Recent Searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Response Overview

            Modified on Thu, 31 Aug 2023 at 03:06 AM

            What is Response?

            A device integrated with Samurai XDR that performs an action. A Response Integration allows Samurai XDR to signal to the remote device, a set of predefined action(s).

             

            What integrations are available?

            We have pre-built integrations from 3rd party products and services. Select Supported Integrations to view what is available.


            Icon indicates whether the Integration supports Response actions


            You can find the list of supported Response Integrations in the XDR App menu item path:

            Response > Integrations > "Create"



            In the example shown above, you will see the supported Response Integrations are Endpoint Agents (ERD). Hovering over the blue exclamation you will see the Actions available for the integration are: Isolate, Deisolate.


            How do I add a Response Integration?

            From within the Samurai XDR App, navigate to Response > Integrations. Click on the "Createbutton, you will now see a list of available integrations to choose from. Click on the tile with the vendor / device name. A screen will appear where you can add in the relevant parameters to configure this device. A link to the Configuration Guide will be shown on the right of the screen.


            Endpoints

            Now that you have added your Response Integration, you will be able to interact with that device from Samurai XDR.

            If the integration is an endpoint device you will now begin to see all the individual hosts under management, along with status. 

            The following columns will be available for filtering: Isolation Status, Hostname, IP Address, Operating System, EDR Vendor, EDR Product, Response Integration (name)


            To perform an action on a chosen host, select the row and at the far end click on the icon. The example shows a host that has been isolated, can now be Deisolate. If a host is not isolated, the Isolate option will appear.


             

            Status

            Initiating the action to Isolate or Deisolate will be confirmed once the action has been performed by the endpoint agent management console. The time between action from Samurai XDR and execution, e.g. not yet isolated or deisolated, a pending timer icon will be shown under the Isolation status column as shown below. Once the action has been performed, the pending timer icon will disappear.


            Integration Health

            Once you have configured Integrations to bring your logs into Samurai XDR you will also want to make sure that your log sources are healthy.  For more details on how to maintain Integration health and troubleshoot problems, please read our article about Integration Health.

             

             

            Preview
            0 of 0