Using Fortanix Data Security Manager with Rapid7 InsightIDR

  • Updated on Mar 12, 2025
  • Published on Jun 27, 2024
  • 2 minute(s) read

1.0 Introduction

This article describes how to integrate Fortanix-Data-Security-Manager (DSM) with Rapid7 insightIDR.

2.0 Rapid7 insightIDR Collector Installation and Deployment

NOTE

Customers who have deployed Rapid7 insightIDR, would most likely have a Syslog Collector configured. In which case, you can skip to Step 2 of Section 2.4: Configure Event Source.

2.1 Download Collector

  1. Click the DATA COLLECTION tab in the Rapid 7 insightIDR user interface (UI) left panel.

    data_collection.png

    Figure 1 : Data Collection

  2. On the Data Collection Management UI, click Setup Collector on the top-right menu and select Download Collector. 

    download_collector.png

    Figure 2: Download Collector

  3. Download either the Windows or Linux version that is appropriate for your environment. 

    download_collector2.png

    Figure 3: Download Windows or Linux Version

  4. The collector must be installed on a host with internet access so that Fortanix DSM can access it. When the installation is complete, create a copy of the Activation Key (Windows) / Agent Key (Linux).  

    copy_collector.png

    Figure 4: Copy Collector Agent

2.2 Install the Collector

  1. On the Data Collection Management UI, click Setup Collector on the top-right menu.

  2. Select Activate Collector and paste in the key obtained from Step 4 of Section 2.1: Download Collector.  

    Activate_collector.png

    Figure 5: Activate Collector

    activate_collector2.png

    Figure 6: Activation Key

2.3 Add an Event Source

  1. On the Data Collection Management UI, click Setup Event Source and select Add Event Source from the drop down menu. 

    Add_event_source.png

    Figure 7: Add Event Source

  2. At the bottom of the Add Event Source page, under Raw Data, select Custom Logs.  

    custom_logs.png

    Figure 8: Custom Logs

2.4 Configure Event Source

  1. To configure the Event Source

    1. Enter the Collector, Event Source Type, Event Source Name, Timezone.

    2. Select Listen on Network Port.

      listen_to_network_port.png

      Figure 9: Listen on Network Port

  2. Enter the following:

    • Port Number

    • Protocol      

    NOTE

    A single collector can be used for multiple sources. So please use a unique port number for each source.

    port_and_protocol.png

    Figure 10: Entering Port Number and Protocol

  3. If TCP is the selected port, you can encrypt the connection using TLS. Select the check box Encrypted.

  4. Select Download Certificate and then click Save.

    TCP.png

    Figure 11 : Download Certificate

                               

3.0 Sending Audit Logs to Syslog

  1. Click the Settings tab in the Fortanix DSM UI.

  2. On the Account settings page, select the LOG MANAGEMENT tab from the left panel.

    log_management.png

    Figure 12: Log Management

  3. In the Custom Log Management Integrations section, click the EDIT CONFIGURATION button for Syslog.  

    Edit_Configuration.png

    Figure 13: Edit Configuration

  4. To edit configuration for Syslog, enter the following:

    1. The hostname of the server where the Rapid7 Collector is installed in Step 4 of Section 2.1: Download Collector.

    2. The customer port used in Step 2 of Section 2.4: Configure Event Source.  

      hostname_of_server.png

      Figure 14: Entering Port Name of Server

  5. If you are using TLS to encrypt the connection between Fortanix DSM and the Rapid7 insightIDR Collector, select the check box Enable TLS.

  6. Select Custom CA Certificate. To do this, upload the CA certificate that was downloaded in Step 4 of Section 2.4: Configure Event Source above using the UPLOAD A FILE.

    enbale_tls.png

    Figure 15: Enable TLS

  7. Click SAVE CHANGES to save the changes.

  8. Go back to the Rapid7 insightIDR

  9. On the top-left menu click EVENT SOURCES to confirm the Collector is capturing events.

    Event_Sources.png

    Figure 16: Event Sources

Related articles