1.0 Introduction
This article describes how to integrate Fortanix Data Security Manager (DSM) with Rapid7 InsightIDR.
2.0 Rapid7 InsightIDR Collector Installation and Deployment
2.1 Download Collector
-
- Click the DATA COLLECTION tab in the Rapid 7 InsightIDR UI left panel.
Figure 1 : Data Collection
- Click the DATA COLLECTION tab in the Rapid 7 InsightIDR UI left panel.
- On the Data Collection Management UI, click Setup Collector on the top-right menu and select Download Collector.
Figure 2: Download Collector - Download either the Windows or Linux version that is appropriate for your environment.
Figure 3: Download Windows or Linux Version - The collector must be installed on a host with internet access so that Fortanix DSM can access it. When the installation is complete, create a copy of the Activation Key (Windows) / Agent Key (Linux).
Figure 4: Copy Collector Agent
2.2 Install the Collector
- On the Data Collection Management UI, click Setup Collector on the top-right menu.
- Select Activate Collector and paste in the key obtained from Step 4 of Section 2.1.
Figure 5: Activate Collector
Figure 6: Activation Key
2.3 Add an Event Source
- On the Data Collection Management UI, click Setup Event Source and select Add Event Source from the drop down menu .
Figure 7: Add Event Source - At the bottom of the Add Event Source page, under Raw Data, select Custom Logs.
Figure 8: Custom Logs
2.4 Configure Event Source
- To configure the Event Source
-
- Enter the Collector, Event Source Type, Event Source Name, Timezone
- Select Listen on Network Port.
-
Figure 9: Listen on Network Port
2. Enter the following
-
-
- Port Number
- Protocol
-
Figure 10: Entering Port Number and Protocol
3. If TCP is the selected port, you can encrypt the connection using TLS. Select the check box Encrypted.
4. Select Download Certificate and then click Save.
Figure 11 : Download Certificate
3.0 Sending Audit Logs to Syslog
- Click the Settings tab in the Fortanix DSM UI.
- On the Account settings page, select the LOG MANAGEMENT tab from the left panel.
Figure 12: Log Management - In the Custom Log Management Integrations section, click the EDIT CONFIGURATION button for Syslog.
Figure 13: Edit Configuration - To edit configuration for Syslog, enter the following:
- The hostname of the server where the Rapid7 Collector is installed in Step 4 of Section 2.1
- The customer port used in Step 2 of Section 2.4.
Figure 14:Entering Port Name of Server
- If you are using TLS to encrypt the connection between Fortanix DSM and the Rapid7 InsightIDR Collector, select the check box Enable TLS.
- Select Custom CA Certificate. To do this, upload the CA certificate that was downloaded in Step 4 of Section 2.4 above using the UPLOAD A FILE.
Figure 15:Enable TLS - Click SAVE CHANGES to save the changes.
- Go back to the Rapid7 InsightIDR
- On the top-left menu click EVENT SOURCES to confirm the Collector is capturing events.
Figure 16:Event Sources
Comments
Please sign in to leave a comment.