Using Fortanix Data Security Manager with Rapid7 InsightIDR

1.0 Introduction

This article describes how to integrate Fortanix-Data-Security-Manager (DSM) with Rapid7 insightIDR.

2.0 Rapid7 insightIDR Collector Installation and Deployment

2.1 Download Collector

1. Click the DATA COLLECTION tab in the Rapid 7 insightIDR user interface (UI) left panel.

   

2. On the Data Collection Management UI, click Setup Collector on the top-right menu and select Download Collector. 

   

3. Download either the Windows or Linux version that is appropriate for your environment. 

   

4. The collector must be installed on a host with internet access so that Fortanix DSM can access it. When the installation is complete, create a copy of the Activation Key (Windows) / Agent Key (Linux).  

   

2.2 Install the Collector

1. On the Data Collection Management UI, click Setup Collector on the top-right menu.

2. Select Activate Collector and paste in the key obtained from Step 4 of Section 2.1: Download Collector.  

   

   

2.3 Add an Event Source

1. On the Data Collection Management UI, click Setup Event Source and select Add Event Source from the drop down menu. 

   

2. At the bottom of the Add Event Source page, under Raw Data, select Custom Logs.  

   

2.4 Configure Event Source

1. To configure the Event Source

   1. Enter the Collector, Event Source Type, Event Source Name, Timezone.

   2. Select Listen on Network Port.

      

2. Enter the following:

   • Port Number

   • Protocol      

   NOTE

   A single collector can be used for multiple sources. So please use a unique port number for each source.

   

3. If TCP is the selected port, you can encrypt the connection using TLS. Select the check box Encrypted.

4. Select Download Certificate and then click Save.

   

                              

3.0 Sending Audit Logs to Syslog

1. Click the Settings tab in the Fortanix DSM UI.

2. On the Account settings page, select the LOG MANAGEMENT tab from the left panel.

   

3. In the Custom Log Management Integrations section, click the EDIT CONFIGURATION button for Syslog.  

   

4. To edit configuration for Syslog, enter the following:

   1. The hostname of the server where the Rapid7 Collector is installed in Step 4 of Section 2.1: Download Collector.

   2. The customer port used in Step 2 of Section 2.4: Configure Event Source.  

      

5. If you are using TLS to encrypt the connection between Fortanix DSM and the Rapid7 insightIDR Collector, select the check box Enable TLS.

6. Select Custom CA Certificate. To do this, upload the CA certificate that was downloaded in Step 4 of Section 2.4: Configure Event Source above using the UPLOAD A FILE.

   

7. Click SAVE CHANGES to save the changes.

8. Go back to the Rapid7 insightIDR

9. On the top-left menu click EVENT SOURCES to confirm the Collector is capturing events.