The Cloud Native Collector is used to ingest data from public cloud storage. The Collector itself is agnostic to the data sent to cloud storage and monitors for new or updated files and pulls the data to the Samurai platform for ingestion to the telemetry pipeline - therefore there are minimum cloud storage retention requirements.
We recommend a minimum cloud storage retention period of 7 days
The Cloud Native Collector is used for specific integrations and is typically a requirement for Samurai to ingest events from Microsoft Azure, Amazon Web Services and third parties that leverage cloud storage. This will be clearly indicated within the Product Integration Guide.
If you have determined that you require a Cloud Native Collector then follow the steps below to configure and create the collector from the Samurai MDR application and ensure it is working as expected.
Create Cloud Native Collector
1. From your Samurai MDR application tenant, select Collectors in the main menu
2. Select Create Collector
3. Select Cloud collector
4. Complete the fields as required.
|Collector name||A nickname for the collector
|Description (Optional)||A description of your collector
Select the correct Provider
5. Select Create Collector
6. Based on your Provider selection a Deploy to <Provider> will be displayed
7. Select Deploy to <Provider> - this will launch a template you should follow based on your Provider.
8. Click Close and follow the relevant section below based on your Provider.
The deployment button will only be displayed once after selecting Create Collector, therefore be sure to click the button before closing the dialog window.
Selecting Microsoft Azure will launch an Azure Resource Manager (ARM) template. Follow the steps.
1. Complete the necessary fields within the template:
|Subscription||Select your Azure subscription to deploy the Collector into|
|Resource Group||Create or select your Resource Group to deploy the Collector into
|Region||Select the Azure region to deploy the Collector into|
|Collector Name||(this is auto populated from the Samurai MDR application Collector name you defined)|
|Collector Id||(this is auto populated from Samurai)|
|Passkey||(this is auto populated from Samurai)|
2. Select Next
3. Select Review and Create
4. You are now complete and can navigate to the Samurai MDR web application.
Validate Collector Status
1. Select Collectors from the left-hand menu
2. Select the relevant Collector from the presented list
3. View Status
|Offline||Collector created but offline|
||Collector has been online but no longer available
|Healthy||Collector deployed and healthy|
|Not-Healthy||Collector not healthy|
|Provisioning||Collector is being setup / provisioning|
You should now have a collector running!
The next step is to start configuring integrations which will allow the Samurai platform to collect your telemetry data.
Select Integrations Overview for more information on integrations and where to start.
Deleting a Collector
If you delete a Cloud collector it cannot be reversed! In addition, all of your integrations related to the local collector will also be deleted!
If you need to delete a Cloud collector you can do so by following the steps below:
- From your Samurai application select Collectors
- Select the relevant collector from your list
- On the right hand side of the relevant collector, click on (more options) and select Delete Collector
- The following warning will appear: 'Warning: This is a destructive action and cannot be reversed.'. To ensure you intended to delete the collector you will need to type DELETE in the window and select Delete Collector