UtimacoESKMKmipServerLogs_CL

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Tables Index

---

Attribute	Value
Ingestion API Supported	✓ Yes

Contents

• Schema
• Solutions
• Connectors
• Content Items

Schema (11 columns)

Source: KQL validation test schema

Column Name	Type
Action	string
Event	string
IP	string
Message	string
ObjectType	string
Operation	string
Reason	string
Result	string
TimeGenerated	datetime
User	string
UUID	string

Solutions (1)

This table is used by the following solutions:

• Utimaco Enterprise Secure Key Manager

Connectors (1)

This table is ingested by the following connectors:

Connector	Selection Criteria
Utimaco Enterprise Secure Key Manager (ESKM)

---

Content Items Using This Table (8)

Analytic Rules (3)

In solution Utimaco Enterprise Secure Key Manager:

Analytic Rule	Selection Criteria
Utimaco ESKM - Burst of KMIP DESTROY operations by a single user
Utimaco ESKM - Multiple KMIP authentication failures from same IP
Utimaco ESKM - PERMISSION_DENIED burst for a KMIP user

Hunting Queries (4)

In solution Utimaco Enterprise Secure Key Manager:

Hunting Query	Selection Criteria
Utimaco ESKM - After-hours KMIP activity
Utimaco ESKM - High-volume private key retrievals by user
Utimaco ESKM - New source IPs connecting to KMIP
Utimaco ESKM - Rare KMIP users in the last 24 hours

Workbooks (1)

In solution Utimaco Enterprise Secure Key Manager:

Workbook	Selection Criteria
ESKMworkbook

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Tables Index