⚠️ Utimaco Enterprise Secure Key Manager

⚠️ Unpublished: This item is from a solution that is not yet published on Azure Marketplace or not installed in Content Hub.

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Solutions Index

Attribute	Value
Publisher	Utimaco
Support Tier	Partner
Support Link	https://utimaco.com/support
Categories	Security - Information Protection
Version	3.0.0
Author	Utimaco - support@utimaco.com
First Published	2026-05-29
Solution Folder	Utimaco Enterprise Secure Key Manager

The Utimaco ESKM solution ingests KMIP server logs from Utimaco Enterprise Secure Key Manager (ESKM) into Microsoft Sentinel using the Codeless Connector Platform (CCP). It enables monitoring of key management operations, authentication events, and KMIP client activity, helping you detect misuse, configuration issues, and unauthorized access to cryptographic material.

Underlying Microsoft Technologies used:

a. Microsoft Sentinel Codeless Connector Platform (CCP)

b. Azure Monitor Data Collection Rules and Endpoints

Data Connectors
Tables Used
Content Items
Additional Documentation

Data Connectors

This solution provides 1 data connector(s):

Utimaco Enterprise Secure Key Manager (ESKM)

Tables Used

This solution uses 1 table(s):

Table	Used By Connectors	Used By Content
`UtimacoESKMKmipServerLogs_CL`	Utimaco Enterprise Secure Key Manager (ESKM)	Analytics, Hunting, Workbooks

Content Items

This solution includes 8 content item(s):

Content Type	Count
Hunting Queries	4
Analytic Rules	3
Workbooks	1

Analytic Rules

Name	Severity	Tactics	Tables Used
Utimaco ESKM - Burst of KMIP DESTROY operations by a single user	High	Impact	`UtimacoESKMKmipServerLogs_CL`
Utimaco ESKM - Multiple KMIP authentication failures from same IP	Medium	CredentialAccess	`UtimacoESKMKmipServerLogs_CL`
Utimaco ESKM - PERMISSION_DENIED burst for a KMIP user	Medium	Discovery	`UtimacoESKMKmipServerLogs_CL`

Hunting Queries

Name	Tactics	Tables Used
Utimaco ESKM - After-hours KMIP activity	DefenseEvasion	`UtimacoESKMKmipServerLogs_CL`
Utimaco ESKM - High-volume private key retrievals by user	Collection, Exfiltration	`UtimacoESKMKmipServerLogs_CL`
Utimaco ESKM - New source IPs connecting to KMIP	InitialAccess	`UtimacoESKMKmipServerLogs_CL`
Utimaco ESKM - Rare KMIP users in the last 24 hours	InitialAccess, Persistence	`UtimacoESKMKmipServerLogs_CL`

Workbooks

Name	Tables Used
ESKMworkbook	`UtimacoESKMKmipServerLogs_CL`

Additional Documentation

📄 Source: Utimaco Enterprise Secure Key Manager/README.md

Overview

This solution enables integration of Utimaco ESKM (Enterprise Secure Key Manager) logs with Microsoft Sentinel using the Connector Builder (RestApiPoller) platform. It provides:

Automated ingestion of KMIP server logs
Prebuilt workbook for monitoring key management and authentication activity
Analytics rules for threat detection
Hunting queries for proactive investigation

Features

Data Connector: Connector Builder (RestApiPoller) poller for ESKM KMIP server logs
Workbook: Visualizes key metrics, event distribution, operation outcomes, authentication trends, and activity timeline
Analytics Rules: Detects brute-force, privilege probing, mass deletion, and authentication anomalies
Hunting Queries: Surfaces rare users, new source IPs, high-volume key retrievals, and after-hours activity

Deployment

Import the solution package into Microsoft Sentinel via Content Hub or ARM template deployment.
Configure the data connector with your ESKM API endpoint and credentials.
Enable analytic rules and customize thresholds as needed.
Use the workbook and hunting queries for monitoring and investigation.

Support

For support, contact Utimaco:

Email: support@utimaco.com
Website: https://utimaco.com/support

Legal

This solution is provided by Utimaco. See license terms in the solution package or contact support for details.

Release Notes

Version	Date Modified (DD-MM-YYYY)	Change History
3.0.0	11-06-2026	Initial Solution Release.