Samurai XDR Application:
We are excited to announce the release of Advanced Query! This powerful feature leverages Microsoft's Kusto Query Language (KQL) to query your telemetry data within the Samurai data lake. In support of this new feature in the Samurai XDR Application, an Advanced Query section within the Samurai Help Center has been has been created with the following new articles to help you get started:
We are continuing to improve the Alert management functionality. Some alerts may not require further investigation (for example if deemed false positive) therefore you now have the ability to Dismiss Alerts. In support of this new functionality we have updated the following Help Center articles:
Samurai XDR Application Main Menu
We are planning great things for the future (expect to see more information in the near future!) therefore have made a minor change to the Samurai XDR application main menu - we've added 'Telemetry'. You will now find 'Collectors' and 'Integrations' under this new menu item.
All of the applicable Samurai Help Center articles have been updated to reflect this change, if you see anything missed please let us know!
We are constantly expanding our list of supported integrations, see links to the newly supported telemetry sources and Integration guides:
- Cisco IOS Routers and Switches
- CyberArk Privileged Access Security (PAS)
- VMware Carbon Black Cloud Enterprise EDR
We have updated our support for Check Point Next-Generation Firewall with extended telemetry. See the updated integration guide for more information:
Samurai Status Page
We strive for transparency and understand how important the Samurai XDR platform is to maintaining your cyber security posture therefore we have created a public Samurai XDR platform status page (https://status.samurai.security.ntt/). You can check system health of various elements of the platform - please review the Samurai Status Page article for further information.
A new Telemetry Monitoring dashboard is now available! This dashboard includes a chart and table displaying telemetry sources active within the last 30 days and status. To find out more please refer to the following Samurai Help Center articles that have been published:
Local Collector Status Notifications
We want to notify you of issues we are seeing with your Samurai XDR setup. All users of your Samurai XDR tenant will now receive email notifications of status changes to your Local Collector(s). For example, someone accidently pulls the plug, (we've all done it!) we'll notify you that your Local Collector is offline so you can quickly take action. Please review the updated Samurai XDR Local Collector article for further information.
We will be improving our Notifications functionality to cover many more features in Samurai XDR so watch this space!
What's been fixed?
1. Back button when integrating a telemetry source
You might not have noticed this...regardless, when completing an integration you can now go Back through the various menu items and not just forward (oops!) through clicking Next
2. Closed Investigations
You should not have the ability to perform any actions on a closed investigation (for example assign alerts), so we've updated this so you can only re-open a closed investigation, once open you can perform any supported actions as needed.
3. Alert actions
When selecting a single alert from the alerts widget you will now see the appropriate actions that can be taken.
Samurai Help Center:
The following articles have been created or updated:
1. Samurai XDR Glossary of Terms
The use of specific terms, abbreviations and acronyms in cybersecurity is just...well, confusing! We use many terms throughout our Help Center and Samurai XDR application so we've created this Glossary of Terms to help.
Article is closed for comments.