...
HashiCorp Vault is an identity-based secrets and encryption management system. A secret is anything that you want to tightly control access to, such as API encryption keys, passwords, and certificates.
Vault provides encryption services that are gated by authentication and authorization methods.
Vault works primarily with tokens and a token is associated to the client's policy.
Device Information
Entity | Particulars |
---|---|
Vendor Name | HashiCorp |
Product Name | Vault |
Type of Device | Hosted |
Collection Method
Log Type | Ingestion label | Preferred Logging Protocol | Log collection method |
---|---|---|---|
Hashicorp Vault | HASHICORP | SYSLOG+JSON | CyberHub |
Port Requirements
Source | Destination | Port |
---|---|---|
Vault | CyberHub | 601 (TCP) |
Device Configuration
Log in to the HashiCorp Vault CLI
...
To configure NxLog Agent for TLS TCP Log flow on port 10014:
Download and Install NxLog agent from Download
For TLS, need to create certificate file for communication. On CyberHub , navigate to support user mode and choose option 11 to View Certificate to export for FTPS and TCP.
Copy and paste the certificate to new file and save this file into squid server at desired location.
For Linux Agent, after installation go to installed location “/etc/nxlog.conf”. Rename attached NXLog.conf(TLS) to
nxlog.conf
and copy into this folder.Replace “lcpIp” with “CyberHub IP Address” in
nxlog.conf
Change
vault_audit.log
file location on line 24Add CA File location at position 37
Now start the nxlog service using below command
...
Parameters required from customer for Integration.
Property | Default Value | Description |
---|---|---|
IP Address | Vault interface IP address | Hostname or IP address of the device which forwards logs to the CyberHub |