Integrating Syslog CEF with Secret Server

Syslog Common Event Format (CEF) is a standard format for log messages that allows for interoperability and consistent event representation across different systems and security tools. With the syslog CEF integration, Secret Server can send log messages in the CEF format to a syslog server or collector. The CEF format provides a structured representation of log events, including specific fields such as timestamp, source IP, event type, severity, and additional relevant information. By using the CEF format, Secret Server log messages can be easily interpreted and processed by various syslog servers, security information and event management (SIEM) systems, and other security tools that support CEF. This ensures interoperability and standardization of log data across different systems.

The audit log for a secret can be accessed by clicking the View Audit button on the Secret View page or navigating from the User Audit report. The log shows the date, the username, the action, and any other details about the event. Secret auditing provides a detailed view of each change or view on a secret. Audit logs are visible to anyone with the list permission. Thus, anybody with that permission can view permission changes, users whose permissions were changed, secret dependency information, and the machine.

To learn more about this Delinea integration, click here.