Azure Key Vault
Version: Azure Key Vault.
Azure Key Vault cloud service offers a secure place to store and access secrets. API keys, passwords, certificates, and cryptographic keys can be managed in Azure key Vault.
Netsurion Open XDR monitors events from Azure Key Vault. To increase the security of sensitive data and gain insights into the operations and usage of Azure Key Vault, Netsurion Open XDR offers a solution for integrating Azure Key Vault. As a result, potential security threats could be simpler to recognize and address. It triggers alerts whenever an action critical to the service is carried out.
For a new instance, integrate Azure Key Vault with Netsurion Open XDR by streaming the logs to the Azure Event Hub, and from Azure Event Hub to the Netsurion Open XDR using the Function App.
After configuring to deliver events to the Netsurion Open XDR, configure the alerts, dashboards, and reports into the Netsurion Open XDR.
The following are the key Data Source Integration available in Netsurion Open XDR.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | Azure Key Vault – Delete/update activity detected | This alert is triggered whenever a deleting or updating activities related to the Azure Key Vault is detected. |
| Security | Azure Key Vault – Potential brute force detected | This alert is triggered whenever an unauthorized access to the Azure Key vault is detected. |
| Security | Azure key Vault – Policy change detected | This alert is triggered whenever a modification to policy configuration to Azure Key Vault is observed. |
| Security | Azure key Vault – Suspicious activities detected | This alert is triggered whenever any suspicious events are identified on Azure Key Vault. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | Azure Key Vault – Activities overview | This report contains information related to all activities concerning the Azure Key Vault service. |
Dashboards
| Type | Name | Description |
|---|---|---|
| Security | Azure Key Vault – Unauthorized events by source IP | This dashlet displays the source IP of the unauthorized events occurred on Azure Key Vault. |
| Security | Azure Key Vault – Activities overview | This dashlet displays the different activities that occurred on Azure Key Vault. |
| Security | Azure Key Vault – Http response methods | This dashlet displays the Http response methods of the request accessing Azure Key Vault. |
Saved Search
| Type | Name | Description |
|---|---|---|
| Security | Azure Key Vault – Activities overview | This saved search allows parsing events that are specific to the activities detected by Azure Key Vault. |
Documentation
The configuration details are consistent with Netsurion Open XDR 9.3 and later, and Azure Key Vault.
Download the Integration Guide for configuration instructions and more information.