Using Fortanix Data Security Manager with Rapid7 InsightIDR

1.0 Introduction

This article describes how to integrate Fortanix Data Security Manager (DSM) with Rapid7 InsightIDR.

2.0 Rapid7 InsightIDR Collector Installation and Deployment

NOTE
Customers who have deployed Rapid7 InsightIDR, would most likely have a Syslog Collector configured. In which case, you can skip to Step 2 of Section 2.4.

2.1 Download Collector

    1. Click the DATA COLLECTION tab in the Rapid 7 InsightIDR UI left panel.data_collection.png
                                                       Figure 1 : Data Collection
  1. On the Data Collection Management UI, click Setup Collector on the top-right menu and select Download Collector.download_collector.png
    Figure 2: Download Collector
  2. Download either the Windows or Linux version that is appropriate for your environment.download_collector2.png
    Figure 3: Download Windows or Linux Version
  3. The collector must be installed on a host with internet access so that Fortanix DSM can access it. When the installation is complete, create a copy of the Activation Key (Windows) / Agent Key (Linux). copy_collector.png
    Figure 4: Copy Collector Agent

2.2 Install the Collector

  1. On the Data Collection Management UI, click Setup Collector on the top-right menu.
  2. Select Activate Collector and paste in the key obtained from Step 4 of Section 2.1. Activate_collector.png
    Figure 5: Activate Collector activate_collector2.png
    Figure 6: Activation Key

2.3 Add an Event Source

  1. On the Data Collection Management UI, click Setup Event Source and select Add Event Source from the drop down menu .Add_event_source.png
    Figure 7: Add Event Source
  2. At the bottom of the Add Event Source page, under Raw Data, select Custom Logs. custom_logs.png
    Figure 8: Custom Logs

2.4 Configure Event Source

  1. To configure the Event Source
      1. Enter the Collector, Event Source Type, Event Source Name, Timezone
      2. Select Listen on Network Port.

listen_to_network_port.pngFigure 9: Listen on Network Port

2.  Enter the following

      • Port Number 
      • Protocol       
NOTE
A single collector can be used for multiple sources. So please use a unique port number for each source.

port_and_protocol.png
Figure 10: Entering Port Number and Protocol

3. If TCP is the selected port, you can encrypt the connection using TLS. Select the check box Encrypted.

4. Select Download Certificate and then click Save.     

TCP.png
                                               Figure 11 : Download Certificate

3.0 Sending Audit Logs to Syslog

  1. Click the Settings tab in the Fortanix DSM UI.
  2. On the Account settings page, select the LOG MANAGEMENT tab from the left panel.log_management.png
    Figure 12: Log Management
  3. In the Custom Log Management Integrations section, click the EDIT CONFIGURATION button for Syslog. Edit_Configuration.png
    Figure 13: Edit Configuration
  4. To edit configuration for Syslog, enter the following:
    1. The hostname of the server where the Rapid7 Collector is installed in Step 4 of Section 2.1
    2. The customer port used in Step 2 of Section 2.4. hostname_of_server.png
      Figure 14:Entering Port Name of Server
  5. If you are using TLS to encrypt the connection between Fortanix DSM and the Rapid7 InsightIDR Collector, select the check box Enable TLS.
  6. Select Custom CA Certificate. To do this, upload the CA certificate that was downloaded in Step 4 of Section 2.4 above using the UPLOAD A FILE.enbale_tls.png
    Figure 15:Enable TLS
  7. Click SAVE CHANGES to save the changes.
  8. Go back to the Rapid7 InsightIDR
  9. On the top-left menu click EVENT SOURCES to confirm the Collector is capturing events.Event_Sources.png
    Figure 16:Event Sources

Comments

Please sign in to leave a comment.

Was this article helpful?
0 out of 0 found this helpful