The definitions provided below are used within Samurai XDR documentation, all legal terms can be found under Legal.
Detection capabilities, including machine learning, big data, and complex event processing analysis, that are included as part of the Threat Detection services.
Security detection made by the Samurai platform or third party vendor where we are ingesting telemetry.
Boost Scoring is a technique used by Samurai XDR which improves the ability to find Advanced Persistent Threats (APTs) by using a methodology which helps to link seemingly unrelated events.
A Collector is responsible for ingesting telemetry (or logs) into Samurai XDR. There are two main types of Collector, namely Local Collectors and Cloud Collectors. A Local Collector is a virtual appliance which is deployed in your network. Typically you will use the Local Collector as the destination for syslog messages produced by your devices. A Cloud Collector provides the ability to ingest telemetry from cloud platforms and services, and is hosted centrally as part of Samurai XDR. You do not need to do anything to deploy a Cloud Collector.
Confidence provides a measure of how certain our systems are that an Alert is accurate and represents malicious activity. Confidence levels are shown as Unknown, Low, Medium, High or Maximum. For more information, please see the article about Alerts.
The ability our systems to find a common linkage in Logs or Events (via source or destination IP address, Common Vulnerabilities and Exposures identifier, or other attributes) and combine them within one Event to add context to an Alert.
The process of adding contextual information (such as geolocation, evidence from packet captures or other data) to log information, either programmatically, or by a Security Analyst.
All of the individual data points (Telemetry) ingested via Collectors into Samurai XDR are known as Events. Through the use of Advanced Analytics, our systems are able to generate Alerts from Events which indicate the presence of threat actor activity. All events are stored in our data lake, and can be further analyzed using Advanced Query.
Global Threat Intelligence Center (GTIC):
The organization within NTT’s Security Holdings responsible for , threat research, vulnerability tracking and the development, aggregation and curation of threat intelligence.
Integrations provide the mechanism to ingest telemetry (in other words logs) into Samurai XDR.
An Investigation enables a Samurai XDR application user to aggregate related alerts together for further analysis to assess a potential threat. Each investigation has a lifecycle with stages based on the current state of the investigation e.g. open, closed, snooze. When creating an investigation you can set a priority, assign/un-assign to users within your tenant, as well as update the status depending on what action needs to be taken.
Managed Detection and Response (MDR):
Samurai Managed Detection and Response is a service that utilizes security alerts along with relevant contextual information identified by the Samurai XDR platform. This information is analyzed by a skilled Security Analyst, who engages in threat hunting and validation activities to verify the threat, its impact, and to identify additional information associated with a potential breach. Once the threat is validated, the Security Analyst creates a detailed Security Incident Report for the Client and executes response actions as required.
MITRE ATT&CK Framework:
MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.
Threats detected by Samurai XDR are mapped against MITRE ATT&CK to assist the user in better understanding the nature of the activity detected, possible countermeasures and the urgency of response.
Samurai XDR is a vendor-agnostic, cloud native, scalable, API-driven, advanced threat detection, and response platform.
Security Operations, also known as SecOps, is formed from a combination of security and IT operations teams is a highly skilled discipline focused on monitoring and assessing risk and protecting an organization's assets, often operating from a security operations center, or SOC.
A notable event in a Client environment detected and validated via automation or by Security Analysts. Security Incidents may require a response to mitigate or eliminate the identified event. Information related to Security Incidents is communicated to Clients in Security Incident Reports.
Security Incident Report:
A report prepared by Security Analysts or automatically by our systems, that details a Security Incident (compliance or cyber threat) detected in a Client environment. Depending on the service subscribed to, the Security Incident Report may also detail the process taken by NTT’s SOC to investigate the Security Incident, and recommended Client actions.
Severity is the term used to describe the potential magnitude of impact of a detected threat which is presented as an Alert. Severity is presented as Unknown, Low, Medium, High or Critical. For a description of Alert Severity, please see the article on Alerts.
In the context of XDR, Telemetry refers to the data, usually in the form of logs, collected from different security solutions and other sources which is then ingested into Samurai XDR. This includes but is not limited to network, firewall , DNS, email, endpoint, server, and cloud workloads.
Each telemetry source contains different types of activity data. Samurai XDR is able to collect a wide variety telemetry in order to detect and hunt for unknown threats and assist in forensic analysis.
A tenant is the entity used to represent an organization using Samurai XDR. Individual users can be invited to one or more tenants.
Article is closed for comments.