Subscribe to Help Center RSS FeedIntegrating your VaultOne platform with a SIEM (Security Information and Event Management) system allows you to centralize security information and streamline your alert monitoring. The process begins with generating an API token to securely connect VaultOne to your SIEM.
Generating an API Token
- Log in to your VaultOne platform.
- Go to Administration > API Tokens.
- Click on Create API Token.
Warning:
The Client ID and Secret (token) may only be shown once. Copy them to a secure location, like the JumpCloud Password Manager, for future reference.
Calling the GetAlertsLog API
To retrieve alerts from VaultOne, you will need to call the GetAlertsLog API.
- Authentication: Select 'API KEY' as the authentication type and enter the access key you generated in Step 1
- Required Fields: The API call requires two essential fields: StartDate and EndDate
- Sending Interval: The system is configured to send alerts at a one-day interval
- Format: All alerts are sent in the CEF (Common Event Format), which is a standardized log format recognized by most SIEMs
Default Alerts
VaultOne is pre-configured to send the following alerts by default to your SIEM:
- More than 5 credentials seen in a short time frame (1, 2, or 3 minutes)
- Login from outside the country
- Excessive login attempts
- User login outside of business hours
Back to Top
In this Article