Azure Key Vault
Version: Azure Key Vault.
Azure Key Vault cloud service offers a secure place to store and access secrets. API keys, passwords, certificates, and cryptographic keys can be managed in Azure key Vault.
The Netsurion Open XDR platform monitors events from Azure Key Vault. To increase the security of sensitive data and gain insights into the operations and usage of Azure Key Vault, Netsurion’s Open XDR platform offers a solution for integrating Azure Key Vault. As a result, potential security threats could be simpler to recognize and address. It triggers alerts whenever an action critical to the service is carried out.
For a new instance, integrate Azure Key Vault with Netsurion’s Open XDR platform by streaming the logs to the Azure Event Hub, and from Azure Event Hub to the Netsurion Open XDR platform using the Function App.
After configuring to deliver events to the Netsurion Open XDR platform, configure the alerts, dashboards, and reports into the Netsurion Open XDR platform.
The following are the key Data Source Integrations available in the Netsurion Open XDR platform.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | Azure Key Vault – Delete/update activity detected | This alert is triggered whenever a deleting or updating activities related to the Azure Key Vault is detected. |
| Security | Azure Key Vault – Potential brute force detected | This alert is triggered whenever an unauthorized access to the Azure Key vault is detected. |
| Security | Azure key Vault – Policy change detected | This alert is triggered whenever a modification to policy configuration to Azure Key Vault is observed. |
| Security | Azure key Vault – Suspicious activities detected | This alert is triggered whenever any suspicious events are identified on Azure Key Vault. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | Azure Key Vault – Activities overview | This report contains information related to all activities concerning the Azure Key Vault service. |
Dashboards
| Type | Name | Description |
|---|---|---|
| Security | Azure Key Vault – Unauthorized events by source IP | This dashlet displays the source IP of the unauthorized events occurred on Azure Key Vault. |
| Security | Azure Key Vault – Activities overview | This dashlet displays the different activities that occurred on Azure Key Vault. |
| Security | Azure Key Vault – Http response methods | This dashlet displays the Http response methods of the request accessing Azure Key Vault. |
Saved Search
| Type | Name | Description |
|---|---|---|
| Security | Azure Key Vault – Activities overview | This saved search allows parsing events that are specific to the activities detected by Azure Key Vault. |
Documentation
The configuration details are consistent with the Netsurion Open XDR platform version 9.3 and later, and Azure Key Vault.
Download the Integration Guide for configuration instructions and more information.