this threshold it is deemed to be inactive and purged from the SamurAI platform backend and the current view.
You can view inactive and deleted nodes within the Node History.
Delete Node(s)
You can delete nodes from the table:
- Select the nodes you wish to Delete
- Click Actions and select Delete selected nodes
- To ensure you intended to delete the agents you will need to type DELETE in the field and select Delete
- The deleted node record will appear under Node History.
If a node has been deleted and you have not un-installed the agent from the endpoint and it starts communicating with the SamurAI Platform, it will be displayed within the Node Table, however will remain within Node History.
Node History
The Node History log displays a table of Deleted Nodes and Purged (deemed inactive) with node specific information:
| Field | Description |
|---|
| ID | Universally Unique Identifier (UUID) of the node |
| Action | The action taken against the node. This could include Purged based on the inactivity threshold or Deleted |
| Name | Hostname of the endpoint |
| Last Status | The Last known Status of the node (typically offline) |
| OS Name | The underlying operating system |
| User | The user that deleted the node. This could also include System which denotes the SamurAI platform when the node is inactive and purged |
| Last Enrolled | Date and timestamp of when the node was originally enrolled |
| Action Applied | Displays when the Action was applied to the node |
Node history is stored and visible following our standard retention of 400 days.
1 - Settings and Updates
Settings
You can change the Update and Sysmon EULA selections by clicking Settings from the SamurAI Endpoint Agent view.
- Auto Managed : Auto updates of agents is enabled by default, select this option if you want the agent updates to occur automatically without any action needed on your part.
- Self Managed : Select this option should you wish to manage agent updates yourself.
For Sysmon EULA settings we recommend maintaining your original selection to ensure consistency across your nodes.
Updates
Self Managed
If Self Managed is selected a new option entitled Update Tasks is displayed.
Update Tasks
Selecting Update Tasks allows you to configure tasks for updating your deployed agents.
- Click on Create Update Task
Within the Create Update Task view we recommend that you use filters and save as views. This is useful if, for example you want to run an update task against a specific set of deployed agents. Click Views to save/reset/delete your different filters. Once saved you can toggle between views.
Enter a Name for the task e.g Windows 10 Pro Update
Toggle whether you wish to Start immediately. If you do not start the task immediately you have the option to update the status at a later date/time. See Update the Task.
Select whether you wish to update:
- SamurAI Agent version (the latest version will always be displayed)
- Sysmon version
Rate Limit is enabled by default to 5 nodes per 1 minute. Read more about Rate Limiting
Once complete, select Review Selection and review your tasks
Click on Create Update Task
Rate Limiting
Rate limiting allows you to roll out updates to nodes gradually instead of updating all at once. This controlled approach reduces risk of disruption, avoids overloading networks and ensures that if an unexpected issue occurs, only a small number of nodes are affected.
Rate limiting allows you to configure the number of nodes to update per time duration (which can be set per minute/hour/day).
When rate limiting is recommended:
- Large fleets (typically 500+ nodes)
- Networks with remote sites, VPN’s or limited bandwidth
- Critical workloads where uptime and stability are essential
- Major agent version upgrades or significant configuration changes
When rate limiting may not be necessary:
- Small fleets with a few hundred nodes
- Minor, low-risk updates
Rate limit upper limits are set as:
- 25 nodes per 1 minute, 50 nodes per 2 minutes etc
- 1500 nodes per 1 hours, 3000 nodes per 2 hours etc
- 36000 nodes per 1 day, 72000 nodes per 2 days etc
View Update Tasks
- From the SSamurAI Endpoint Agent view, click Update Tasks.
A table displays all Update Tasks with specific information:
| Field | Description |
|---|
| Status | Status of the Update Task (hover over for text, potential status displayed Paused/Running/Completed/Failed |
| Status Description | Status Description (potential status displayed Paused/Running/Completed/Failed |
| Name | Name provided for the task |
| Sysmon Version | Updated Sysmon version (if applicable) |
| Agent Version | Updated SamurAI Endpoint Agent version |
| Target Node Count | The number of nodes within the update task |
| Completed Node Count | The number of completed node updates |
| Failed Node Count | The number of failed node updates |
| Created | Date/Timestamp of update task creation |
| Updated | Date/Timestamp of updates to the update task |
Select an Update Task from the list to display status of individual node updates.
A summary will be displayed including:
- Update task status
- Number completed
- Number failed
- Target
- Rate Limit
Additional details for each node are also included:
| Field | Description |
|---|
| Name | Hostname of the node to be updated |
| Node Update Task Status | The status of the node update, potential status are New/Pending/Completed/Failed |
| Message | A short description of progress |
| Start Date | Date/Timestamp of agent update |
| End Date | Date/Timestamp of agent update end |
| Agent before | SamurAI Endpoint Agent version before the update |
| Agent after | SamurAI Endpoint Agent version after the update |
| Sysmon before | Sysmon version before update |
| Sysmon after | Sysmon version after update |
Update the Task
You can update the State of an Update Task to either Paused or Running.
For example, if you previously set an Update Task NOT to Start Immediately you can set the state to Running to begin the update:
From the Update Tasks list select the relevant Update Task
Select More Options (
).
Click Update the Task
Select the State to Paused to pause the update task or to Running to begin or resume the update task.