Skip to content

Entrust nShield HSM

Entrust

About

Entrust nShield HSM provides a secure solution for generating encryption and signing keys, creating digital signatures, encrypting data and more.

Product Details

Vendor URL: Entrust

Product Type: nSaaS

Product Tier: Tier III

Integration Method: Syslog

Integration URL: n/a

Log Guide: n/a

Parser Details

Log Format: Syslog

Expected Normalization Rate: near 100%

Data Label: ENTRUST_HSM

UDM Fields (list of all UDM fields leveraged in the Parser):

Log File Field UDM Field
body metadata.description
message_type metadata.product_event_type
threadId principal.process.pid
app principal.application
domain observer.administrative_domain
observer observer.hostname
observer principal.hostname
ip principal.ip
port principal.port
http_method network.http.method
response_code network.http.response_code
user_agent network.http.user_agent
target_url target.url
threadId security_result.about.application
severity security_result.severity_details
severity security_result.severity

Product Event Types

Event UDM Event Classification
all events STATUS_UNCATEGORIZED

Log Sample

ip-10-10-1-186.ec2.internal 2022-11-29 21:47:34.623 [INFO] [WSOP] [8] [request] [ProcessIDNumber] 10.10.1.186 - "GET /url HTTP/2.0"

Sample Parsing

metadata.event_timestamp = 1669758454
metadata.event_type = STATUS_UNCATEGORIZED
metadata.vendor_name = "Entrust"
metadata.product_name = "HSM"
metadata.product_event_type = "request"
principal.hostname = "ip-10-10-1-186.ec2.internal"
principal.process.pid = "ProcessIDNumber"
principal.ip = "10.10.1.186"
principal.application = "WSOP"
target.url = "/url"
observer.hostname = "ip-10-10-1-186.ec2.internal"
observer.administrative_domain = "ec2.internal"
security_result.severity = INFORMATIONAL
security_result.severity_details = "INFO"
network.http.method = "GET"
network.http.user_agent = "HTTP/2.0"

Parser Alerting

This product currently does not have any Parser-based Alerting

Rules

Coming Soon