Skip to content

Hashicorp Vault

HashicorpVault

About

Secure, store and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API.

Product Details

Vendor URL: Hashicorp Vault

Product Type: SaaS

Product Tier: Tier III

Integration Method: Cloud Storage

Integration URL: N/A

Log Guide: Audit and Operational Log Details

Parser Details

Log Format: JSON

Expected Normalization Rate: 90-100%

Data Label: HASHICORP

UDM Fields (list of all UDM fields leveraged in the Parser):

Log File Field UDM Field
GENERIC_EVENT metadata.event_type
request.path target.file.full_path
auth.display_name extensions.auth.auth_details
request.remote_address principal.ip
type metadata.product_event_type
environment principal.resource.type
request.id src.asset.product_object_id
request.operation metadata.product_deployment_id
auth.metadata.username principal.user.userid
auth.metadata.role_name metadata.product_log_id
request.mount_type metadata.description
response.mount_type metadata.description

Product Event Types

Event UDM Event Classification
All events GENERIC_EVENT

Log Sample

development{"time":"2022-01-05T14:26:16.686345945Z","type":"response","auth":{"client_token":"hmac-sha256:efb7931295e489ae6ae8982922b9eb1b10fd607fb5e49e348214079457831f26","accessor":"hmac-sha256:eb30520cd7fca1d8b27c85c30371863e0de81cc2cc4b8491233744ebd7d2d179","display_name":"approle","policies":["default","pkx-xxx-admin"],"token_policies":["default","pkx-xxx-admin"],"metadata":{"role_name":"pkx-xxx-admin"},"entity_id":"7d47c940-9309-3ebf-823c-751171664840","token_type":"service","token_ttl":1200},"request":{"id":"701547b8-93c9-b0a8-14ff-b86068374d2d","operation":"update","mount_type":"approle","namespace":{"id":"root"},"path":"auth/approle/login","data":{"role_id":"hmac-sha256:ef52cda858438ac1196ced59b1e7a3641418b1b529d95acc5a9cf07219f03e42","secret_id":"hmac-sha256:7607da157b61e27ce8df77fbca24299b63ea8d4a106f83ce1bab409e6af0e1e4"},"remote_address":"10.1.1.18"},"response":{"auth":{"client_token":"hmac-sha256:efb7931295e489ae6ae8982922b9eb1b10fd607fb5e49e348214079457831f26","accessor":"hmac-sha256:eb30520cd7fca1d8b27c85c30371863e0de81cc2cc4b8491233744ebd7d2d179","display_name":"approle","policies":["default","pkx-xxx-admin"],"token_policies":["default","pkx-xxx-admin"],"metadata":{"role_name":"pkx-xxx-admin"},"entity_id":"7d47c940-9309-3ebf-823c-751171664840","token_type":"service","token_ttl":1200},"mount_type":"approle"}}

Sample Parsing

metadata.product_log_id: pxx-xx-admin
metadata.event_timestamp: 2022-01-19 19:42:17
metadata.event_type: GENERIC_EVENT
metadata.product_event_type: response
metadata.product_deployment_id: update
metadata.description: approle
metadata.principal.ip: 10.1.1.18
metadata.principal.resource.type: development
metadata.src.asset.product_object_id: 701547b8-93c9-b0a8-14ff-b86068374d2d
metadata.target.file.full_path: auth/approle/login
metadata.extensions.auth.auth_details: approle

Parser Alerting

This product currently does not have any Parser-based Alerting

Rules

Coming Soon