Secret Server Mobile provides remote access to secrets from Thycotic Secret Server or Secret Server Cloud Autofill feature (iOS 12 and up) Users can use the mobile app to authenticate to a Secret Server instance and access their secrets. App support for MFA mechanisms used by Secret Server. Latest Secret Server Release Notes. How-to videos for Secret Server. Knowledge Base & Forum. Secret Server articles and discussion. Download Secret Server for automated or manual installation (requires authentication). Whitepapers and Others.
Note
This plugin is part of the community.general collection (version 2.5.1).
To install it use: ansible-galaxycollectioninstallcommunity.general.
To use it in a playbook, specify: community.general.tss.
Uses the Thycotic Secret Server Python SDK to get Secrets from Secret Server using token authentication with username and password on the REST API at base_url.
The below requirements are needed on the local controller node that executes this lookup.
python-tss-sdk - https://pypi.org/project/python-tss-sdk/
| Parameter | Choices/Defaults | Configuration | Comments |
|---|---|---|---|
| _terms integer / required | |||
| api_path_uri | Default: '/api/v1' | The path to append to the base URL to form a valid REST API request. | |
| base_url string / required | env:TSS_BASE_URL | The base URL of the server, e.g. https://localhost/SecretServer. | |
| password string / required | env:TSS_PASSWORD | The password associated with the supplied username. | |
| token_path_uri string | Default: | env:TSS_TOKEN_PATH_URI | The path to append to the base URL to form a valid OAuth2 Access Grant request. |
| username string / required | env:TSS_USERNAME | The username with which to request the OAuth2 Access Grant. |
Common return values are documented here, the following are the fields unique to this lookup:
| Key | Returned | Description |
|---|---|---|
| _list list / elements=dictionary | success | See https://updates.thycotic.net/secretserver/restapiguide/TokenAuth/#operation--secrets--id--get. |
-->
Important
Thycotic Secret Server Password Manager
The Thycotic Secret Server connector is currently in PREVIEW. See the Supplemental Terms of Use for Microsoft Azure Previews for additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
This article explains how to connect your Thycotic Secret Server appliance to Azure Sentinel. The Thycotic Secret Server data connector allows you to easily connect your Thycotic Secret Server logs with Azure Sentinel, so that you can view the data in workbooks, use it to create custom alerts, and incorporate it to improve investigation. Integration between Thycotic and Azure Sentinel makes use of the CEF Data Connector to properly parse and display Secret Server Syslog messages.
Note
Data will be stored in the geographic location of the workspace on which you are running Azure Sentinel.
Prerequisites
You must have read and write permissions on your Azure Sentinel workspace.
You must have read permissions to shared keys for the workspace.
Your Thycotic Secret Server must be configured to export logs via Syslog.
Send Thycotic Secret Server logs to Azure Sentinel
To get its logs into Azure Sentinel, configure your Thycotic Secret Server to send Syslog messages in CEF format to your Linux-based log forwarding server (running rsyslog or syslog-ng). This server will have the Log Analytics agent installed on it, and the agent forwards the logs to your Azure Sentinel workspace.
In the Azure Sentinel navigation menu, select Data connectors.
From the Data connectors gallery, select Thycotic Secret Server (Preview), and then Open connector page.
Follow the instructions in the Instructions tab, under Configuration:
Under 1. Linux Syslog agent configuration - Do this step if you don't already have a log forwarder running, or if you need another one. See STEP 1: Deploy the log forwarder in the Azure Sentinel documentation for more detailed instructions and explanation.
Under 2. Forward Common Event Format (CEF) logs to Syslog agent - Follow Thycotic's instructions to configure Secret Server. This configuration should include the following elements:
- Log destination – the hostname and/or IP address of your log forwarding server
- Protocol and port – TCP 514 (if recommended otherwise, be sure to make the parallel change in the syslog daemon on your log forwarding server)
- Log format – CEF
- Log types – all available
Under 3. Validate connection - Verify data ingestion by copying the command on the connector page and running it on your log forwarder. See STEP 3: Validate connectivity in the Azure Sentinel documentation for more detailed instructions and explanation.
It may take up to 20 minutes until your logs start to appear in Log Analytics.
Find your data
Thycotic Secret Server Architecture
After a successful connection is established, the data appears in Logs, under the Azure Sentinel section, in the CommonSecurityLog table.
To query Thycotic Secret Server data in Log Analytics, copy the following into the query window, applying other filters as you choose:
See the Next steps tab in the connector page for some useful workbooks and query samples.
Next steps
In this document, you learned how to connect Thycotic Secret Server to Azure Sentinel. To learn more about Azure Sentinel, see the following articles:
Thycotic Secret Server Pricing
- Learn how to get visibility into your data, and potential threats.
- Get started detecting threats with Azure Sentinel.
- Use workbooks to monitor your data.