What is an Integration?
A data source integrated with Samurai XDR. An integration allows us to collect and ingest telemetry data from multiple sources, including network, endpoint and cloud.
What integrations are available?
We have pre-built integrations to a comprehensive array of 3rd party products and services. Select Supported Integrations to view what is available.
For syslog sources, even if events do not match a supported Integration, we will still ingest events into our data lake as a Generic Log Source. You will still be able to process this data using Advanced Query, and include events from generic log sources in hunts.
How do I integrate data sources?
Select Integration for steps that can be taken with integrations within the Samurai XDR application.
How do I know if my integration is sending telemetry to Samurai XDR?
If your integration is utilizing a Local Collector, firstly make sure it's running as expected.
Check the Collector Health. This is a status that is shown in the Collector navigation item in the XDR Application (Offline, Unavailable, Healthy, Not-Healthy, Provisioning).
Refer to Samurai XDR Local Collector for more information and how to deploy a local Collector or view status.
Once you have confirmed that the Local Collector is Healthy (communicating with the Samurai XDR), check that the Integration is also successfully deployed. From the Collectors page (applicable to both Local Collectors and Cloud Collector) you can expand deployed integrations to view their state of health, alternatively, navigate to the Integrations page. In both cases you will see a column called 'Last Event Seen'. This column provides a timestamp of the last received event. At the Collector level - for multiple integrations, or at the Integration level - for a specific device.
If for some reason, the Integration is not healthy (e.g. not Green), then run through the Integration guide for your specific device and confirm there are no other controls blocking the traffic to the Local Collector or Cloud Collector.
Upon completion of your integrations, the platform will start collecting and ingesting telemetry data, you should now start to review any alerts that are generated. To find out more about alerts see Alerts Management Overview