Introduction
This document describes the integration of Microsoft Sentinel (SIEM Ingest Syslog and CEF) with Entrust KeyControl.
Documents to read first
This guide describes how to configure CEF and Syslog collection to Microsoft Sentinel from the Entrust KeyControl Vault servers.
To install and configure the Entrust KeyControl cluster on Microsoft Azure, see Entrust KeyControl Azure Installation
To install and configure the Entrust KeyControl server on prem, see KeyControl Installation and Upgrade Guide.
Also refer to the documentation and set-up process for Microsoft Sentinel in the Microsoft Sentinel online documentation.
Requirements
-
Entrust KeyControl Vault version 10.2 or later
An Entrust KeyControl license is required for the on prem installation. You can obtain this license from your Entrust KeyControl Vault and account team or through Entrust KeyControl Vault customer support.
-
Microsoft Azure subscription
| Entrust recommends that you allow only unprivileged connections unless you are performing administrative tasks. |
High-availability considerations
Entrust KeyControl Vault uses an active-active deployment, which provides high-availability capability to manage encryption keys. Entrust recommends this deployment configuration. In an active-active cluster, changes made to any KeyControl node in the cluster are automatically reflected on all nodes in the cluster. For information about Entrust KeyControl, see the Entrust KeyControl Vault Product Overview.