¶
About¶
CipherTrust Manager offers the industry leading enterprise key management solution enabling organizations to centrally manage encryption keys, provide granular access control and configure security policies.
Product Details¶
Vendor URL: CipherTrust Manager
Product Type: Key Management
Product Tier: Tier III
Integration Method: Syslog
Integration URL: None Available
Log Guide: CipherTrust Manager Administration
Parser Details¶
Log Format: Syslog, JSON
Expected Normalization Rate: 90%
Data Label: CIPHERTRUST_MANAGER
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| message | metadata.product_event_type |
| Thales | metadata.vendor_name |
| CipherTrust Manager | metadata.product_name |
| hostname | principal.hostname |
| client_ip | principal.ip |
| client_id | principal.resource.product_object_id |
| client_type | principal.resource.resource_subtype |
| acct, account | principal.user.userid |
| acct, account | principal.user.user_display_name |
| usr_group | principal.user.group_identifiers |
| application | src.application |
| src, hostname | src.hostname |
| acct, account | src.user.userid |
| acct, account | src.user.user_display_name |
| src_port | src.port |
| id | src.process.parent_pid |
| requestId | src.process.pid |
| auth_domain | src.administrative_domain |
| domain_id | src.resource.id |
| feature | src.resource.name |
| hostname | observer.hostname |
| ALLOW, FAIL | security_result.action |
| errorMessage | security_result.action_details |
| severity | security_result.severity |
| refresh_token_id | target.resource.name |
Product Event Types¶
| Event | UDM Event Classification |
|---|---|
| Create Token | RESOURCE_CREATION |
| Update License Usage | STATUS_UPDATE |
| all others | GENERIC_EVENT |
Log Sample¶
<134>1 2024-03-01T02:13:04.091241Z HOSTNAME CipherTrust_Manager dmv Server_Audit - {"principal":{"acct":"userid"},"message":"Update License Usage","domain_id":"00000000-0000-0000-0000-000000000000","details":{"domain":"domain","feature":"DDC_DATA_ALLOWANCE","usage":0},"account":"src_userid","id":"b70c2e16-da63-408e-b994-d2608871f859","source":"HOSTNAME","severity":"info","requestId":"f33181aa-62cb-4ef5-94bc-873fc1dd1b15","service":"dmv","success":true}
Sample Parsing¶
metadata.product_event_type = "Update License Usage"
metadata.product_name = "CipherTrust Manager"
metadata.vendor_name = "Thales"
observer.hostname = "HOSTNAME"
principal.hostname = "HOSTNAME"
principal.user.userid = "userid"
security_result.action = "ALLOW"
security_result.severity = "INFORMATIONAL"
src.administrative_domain = "domain"
src.application = "CipherTrust_Manager"
src.hostname = "HOSTNAME"
src.process.parent_pid = "b70c2e16-da63-408e-b994-d2608871f859"
src.process.pid = "f33181aa-62cb-4ef5-94bc-873fc1dd1b15"
src.resource.attribute.labels.key = "usage"
src.resource.attribute.labels.value = "0"
src.resource.id = "00000000-0000-0000-0000-000000000000"
src.resource.name = "DDC_DATA_ALLOWANCE"
src.user.userid = "src_userid"
Rules¶
Coming Soon