Integration with Secure60

In order to successfully deploy Secure60 in your environment there are 2 important steps to take:

• Setup Data Flow (Ingestion Integration) - This is the mechanism of getting data from your environment (Servers, Systems, Log files etc) into Secure60
• Enhance Data (Parsing and transformation) - This step is the process that makes your various sources of data standardised so that interesting information can be correlated across your entire dataset

We provide tools and instructions to achieve both of the above steps, however they don’t have to be performed at once.

It’s common to setup data flow and then as a follow on stage, enhance the data.

Ingestion and Integration Options:

• Secure60 Collector Installation and Configuration
• Filebeat (As well as Vector, Fluentd, Slunk HEC and many more open source and commercial options)
• Secure60 HTTP Ingestion API (Directly send to Secure60 Platform)

The Secure60 Collector offers the ability to ingest from: HTTP(S), Syslog(Secure), S3 Pull, Kafka, AWS SQS, GCP Pub Sub, Logstash, Splunk HEC, Redis and many more

Options like Filebeat enable simple integration from: Microsoft 365, Azure Event hub, Okta, Azure AD and many more

We always recommend collaborating with the Secure60 team to help plan the easiest integration approach - Touch base at integrations@secure60.io for help.

Parsing and Transformation Options:

Secure60 platform by design is schemaless, you can send any field names and they will be ingested and securely stored and searchable via the portal UI.

To enable the more advanced security features in the platform (such as Rules and Entity Analysis) we require that data is stored in the Secure60 Common Information Model (CIM). This is a simple schema that stores fields in a common naming strategy so that you can correlate activity across multiple systems and log types.

An example of this would be that if you are sending us an IP address instead of having one system send ip_source:54.7.36.12 and another send source_ip:54.7.36.12 we would parse and transform both of those fields into ip_src_dst:54.7.36.12 which then provides a standard format for referenceing Source IP information.

We offer rich parsing and transformation features within the Secure60 Collector, This includes automated field analysis for common field names which will automatically be converted into Secure60 schema.

We support hundreds of device and log formats including: Syslog, auditd, Windows Events, Cisco Schema, Juniper, AWS, Azure, GCP, Rackcorp, Zeek.

For details on parsing and transformation using the Secure60 Collector see: Secure60 Collector Installation and Configuration

We can also normalise from other standards such as Elastic Common Schema (ECS) and Open Cybersecurity Schema Framework (OCSF) into the Secure60 Schema, Touch base with our team for details on how to do this.