Azure Key Vault

Version: Azure Key Vault.

Azure Key Vault cloud service offers a secure place to store and access secrets. API keys, passwords, certificates, and cryptographic keys can be managed in Azure key Vault.

The Netsurion Open XDR platform monitors events from Azure Key Vault. To increase the security of sensitive data and gain insights into the operations and usage of Azure Key Vault, Netsurion’s Open XDR platform offers a solution for integrating Azure Key Vault. As a result, potential security threats could be simpler to recognize and address. It triggers alerts whenever an action critical to the service is carried out.

For a new instance, integrate Azure Key Vault with Netsurion’s Open XDR platform by streaming the logs to the Azure Event Hub, and from Azure Event Hub to the Netsurion Open XDR platform using the Function App.
After configuring to deliver events to the Netsurion Open XDR platform, configure the alerts, dashboards, and reports into the Netsurion Open XDR platform.

The following are the key Data Source Integrations available in the Netsurion Open XDR platform.

Alerts

TypeNameDescription
SecurityAzure Key Vault – Delete/update activity detectedThis alert is triggered whenever a deleting or updating activities related to the Azure Key Vault is detected.
SecurityAzure Key Vault – Potential brute force detectedThis alert is triggered whenever an unauthorized access to the Azure Key vault is detected.
SecurityAzure key Vault – Policy change detectedThis alert is triggered whenever a modification to policy configuration to Azure Key Vault is observed.
SecurityAzure key Vault – Suspicious activities detectedThis alert is triggered whenever any suspicious events are identified on Azure Key Vault.

Reports

TypeNameDescription
SecurityAzure Key Vault – Activities overviewThis report contains information related to all activities concerning the Azure Key Vault service.

Dashboards

TypeNameDescription
SecurityAzure Key Vault – Unauthorized events by source IPThis dashlet displays the source IP of the unauthorized events occurred on Azure Key Vault.
SecurityAzure Key Vault – Activities overviewThis dashlet displays the different activities that occurred on Azure Key Vault.
SecurityAzure Key Vault – Http response methodsThis dashlet displays the Http response methods of the request accessing Azure Key Vault.

Saved Search

TypeNameDescription
SecurityAzure Key Vault – Activities overviewThis saved search allows parsing events that are specific to the activities detected by Azure Key Vault.

Documentation

The configuration details are consistent with the Netsurion Open XDR platform version 9.3 and later, and Azure Key Vault.

Download the Integration Guide for configuration instructions and more information.