Passer au contenu principal
Products
Utimaco Enterprise Secure Key Manager
https://catalogartifact.azureedge.net/publicartifacts/utimacoisgmbh1676995905654.azure-sentinel-solution-eskm-df9cf417-d0b5-49ae-a500-117cac11540a/image3_utimacoblack.png

Utimaco Enterprise Secure Key Manager

par Utimaco IS GmbH

Monitor Utimaco ESKM KMIP key management in Microsoft Sentinel to detect misuse and threats.

The Utimaco Enterprise Secure Key Manager (ESKM) solution for Microsoft Sentinel ingests KMIP server logs from Utimaco ESKM appliances into your Sentinel workspace using the Codeless Connector Platform (CCP) and Azure Monitor Data Collection Rules. It gives SOC teams centralized visibility into cryptographic key operations, KMIP client activity, and authentication events — helping detect misuse, configuration issues, and unauthorized access to the cryptographic material that protects your most sensitive data.


Underlying Microsoft technologies used:

  • Microsoft Sentinel Codeless Connector Platform (CCP)
  • Azure Monitor Data Collection Rules (DCR) and Data Collection Endpoints (DCE)

    • Content included in this solution:

    • Data Connectors: 1 (Utimaco ESKM KMIP server logs via CCP)
    • Workbooks: 1 (Utimaco ESKM — activity baseline, event distribution, operation outcomes, and authentication health)
    • Analytic Rules: 3 (Authentication Failure Brute Force, Permission Denied Burst, Destroy Burst)
    • Hunting Queries: 4 (Rare KMIP Users, New Source IPs, High Volume Key Retrieval, After-Hours Activity)

      • Prerequisites:

      • An active Microsoft Sentinel workspace with permissions to create Data Collection Rules and connectors.
      • Utimaco Enterprise Secure Key Manager (ESKM) appliance with KMIP server logging enabled.
      • Network reachability between the ESKM log source (or a forwarder) and the Sentinel ingestion endpoint.
      • No additional licensing beyond Microsoft Sentinel; the connector uses standard log ingestion.

        • Release notes: View on GitHub