Telemetry Monitoring

It is important to understand and keep track of the health of Integrations you have configured.

The Samurai platform monitors telemetry ingested from your integrations displaying the applicable status (refer to View Integration Status), if problems are encountered after specific time periods the integration is highlighted within the Telemetry Monitoring view and triggers an email notification after 24 hours.

For an integration to be monitored, the Samurai platform must recieve event data consistently every hour over a 24hour period, this is because we cannot guarantee accurate monitoring for telemetry sources that may log intermittently.

Access Telemetry Monitoring

Click Telemetry and select Telemetry Monitoring from the main menu.

Figure 1: Telemetry monitoring menu and visual indicator  

A visual indicator will be displayed beside the Telemetry Monitoring menu item showing the total number of integrations which may require attention.

Figure 2: Example telemetry monitoring table

Telemetry Monitoring View

The Telemetry Monitoring view displays summary information (as applicable):

• Number of integrations with no events seen in the last 24 hours by the Samurai platform
• Number of integrations with no events seen in the last 12 hours by the Samurai platform
• Unknown integration (unsupported)
• Number of provisioning integrations
• Number of healthy integrations

Figure 3: Example summary information

Telemetry Monitoring Table

Integrations are displayed in the table if the Samurai platform has not received any events in the last 12 hours.

Figure 4: Example detail table

The list shows the details of the integrated telemetry sources which are considered unhealthy as per the table below:

Clicking on the Integration will navigate you to the Integration Details. For integrations of type Log an events graph will be displayed which may help in troubleshooting.

For information on Integration types refer to What are the Integration fields? in the Integration Actions article.

The table may also display:

• Unsupported integrations

  • These integrations are displayed as Product - unknown and Vendor - unknown - for you convenience the Samurai platform does monitor these telemetry event sources but does not send email notifications.
  • Info will display the following: This integration is currently not supported and will not trigger a notification if it stops sending events.

• Integrations where the Samurai platform ingests events intermittantly

  • If the Samurai platform does not receive events every hour over any 24 hour period, the integration will still be displayed but will not trigger a notification.
  • Info will display the following: This integration does not send enough events to trigger a notification if it stops sending events altogether.

The above integrations will be highlighted with an Info icon () and when hovering over will display the applicable text highlighted above.

For your convenience you may want to display the integrations above in a different view, in doing so you remove from view integrations that will not trigger notifications - Hide Log Integrations provides this functionality.

Hide Log Integrations

Only integrations of type Log can be hidden - these are telemetry sources that typically send event data via syslog consistently. Example reasons why you may want to hide an integration include:

• It is an unsupported/generic log source integration.
• You do not want to recieve an email notifications if there is an issue with telemetry ingestion to the Samurai platform.

To hide an integration from the Telemetry Monitoring view:

1. Find the relevant Log integration within the table
2. Click on more options () to the left of the integration and select Hide integration
3. A Hide Log Integration window will be displayed warning you it will be removed from the Integrations and Telemetry Monitoring pages, click Confirm

To view hidden integrations from the Telemetry Monitoring view:

1. Click on more options () at the top right of the window and select Hidden log integrations
2. A Hidden Log Integrations window will be displayed
3. The integrations will display an Info icon () amd whem hopvering over will display the following Notifications for this integration has been disabled

Unhide Log Integrations

To unhide log integrations from the Telemetry Monitoring view:

1. Click on more options () at the top right of the window and select Hidden log integrations
2. A Hidden Log Integrations window will be displayed
3. Find the relevant hidden integration
4. Click on more options () within the integrations table and select Unhide integration

Hide, view and unhide functionality is also available within the Integrations View view.

Muted Integration

Muted integrations do not send an email notification if there is an issue with telemetry ingestion to the Samurai platform. This could be based on one of the categories mentioned above (unsupported or sends events intermittently) The Telemetry Monitoring view will display muted integrations by default. For convenience you can disable displaying muted integrations from the Telemetry Monitoring view:

1. Click on more options () at the top right of the window and deselect Show muted integrations

If you have hidden a log integration it will not be displayed when Show muted integrations is enabled.

Telemetry Monitoring Notifications

Samurai will send email notifications to registered application users if no events are seen for an integration over 24 hours. You can opt-in to receive notifications by raising a request via the Samurai MDR portal or in discussion with the SOC during MDR onboarding.

The Samurai platform does not send notifications for unsupported (displayed as unknown) integrations or integrations that send event data intermittently.

If you want additional information on Integration health, please review How do I know if my integration is functioning?