Integration with SIEM Solutions | Zoho Vault

Integration with Popular SIEM Solutions

Security information and event management (SIEM) tools gather sensitive security logs from various services to monitor all activities performed from a central location. Having security logs from multiple IT resources can help IT teams to identify malicious activities. And adding these logs, containing information about all password actions, to the enterprise SIEM system can provide a holistic view of both internal and external threats. 


Zoho Vault's integration with popular SIEM tools will allow organizations to manage all their Vault audit logs from the SIEM service of their choice. You can create custom alerts and receive instant or periodic notifications based on the configurations available in your SIEM service, to stay informed of all activities in your password manager. 


Prerequisite

  • Super admin of Zoho Vault
  • Valid subscription with the relevant SIEM tools


SIEM integration

Integrating with the SIEM services commonly involve two steps:

  • Generating a token 
  • Identifying the collector hostname 


Currently, we offer integration with seven SIEM solutions:

  • Loggly
  • Logz.io
  • Rapid7
  • Sematext
  • Sumo Logic
  • Timber
  • Microsoft Sentinel


Note

  • By default, all audits captured in Zoho Vault will be sent to your SIEM service. To filter the audits sent, select Manage Syslog Configurations from SIEM Integrations in Vault. 
  • We support only the HTTPS protocol at the moment.
  • You can send logs only to one service at once. 

 

Integration with Loggly

  1. Log in to your Loggly account, then select Source Setup from the menu bar.



  2. Select Customer Tokens from the submenu.
  3. A customer token is created by default. Copy this token for later use, or click Add New to use a new token with Zoho Vault.



  4. To find out the Collector Hostname, select Source Setup, then click HTTP/S Event Endpoint.
  5. Logs-01.loggly.com will be the hostname by default. If you've modified it, you can find the current URL from the field highlighted in the screenshot below. 



Configuring Loggly details in Vault

  1. Log in to your Zoho Vault account as a super admin, then select Settings.
  2. Select SIEM Integration, then click Edit configurations under Loggly.
  3. Enter the Collector Hostname and token details, then click Save Configuration.



  4. Click Enable.


Accessing Zoho Vault logs from Loggly

To view all audit logs from Vault in Loggly:

  1. Log in to your Loggly account.
  2. Click Search, then search for the logs from Vault based on the time and date of the operation.



Integration with Sematext

  1. Log in to your account, then select Logs.
  2. Click Create logs app.



  3. Enter the App Name, then click Continue.



  4. Select Actions, then click Integrations.
  5. Scroll down to the section Where to send logs?.
  6. Copy the hostname and index (token) details for later use. 



Configuring Sematext details in Vault

  1. Log in to your Zoho Vault account as a super admin, then select Settings.
  2. Select SIEM Integration, then click Settings under SemaText.
  3. Enter the Collector Hostname and token details, then click Save Configuration.



  4. Click Enable.


Accessing Zoho Vault logs from Sematext

To view all audit logs from Vault in Sematext:

  1. Log in to your Sematext account.
  2. Select the app you configured under Logs



  3. View the total number of logs generated from Log counts, and details of all the logs generated from Log Events.
  4. Click Search, then search for the logs from Vault based on the time and date of the operation.



Integration with Sumo Logic

  1. Log in to your account, then select Manage Data.
  2. Select Collections, then click Add Collector.



  3. Select Hosted Collector as the Collector Type.



  4. Enter a Name, then click Save.
  5. Select Add Source corresponding to the newly created Collector, then select HTTP Logs and Metrics.
  6. Enter a name for the source, then click Save.
  7. Copy the URL generated for later use.
  8. Click OK.



Configuring Sumo Logic details in Vault

  1. Log in to your Zoho Vault account as a super admin, then select Settings.
  2. Select SIEM Integration, then click Settings under Sumo Logic.
  3. Enter the Collector URL, then click Save Configuration.



  4. Click Enable.


Accessing Zoho Vault logs from Sumo Logic

To view all audit logs from Vault in Sumo Logic:

  1. Log in to your Sumo Logic account.
  2. Select Manage Data, then click Collections.
  3. Select Open in Log Search from the newly created source to view the logs from Vault, based on the time and date of the operations.



Integration with Logz.io

  1. Log in to your account, then select Send Your Data from the menu bar.
  2. Select Libraries, then click Bulk HTTP/S.
  3. Under URL for HTTPS, you’ll find the Collector Hostname. Copy the hostname as shown in the screenshot below. 
    Note: By default, your hostname will be listener.logz.io
  4. Under Query string parameters, you’ll find the token details. Copy the token from the description.



Configuring Logz.io details in Vault

  1. Log in to your Zoho Vault account as a super admin, then select Settings.
  2. Select SIEM Integration, then click Settings under Logz.io.
  3. Enter the Collector Hostname and token details, then click Save Configuration.



  4. Click Enable.


Accessing Zoho Vault logs from Logz.io

To view all audit logs from Vault in Logz.io:

  1. Log in to your Logz.io account.
  2. Select Kibana to view the logs based on the time and date of the operation.



Integration with Timber

  1. Log in to your account, then select Sources.
  2. Click Add a New Source, then select Protocols.



  3. Select HTTP API.



  4. Under HTTP API settings, enter a Source Name, then click Next Step.



  5. Copy the Source ID and API Key (Token) details for later use, then select Next Step



Configuring Timber details in Vault

  1. Log in to your Zoho Vault account as a super admin, then select Settings.
  2. Select SIEM Integration, then click Settings under Timber.
  3. Enter the Source ID and token details, then click Save Configuration.



  4. Click Enable.

Note: By default, the hostname will be logs.timber.io.


Accessing Zoho Vault logs from Timber

To view all audit logs from Vault in Timber:

  1. Log in to your Timber account, then select Console.
  2. Select the source name specified earlier from the dropdown box to view the logs from Vault, based on the time and date of the operation.


Integration with Rapid7

  1. Log in to your account, then select Add Data.



  2. Under System Data, select Webhook.
  3. Enter a name under Log name and Log Set, then click Add new log.
  4. Copy the token from the field prior to the Apply button.
  5. Copy the hostname from the Step 1 section, as highlighted in the screenshot below. (For example, us.webhooks.logs.insight.rapid7.com)
  6. Click Done.



Configuring Rapid7 details in Vault

  1. Log in to your Zoho Vault account as a super admin, then select Settings.
  2. Select SIEM Integration, then click Settings under Rapid7.
  3. Enter the Collector Hostname and token details, then click Save Configuration.



  4. Click Enable.


Accessing Zoho Vault logs from Rapid7

To view all audit logs from Vault in Rapid7:

  1. Log in to your Rapid7 account.
  2. Select Log Search to view the logs based on the time and date of the operation.



Integration with Microsoft Sentinel

  1. Log in to your Microsoft Azure portal, then access the Microsoft Sentinel service.
  2. Select the Sentinel instance to which you want to forward Zoho Vault's Audit trails.
  3. On the left panel, select Settings under Configurations.



  4. Click Workplace Settings.



  5. From the left panel, select Agent management, then click Log Analytics agent instructions.
  6. Make a note of the Workspace ID and Primary key details to be configured in Zoho Vault.



Configuring MS Sentinel details in Vault

  1. Log in to your Zoho Vault account as a super admin, then select Settings.
  2. Under Settings, click SIEM Integration.



  3. Enable MS Sentinel.



  4. Configure the Workspace ID and Primary key as Token, then click Save Configuration.



Accessing Zoho Vault logs from MS Sentinel

To view all audit logs from Vault in Sentinel:
  1. Log in to your Microsoft Azure portal, then access the Microsoft Sentinel service.
  2. Select the Sentinel instance from which you want to see Zoho Vault's Audit trails.

  3. On the left panel, select Settings under Configurations.

  4. Click Workplace Settings.

  5. From the left panel, select Logs.

  6. Close the Queries menu.

  7. Run this query.

  8. View Logs from the Results section.



    Zoho CRM Training Programs

    Learn how to use the best tools for sales force automation and better customer engagement from Zoho's implementation specialists.

    Zoho CRM Training
      Redefine the way you work
      with Zoho Workplace

        Zoho DataPrep Personalized Demo

        If you'd like a personalized walk-through of our data preparation tool, please request a demo and we'll be happy to show you how to get the best out of Zoho DataPrep.

        Zoho CRM Training

          Create, share, and deliver

          beautiful slides from anywhere.

          Get Started Now


            Get started with Zoho Sign

            in a few quick steps!

            Download Help Guide





                        Still can't find what you're looking for?

                        Write to us:  support@zohoforms.com


                              




                            

                          Zoho Marketing Automation

                            Zoho Sheet Resources

                             




                                Zoho Forms Resources


                                  Secure your business
                                  communication with Zoho Mail


                                  Mail on the move with
                                  Zoho Mail mobile application

                                    Stay on top of your schedule
                                    at all times


                                    Carry your calendar with you
                                    Anytime, anywhere




                                          Zoho Sign Resources

                                            Sign, Paperless!

                                            Sign and send business documents on the go!

                                            Get Started Now


                                                Zoho SalesIQ Resources



                                                    Zoho TeamInbox Resources



                                                            Zoho DataPrep Resources



                                                              Zoho DataPrep Demo

                                                              Get a personalized demo or POC

                                                              REGISTER NOW


                                                                Design. Discuss. Deliver.

                                                                Create visually engaging stories with Zoho Show.

                                                                Get Started Now











                                                                                      • Related Articles

                                                                                      • Integration with Popular Help Desks

                                                                                        Users often enable access control on critical shared passwords to prevent unauthorized access and to streamline access to critical accounts. When passwords are configured with access control, users will have to submit a password access request and ...
                                                                                      • Change Passwords for Popular Websites

                                                                                        Easily change the passwords you use for popular websites and applications by automating password reset from your Zoho Vault account. This will help with setting up new passwords for your accounts based on your password policy, while also updating ...
                                                                                      • Integration with Microsoft Office 365

                                                                                        Thousands of businesses use Office 365 to manage their operations. With Zoho Vault's integration with Office 365, admins can quickly import users from Office 365, and help them securely manage their passwords with Zoho Vault, simplify user ...
                                                                                      • Webhooks Integration

                                                                                        Send instant notification to legacy or third-party applications as and when critical events occur using Zoho Vault's Webhook integration. Using webhooks, you can configure custom workflow rules to trigger critical notifications and custom actions ...
                                                                                      • Integration with Microsoft Active Directory

                                                                                        You can integrate Zoho Vault with your corporate identity stores, such as Active Directory (AD) or Lightweight Directory Access Protocol (LDAP), to manage and authenticate users. Acting as the service provider, Zoho Vault integrates with AD and LDAP, ...
                                                                                      Wherever you are is as good as
                                                                                      your workplace

                                                                                        Resources

                                                                                        Videos

                                                                                        Watch comprehensive videos on features and other important topics that will help you master Zoho CRM.



                                                                                        eBooks

                                                                                        Download free eBooks and access a range of topics to get deeper insight on successfully using Zoho CRM.



                                                                                        Webinars

                                                                                        Sign up for our webinars and learn the Zoho CRM basics, from customization to sales force automation and more.



                                                                                        CRM Tips

                                                                                        Make the most of Zoho CRM with these useful tips.



                                                                                          Zoho Show Resources