Fortanix DSM with Rapid7 InsightIDR

  • Updated on May 26, 2026
  • Published on Jun 27, 2024
  • 3 minute(s) read
Prev Next

1.0 Introduction

This article describes how to integrate Fortanix-Data-Security-Manager (DSM) with Rapid7 insightIDR.

2.0 Rapid7 insightIDR Collector Installation and Deployment

NOTE

Customers who have deployed Rapid7 InsightIDR likely already have a Syslog Collector configured. In that case, you can skip to Step 2 of Section 2.4: Configure Event Source.

2.1 Download Collector

Perform the following steps to download the collector agent:

  1. Click the DATA COLLECTION tab in the Rapid 7 insightIDR user interface (UI) left panel.

    data_collection.png

    Figure 1: Data collection

  2. On the Data Collection Management UI, click Setup Collector on the top-right menu and select Download Collector. 

    download_collector.png

    Figure 2: Download collector

  3. Download either the Windows or Linux version that is appropriate for your environment. 

    download_collector2.png

    Figure 3: Download Windows or Linux version

  4. The collector must be installed on a host with internet access so that Fortanix DSM can access it. When the installation is complete, create a copy of the Activation Key (Windows) / Agent Key (Linux).

    copy_collector.png

    Figure 4: Copy collector agent

2.2 Install the Collector

Perform the following steps to install and activate the collector:

  1. On the Data Collection Management UI, click Setup Collector on the top-right menu.

  2. Select Activate Collector and paste in the key obtained from Step 4 of Section 2.1: Download Collector.

    Activate_collector.png

    Figure 5: Activate collector

    activate_collector2.png

    Figure 6: Activation key

2.3 Add an Event Source

Perform the following steps to add an event source to the collector:

  1. On the Data Collection Management UI, click Setup Event Source and select Add Event Source from the drop down menu. 

    Add_event_source.png

    Figure 7: Add event source

  2. At the bottom of the Add Event Source page, under Raw Data, select Custom Logs.

    custom_logs.png

    Figure 8: Custom logs

2.4 Configure Event Source

Perform the following steps to configure the event source for log collection:

  1. Enter the Collector, Event Source Type, Event Source Name, Timezone.

  2. Select Listen on Network Port.

    listen_to_network_port.png

    Figure 9: Listen on network port

  3. Enter the following:

    • Port Number

    • Protocol

    NOTE

    A single collector can be used for multiple sources. So please use a unique port number for each source.

    port_and_protocol.png

    Figure 10: Entering port number and protocol

  4. If TCP is the selected port, you can encrypt the connection using TLS. Select the check box Encrypted.

  5. Select Download Certificate and then click Save.

    TCP.png

    Figure 11 : Download certificate

3.0 Sending Audit Logs to Syslog

You can configure Fortanix DSM to send audit log entries to the Syslog server.

Perform the following steps to configure logging events to the Syslog:

  1. In the Custom Log Management Integrations section, click EDIT INTEGRATION for Syslog.

  2. On the Syslog Log Management Integration form:

    • Host: Enter the hostname or IP address of your Syslog server.

    • Enable TLS: Select this check box to communicate with the Syslog server over a secure connection using TLS.

      • Host validation: The Validate host option, if selected, ensures that the hostname or IP address you entered matches the hostname on the server certificate, verifying that the connection is securely directed to the intended server.

      • Validate certificate: You can connect to the Syslog server over a non-secure connection or a secure TLS connection.

        • Global Root CAs: Use this certificate if you are using a certificate that is signed by a well-known public Certificate Authority (CA).

        • Custom CA Certificate: Use this certificate if you, as an enterprise, want to self-sign the certificate using your own internal CA.

          Click UPLOAD A FILE to upload the CA certificate. When Fortanix DSM, as a client, connects to the Splunk server and is presented with the server’s certificate, it validates the connection using the enrolled custom CA Certificate.

    • Port (TCP): Enter the port number for the Syslog service. The default is port 514, or if you are using a different port, update the port number accordingly.

    • Facility: When you log an event in Syslog, you can choose to log it in different facilities. Use this setting to filter logs by a specific facility, such as User, Local0, Local1, and others that are well-defined in the Syslog protocol. For example, configure Fortanix DSM to use the Local0 facility to easily filter logs from a specific appliance.

    • Use FQDN hostname: This check box is selected by default. When enabled, the DSM cluster’s FQDN is used as the hostname in Syslog log entries, enabling identification of the source cluster in multi-cluster environments.

    Figure 7: Syslog integration form

  3. Click SAVE to update the Syslog integration.

  4. Go back to the Rapid7 insightIDR UI.

  5. On the top-left menu click EVENT SOURCES to confirm the Collector is capturing events.

    Event_Sources.png

    Figure 13: Event sources

Related articles

Platform
Fortanix Armor
Armet AI Key Insight Data Security Manager Confidential Computing Manager
Open Source Platform
Enclave Development Platform®

Solutions
Use Cases
Legacy to Cloud Infrastructure Migration Regulatory Compliance Post-Quantum Readiness Secure, Data-Driven Innovation
Industry
Healthcare Banking & Financial Services Fintech Manufacturing Federal Government

Company
About Us Partners Careers Confidential Computing University Blog FAQ Contact Us Awards Events Webinars Press News Services Media Kit Newsletters

Customers

Resources

Support
Fortanix-logo

4.6

star-ratings

As of August 2025

Request a Demo