Thycotic Secret Server
Note
This plugin is part of the community.general collection (version 2.5.1).
Integrating Rapid7’s leading vulnerability management solution, InsightVM, or our top-rated on-premise solution, Nexpose, with Thycotic’s SecretServer helps enhance your team’s ability to perform these scans. SecretServer is designed to randomize and store the passwords for accounts on target systems on a regular recurring basis. Are you a Thycotic Secret Server cloud client and have concerns about your data? I hear this from people all the time. If this is something you are concerned about hit me up and I will put you in contact with a PS team that offers a few different backup options for your data.
To install it use: ansible-galaxycollectioninstallcommunity.general.
Thycotic software is 100% better than CyberArk at a fraction of the cost. And requires a smaller footprint and covers more compliance requirements. Responsible for Identifying gaps in security architecture and recommend best practice processes within Thycotic Secret Server; Provides recommended improvements and refresh of Thycotic Secret Server architecture Upgrade and patching expertise License and Certificate knowledge; Creates clear concise and customized documentation User access issues. For any documentation related searches, please utilize the search function on the documentation portal at https://docs.thycotic.com.
To use it in a playbook, specify: community.general.tss.
Uses the Thycotic Secret Server Python SDK to get Secrets from Secret Server using token authentication with username and password on the REST API at base_url.
The below requirements are needed on the local controller node that executes this lookup. Merry christmas!.
python-tss-sdk - https://pypi.org/project/python-tss-sdk/
| Parameter | Choices/Defaults | Configuration | Comments |
|---|---|---|---|
| _terms integer / required | |||
| api_path_uri | Default: '/api/v1' | The path to append to the base URL to form a valid REST API request. | |
| base_url string / required | env:TSS_BASE_URL | The base URL of the server, e.g. https://localhost/SecretServer. | |
| password string / required | env:TSS_PASSWORD | The password associated with the supplied username. | |
| token_path_uri string | Default: | env:TSS_TOKEN_PATH_URI | The path to append to the base URL to form a valid OAuth2 Access Grant request. |
| username string / required | env:TSS_USERNAME | The username with which to request the OAuth2 Access Grant. |
Common return values are documented here, the following are the fields unique to this lookup:
| Key | Returned | Description |
|---|---|---|
| _list list / elements=dictionary | success | See https://updates.thycotic.net/secretserver/restapiguide/TokenAuth/#operation--secrets--id--get. |
-->
Thycotic Secret Server License Cost
Important
The Thycotic Secret Server connector is currently in PREVIEW. See the Supplemental Terms of Use for Microsoft Azure Previews for additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
This article explains how to connect your Thycotic Secret Server appliance to Azure Sentinel. The Thycotic Secret Server data connector allows you to easily connect your Thycotic Secret Server logs with Azure Sentinel, so that you can view the data in workbooks, use it to create custom alerts, and incorporate it to improve investigation. Integration between Thycotic and Azure Sentinel makes use of the CEF Data Connector to properly parse and display Secret Server Syslog messages.
Robot unicorn attackanother unblocked game site. Note
Data will be stored in the geographic location of the workspace on which you are running Azure Sentinel.
Prerequisites
You must have read and write permissions on your Azure Sentinel workspace.
You must have read permissions to shared keys for the workspace.
Your Thycotic Secret Server must be configured to export logs via Syslog.
Send Thycotic Secret Server logs to Azure Sentinel
To get its logs into Azure Sentinel, configure your Thycotic Secret Server to send Syslog messages in CEF format to your Linux-based log forwarding server (running rsyslog or syslog-ng). This server will have the Log Analytics agent installed on it, and the agent forwards the logs to your Azure Sentinel workspace.
In the Azure Sentinel navigation menu, select Data connectors.
From the Data connectors gallery, select Thycotic Secret Server (Preview), and then Open connector page.
Follow the instructions in the Instructions tab, under Configuration:
Under 1. Linux Syslog agent configuration - Do this step if you don't already have a log forwarder running, or if you need another one. See STEP 1: Deploy the log forwarder in the Azure Sentinel documentation for more detailed instructions and explanation.
Under 2. Forward Common Event Format (CEF) logs to Syslog agent - Follow Thycotic's instructions to configure Secret Server. This configuration should include the following elements:
- Log destination – the hostname and/or IP address of your log forwarding server
- Protocol and port – TCP 514 (if recommended otherwise, be sure to make the parallel change in the syslog daemon on your log forwarding server)
- Log format – CEF
- Log types – all available
Under 3. Validate connection - Verify data ingestion by copying the command on the connector page and running it on your log forwarder. See STEP 3: Validate connectivity in the Azure Sentinel documentation for more detailed instructions and explanation.
It may take up to 20 minutes until your logs start to appear in Log Analytics.
Find your data
After a successful connection is established, the data appears in Logs, under the Azure Sentinel section, in the CommonSecurityLog table.
To query Thycotic Secret Server data in Log Analytics, copy the following into the query window, applying other filters as you choose:
See the Next steps tab in the connector page for some useful workbooks and query samples.
Next steps
In this document, you learned how to connect Thycotic Secret Server to Azure Sentinel. To learn more about Azure Sentinel, see the following articles:
Thycotic Secret Server Chrome Extension
- Learn how to get visibility into your data, and potential threats.
- Get started detecting threats with Azure Sentinel.
- Use workbooks to monitor your data.