1.0 Introduction
This document describes how to integrate Fortanix Data Security Manager (DSM) with Sumo Logic (SIEM) on Windows Server.
2.0 Terminology
Data Security Manager is the cloud solution secured with Intel® SGX. With Fortanix DSM, you can securely generate, store, and use cryptographic keys and certificates, as well as secrets, such as passwords, API keys, tokens, or any blob of data.
- Sumo Logic
Sumo Logic is a security information and event management (SIEM) solution that provides security analysts with enhanced visibility across the enterprise to thoroughly understand the impact and context of an attack. Sumo Logic offers streamlined workflows that automatically triage alerts to maximize security analyst efficiency and focus.
3.0 Download and Install Sumo Logic Collector in Windows
3.1 System Requirements
System requirements for Windows:
- Windows 7, 32 or 64 bit
- Windows 8, 32 or 64 bit
- Windows 8.1, 32 or 64 bit
- Windows 10, 32 or 64 bit
- Windows Server 2012
- Windows Server 2016
- Windows Server 2019
- Single core, 512MB RAM
- 8GB disk space
- Package installers require TLS 1.2 or higher
3.2 Download the Collector
Download the collector in one of the following ways:
- In Sumo Logic, select Manage Data -> Collection -> Collection. Click Add Collector, click Installed Collector, and then click the link for the collector to begin the download.
- Open a browser and enter the static URL for your pod. The collector begins to download. See Download a Collector from a Static URL for a list of URLs for your deployment pod.
3.3 Generate Access Keys
To generate access keys:
- On the user interface (UI) click Profile -> Preferences -> Add Access Key.
Figure 1: Add Access Key - Enter a name for the key and click Create Key.
Figure 2: Create Access Key
For more details, refer to the article Access Keys.
3.4 Install the Connector
You can choose one of the following methods to install the Collector:
- UI installer (This method does not support all advanced settings)
To install the connecter using UI installer:
- Extract the zip file you downloaded in Section 3.2.
- Right click on the .EXE file and click Run.
- Enter your admin username and password if prompted.
- Click Next and when prompted enter a name for the collector.
Figure 3: Enter Collector Name
- When prompted to select URL, select Override the Default URL and enter the Fortanix DSM URL (amer.smartkey.io).
Figure 4: Enter the URL
- When prompted enter the Access Key and Key ID generated in Section 3.3.
- Keep clicking Next and click Finish when the installation is complete.
- Command line installer
The easiest and fastest way to install the connector is by using the command line installer. To install the connector using the command line installer:- From the command prompt, run the downloaded
EXE
file with the parameters that you want to configure. See Parameters for the Command Line Installer for a description of the parameters. - When you see the
Finishing installation...
message, close the command prompt window. The installation is complete.
To learn more about installing a collector on Windows, refer to the article Install a Collector on Windows.
Once the collector is installed, it appears under Manage -> Collection.
Figure 5: Collector Appears in Sumo Logic
3.5 Configure Syslog Server on Windows
3.5.1 Configure Syslog Server on Sumo Logic
- Click Manage Data -> Collection.
- Click Edit next to Syslog Server.
- Select Protocol as TCP, Port as 514, leave the rest of the settings as default, and then click Save.
Figure 6: Configure the Connector in Sumo Logic
3.5.2 Configure Syslog Server on Fortanix DSM
- Log in to the Fortanix DSM URL: https://<FORTANIX_DSM_URL>
- Click Settings -> Log Managements.
- Click Syslog.
Figure 7: Configure the Connector in Fortanix DSM - Click Edit Configuration and update the Host IP. Host IP is the server where you have installed the Sumo Collector.
Figure 8: Edit Syslog Server Configuration in Fortanix DSM
3.6 View Audit Logs on Sumo Logic
Once all the above steps are completed, you can see all the audit logs in the Sumo Logic Screen.
Figure 9: View Audit Logs in Sumo LogicYou can further customize the data and chart by writing a query on the search bar. For example:
_sourceCategory="Fortanix" and _collector="sumologictest" |
logreduce
| timeslice 1h
| count by _timeslice
| order by _timeslice - From the command prompt, run the downloaded
Comments
Please sign in to leave a comment.