How-To: Export EZCA PKI Logs to a SIEM Solution

EZCA enables your security team to monitor critical user actions by pushing the information to your SIEM.

Why Should I Export My Cloud PKI Logs to a SIEM?

EZCA enables your security team to monitor critical user actions by pushing audit logs to your Security Information and Event Management (SIEM) solution. By exporting your Cloud PKI logs to your SIEM, you can:

  • Centralize your security monitoring: By sending your Cloud PKI logs to your SIEM, you can centralize your security monitoring and have a single view of all your security events.
  • Detect and respond to threats faster: By having your Cloud PKI logs in your SIEM, you can detect and respond to threats faster by correlating Cloud PKI events with other security events in your environment.
  • Meet compliance requirements: Many compliance frameworks require organizations to monitor and log security events. By exporting your Cloud PKI logs to your SIEM, you can meet these requirements more easily.

Which SIEM Providers are Supported for Cloud PKI Log Export?

The following SIEM providers are currently supported:

If your SIEM provider is not currently supported email your Keytos contact and request a connector for that specific provider.

What Events are Sent to my SIEM from EZCA?

EZCA sends a variety of events to your SIEM to help you monitor your PKI activity. These events include:

CA Operation Events

Event ID Event Summary Description Potential Criticality
4882 The security permissions for Certificate Services changed A change in CA settings that might give or remove critical permissions High
92 CA change denied due to insufficient permissions A user attempted to change CA settings without the proper permissions High
23 Intermediate CA request rejected A new Intermediate CA request has been rejected High
19 CA deleted This indicates that a CA was deleted High
28 Intermediate CA was imported A new Intermediate CA has been created chaining to an external CA Medium
22 Intermediate CA created with EZCA Root A new Intermediate CA has been created chaining to an EZCA CA Medium
12 CA was renewed A CA has been renewed Low

Certificate Operation Events

Event ID Event Summary Description Potential Criticality
4888 Certificate request denied due to insufficient permissions A user attempted to request a certificate without the proper permissions High
4870 A certificate has been revoked This can cause an outage if was done by mistake or the new certificate is not added to all the endpoints that use the certificate Medium
4872 Publish CRL This is an even that the CRL has been published, this does not have to be tracked as we take care of it for you. Low
4887 Certificate was created This event indicates a certificate was created successfully Low

How Do I Export Cloud PKI Audit Logs to my SIEM?

How-To: Export your EZCA Cloud PKI Logs to Azure Log Analytics and Azure Sentinel

EZCA enables your security team to monitor critical user actions by pushing the information to your SIEM. In this page we will show you how to connect your Cloud PKI logs to Azure Log Analytics and Azure Sentinel.

How-To: Export your Cloud PKI Logs to Splunk

EZCA enables your security team to monitor critical user actions by pushing the information to your SIEM. In this page we will show you how to connect your Cloud PKI logs to Splunk.

How-To: Export your Cloud PKI Logs to CrowdStrike Falcon

EZCA enables your security team to monitor critical user actions by pushing the information to your SIEM. In this page we will show you how to connect your Cloud PKI logs to CrowdStrike Falcon.