1. Fortanix
  2. Fortanix Data Security Manager (DSM)
  3. Integration / Use-case
  4. Log Management/SIEM

Using Fortanix DSM with Sumo Logic (SIEM) Integration Guide for Windows Server

Last Updated: 

1.0 Introduction 

This document describes how to integrate Fortanix Data Security Manager (DSM) with Sumo Logic (SIEM) on Windows Server. 

2.0 Terminology

Data Security Manager is the cloud solution secured with Intel® SGX. With Fortanix DSM, you can securely generate, store, and use cryptographic keys and certificates, as well as secrets, such as passwords, API keys, tokens, or any blob of data. 

  • Sumo Logic 

Sumo Logic is a security information and event management (SIEM) solution that provides security analysts with enhanced visibility across the enterprise to thoroughly understand the impact and context of an attack. Sumo Logic offers streamlined workflows that automatically triage alerts to maximize security analyst efficiency and focus. 

3.0 Download and Install Sumo Logic Collector in Windows 

3.1 System Requirements

 System requirements for Windows: 

  • Windows 7, 32 or 64 bit 
  • Windows 8, 32 or 64 bit 
  • Windows 8.1, 32 or 64 bit 
  • Windows 10, 32 or 64 bit 
  • Windows Server 2012 
  • Windows Server 2016 
  • Windows Server 2019 
  • Single core, 512MB RAM 
  • 8GB disk space 
  • Package installers require TLS 1.2 or higher

3.2 Download the Collector 

Download the collector in one of the following ways:  

  • In Sumo Logic, select Manage Data -> Collection -> Collection. Click Add Collector, click Installed Collector, and then click the link for the collector to begin the download. 

3.3 Generate Access Keys

To generate access keys: 

  1. On the user interface (UI) click Profile -> Preferences -> Add Access Key 
    Add_Access_Key.png
     Figure 1: Add Access Key
  2. Enter a name for the key and click Create Key. 
    Create_Access_Key.png    Figure 2: Create Access Key

For more details, refer to the article Access Keys.  

3.4 Install the Connector 

You can choose one of the following methods to install the Collector: 

  • UI installer(This method does not support all advanced settings) 

    To install the connecter using UI installer:

    1. Extract the zip file you downloaded in Section 3.2.
    2. Right click on the .EXE file and click Run.
    3. Enter your admin username and password if prompted.
    4. Click Next and when prompted enter a name for the collector.
      Enter_Collector_Name.png Figure 3: Enter Collector Name
    5. When prompted to select URL, select Override the Default URL and enter the Fortanix DSM URL (amer.smartkey.io).
      Enter_the_URL.png Figure 4: Enter the URL
    6. When prompted enter the Access Key and Key ID generated in Section 3.3.
    7. Keep clicking Next and click Finish when the installation is complete.
  • Command line installer
    The easiest and fastest way to install the connector is by using the command line installer. To install the connector using the command line installer:
    1. From the command prompt, run the downloaded EXE file with the parameters that you want to configure. See Parameters for the Command Line Installer for a description of the parameters.
    2. When you see the Finishing installation... message, close the command prompt window. The installation is complete.
    NOTE 
    1. The -console parameter is required to display output messages from the installation.
    2. For Powershell Users: When using quiet mode installation on Windows with Microsoft PowerShell, the parameters following -console -q must be escaped with quotes, for example:
    SumoCollector.exe -console -q "-Vsumo.accessid=<accessId>" "-Vsumo.accesskey=<accessKey>" "-Vsources=<filepath>"

    To learn more about installing a collector on Windows, refer to the article Install a Collector on Windows. 

    Once the collector is installed, it appears under Manage -> Collection.

    Collector_Appears_in_Sumo_Logic.png

    Figure 5: Collector Appears in Sumo Logic

    3.5 Configure Syslog Server on Windows 

    3.5.1 Configure Syslog Server on Sumo Logic 

    1. Click Manage Data -> Collection. 
    2. Click Edit next to Syslog Server. 
    3. Select Protocol as TCP, Port as 514, leave the rest of the settings as default, and then click Save. 
      Configure_the_Connector_in_Sumo_Logic.png
      Figure 6: Configure the Connector in Sumo Logic

    3.5.2 Configure Syslog Server on Fortanix DSM 

    1. Log in to https://www.sdkms.fortanix.com 
    2. Click Settings -> Log Managements. 
    3. Click Syslog. 
      Configure_the_Connector_in_Fortanix_DSM.png
      Figure 7: Configure the Connector in Fortanix DSM
    4. Click Edit Configuration and update the Host IP. Host IP is the server where you have installed the Sumo Collector.  
      Edit_Connector_Configuration_in_Fortanix_DSM.png
      Figure 8: Edit Syslog Server Configuration in Fortanix DSM

    3.6 View Audit Logs on Sumo Logic

    Once all the above steps are completed, you can see all the audit logs in the Sumo Logic Screen. 
    View_Audit_Logs_in_Sumo_Logic.png
    Figure 9: View Audit Logs in Sumo Logic

    You can further customize the data and chart by writing a query on the search bar. For example: 

    _sourceCategory="Fortanix" and _collector="sumologictest" |
    logreduce
    | timeslice 1h
    | count by _timeslice
    | order by _timeslice

Comments

Please sign in to leave a comment.

Was this article helpful?
0 out of 0 found this helpful