Introduction

Entrust KeyControl has been rebranded as the Entrust Cryptographic Security Platform (CSP) Key Manager.

The Entrust CSP Key Manager continues to provide a comprehensive solution for discovering and managing the lifecycles of cryptographic keys, secrets, certificates, tokens, libraries, protocols, and configurations:

  • The KeyControl Compliance Manager is now the Entrust CSP Compliance Manager. It still integrates with Entrust nShield Hardware Security Modules (HSMs) to protect the master keys for the CSP.

  • KeyControl Vault is now the Entrust Cryptographic Security Platform Vault. The Cryptographic Security Platform Vaults also still integrate with Entrust nShield HSMs to provide an optional HSM root of trust.

Because the Entrust integrations are tested against specific product versions, this guide is still branded as a "KeyControl" integration. It was tested against a pre-CSP version of KeyControl.

Exercise caution when using an Entrust Integration Guide with a product version that does not match the tested version, because your version might not function in exactly the same way.

Entrust cannot guarantee the success of integrations in configurations other than those indicated in the guide. This guide remains on the website for customers using pre-CSP versions of KeyControl.

This document describes the integration of Microsoft Sentinel (SIEM Ingest Syslog and CEF) with Entrust KeyControl.

Documents to read first

This guide describes how to configure CEF and Syslog collection to Microsoft Sentinel from the Entrust KeyControl Vault servers.

To install and configure the Entrust KeyControl cluster on Microsoft Azure, see Entrust KeyControl Azure Installation

To install and configure the Entrust KeyControl server on prem, see KeyControl Installation and Upgrade Guide.

Also refer to the documentation and set-up process for Microsoft Sentinel in the Microsoft Sentinel online documentation.

Requirements

  • Entrust KeyControl Vault version 10.2 or later

    An Entrust KeyControl license is required for the on prem installation. You can obtain this license from your Entrust KeyControl Vault and account team or through Entrust KeyControl Vault customer support.

  • Microsoft Azure subscription

Entrust recommends that you allow only unprivileged connections unless you are performing administrative tasks.

High-availability considerations

Entrust KeyControl Vault uses an active-active deployment, which provides high-availability capability to manage encryption keys. Entrust recommends this deployment configuration. In an active-active cluster, changes made to any KeyControl node in the cluster are automatically reflected on all nodes in the cluster. For information about Entrust KeyControl, see the Entrust KeyControl Vault Product Overview.

Product configuration

The integration between Microsoft Sentinel and Entrust KeyControl Vault has been successfully tested in the following configurations:

Product Version

Entrust KeyControl Vault

10.2

Log Forwarder Machine

Ubuntu 20.04