MENU
    Azure Key Vault
    • 31 Oct 2024
    • 1 Minute to read
    • Dark

    Azure Key Vault

    • Dark

    Article summary

    Azure Key Vault is a product that helps safeguard cryptographic keys and other secrets used by cloud apps and services. LimaCharlie can ingest and natively parse Key Vault logs.

    Log Ingestion

    Azure Key Vault logs can be ingested via:

    Upon ingestion, the log category field is used to define the Event Type.

    Sample Event

    The following sample event is taken from Microsoft Azure documentation:

    {
            "records":
            [
                {
                    "time": "2016-01-05T01:32:01.2691226Z",
                    "resourceId": "/SUBSCRIPTIONS/361DA5D4-A47A-4C79-AFDD-XXXXXXXXXXXX/RESOURCEGROUPS/CONTOSOGROUP/PROVIDERS/MICROSOFT.KEYVAULT/VAULTS/CONTOSOKEYVAULT",
                    "operationName": "VaultGet",
                    "operationVersion": "2015-06-01",
                    "category": "AuditEvent",
                    "resultType": "Success",
                    "resultSignature": "OK",
                    "resultDescription": "",
                    "durationMs": "78",
                    "callerIpAddress": "104.40.82.76",
                    "correlationId": "",
                    "identity": {"claim":{"http://schemas.microsoft.com/identity/claims/objectidentifier":"d9da5048-2737-4770-bd64-XXXXXXXXXXXX","http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn":"live.com#username@outlook.com","appid":"1950a258-227b-4e31-a9cf-XXXXXXXXXXXX"}},
                    "properties": {"clientInfo":"azure-resource-manager/2.0","requestUri":"https://control-prod-wus.vaultcore.azure.net/subscriptions/361da5d4-a47a-4c79-afdd-XXXXXXXXXXXX/resourcegroups/contosoresourcegroup/providers/Microsoft.KeyVault/vaults/contosokeyvault?api-version=2015-06-01","id":"https://contosokeyvault.vault.azure.net/","httpStatusCode":200}
                }
            ]
        }
    JSON


    Was this article helpful?