If you are new to integrations, you should review Integrations OverviewCreating a telemetry integration
- From your Samurai XDR application tenant select Telemetry >Integrations from the main menu
- Click Create
- The Create Integrations widget is displayed, select the product you wish to integrate with Samurai XDR
- Click Next. Dependent on how we collect telemetry, the product may be integrated via a Cloud Collector or Secure Syslog Collector. Follow the steps based on the Collector type. The Collector type is automatically assigned based on the device, this may be Cloud, or Secure Syslog.
You can see the type of integrations deployed in Telemetry > Collectors
Viewing an Integration
The most direct method to view Integrations is from Telemetry >Integrations
Integration fields
In this screen the table will show the integration with multiple fields:
- Vendor: vendor name of the product
- Product: product name
- Type: integration type used to gather or ingest telemetry. Potential entries you could see here include:
- Log: displayed when a telemetry source sends logs (typically via syslog).
- Cloud: displayed when we leverage an API from a Samurai XDR cloud collector to gather telemetry
- Name: integration name you provided during configuration
- Collector: the collector name associated with the integration
- Hostname: hostname of the integrated telemetry source derived from the logs
- Description: an optional description you provided during integration configuration
- Last Event Seen: the last event seen from the telemetry source in the format [yyyy:mm:dd], [hh:mm:ss] with time represented in Universal Time Coordinated (UTC).
- Created: date and time of integration creation in the format [yyyy:mm:dd], [hh:mm:ss] with time represented in Universal Time Coordinated (UTC).
A single product integration may be displayed multiple times based on telemetry data ingested. For example, Microsoft 356 will show all the products registered to receive telemetry.
View an Integration Configuration
In the same screen, you can also view the configuration of the integration:
- Selecting Telemetry > Integrations in the main menu on the left of the screen
- Select a row, navigate to the far right of the screen.
- To see what actions you can perform, clicking on
icon - A menu item will appear. Depending on the integration collector type, you will be presented with the following:
- Log >"Delete Integration". The Secure Syslog configuration has no details.
- Cloud > "Delete Integration | View Integration"
Delete an Integration
If you delete an integration, it cannot be reversed! however events from the telemetry source will remain within Samurai XDR. However, if the integration is auto-detected, it will reappear as type log if your telemetry source remains sending logs.
There are two methods to delete an Integration.
You can complete the delete configuration from the Integrations menu item:
- Select Telemetry > Integrations in the main menu
- Find your integrated product
- Select Delete Configuration by clicking on (more options)
Alternatively, you can delete an integration associated with a specific Collector.
- From your Samurai XDR application select Telemetry > Collectors
- Select the relevant collector from your list
- You will now see all integrations associated with the collector
- On the right hand side of the relevant integration, click on
(more options) and select Delete Integration
- The following warning will appear: 'Warning: This is a destructive action and cannot be reversed.'. To ensure you intended to delete the integration you will need to type in the highlighted 'Integration's Hostname' and select Delete Integration
The Delete Integration screen as shown above is the same whether you navigate from Telemetry >Collectors or Telemetry>Integrations