Samurai Logstash Integration

Our Integration guide was accurate at the time of writing but vendors change things frequently! If you find errors or anything is outdated, let us know by raising a request in the Samurai Help Center and we shall get it updated.

This article describes how to setup the Samurai Logstash integration within the Samurai Application to ingest telemetry via Beat-agents. The following telemetry integrations are based on this integration:

• Windows Event log collection via Winlogbeat
• Windows DNS Server log collection via Filebeat
• Windows DHCP Server log collection via Filebeat

To complete this Integration, you will need to:

1. Have a Local collector installed and configured:

• Samurai Local Collector guide

2. From the Samurai Application:

• Complete the Samurai Logstash integration within the Samurai Application

Complete the Samurai Logstash integration within the Samurai Application

1. Login to your Samurai Application tenant.
2. Click Telemetry > Integrations from the main menu.
3. Click Create.
4. Find and select Samurai Logstash.
5. Select the relevant Local Collector and click Next.
6. You will be presented with the Local Collector IP Address on the left of the screen.
   1. Take note of this IP as this will be used when configuring the Beat-agents.
7. To configure Extended Telemetry Collection ensure it is enabled via the toggle.
8. Enter the following information:
   • Name of Integration - The name will appear in the XDR application for you to easily reference.
   • Description - Optional but if completed it will appear in the XDR application for you to easily reference.
   • Integration Name - The name used in the backend, safely use the same name as Name of Integration.
9. Click on Finish.