Splunk® Supported Add-ons

Splunk Add-on for CyberArk

Download manual as PDF

Download topic as PDF

Configure CyberArk to produce syslog for the Splunk Add-on for CyberArk

To enable the Splunk Add-on for CyberArk to collect data from your EPV and PTA instances, configure your CyberArk devices to produce syslog output and push it to a data collection node of your Splunk platform installation.

Configure EPV to produce syslog

  1. Copy the SplunkCIM.xsl file provided in the forExport folder of the Splunk Add-on for CyberArk to the folder %ProgramFiles%\PrivateArk\Server\Syslog of the Vault Server.
  2. Follow the instructions in "Integrating with SIEM Applications" in the Privileged Account Security Implementation Guide to configure the DBParm.ini.
  3. For the SyslogTranslatorFile parameter, enter SplunkCIM.xsl.
  4. For the SyslogServerIP and SyslogServerPort parameters, enter the address of your syslog aggregator, or specify a Splunk platform instance that you want to use to receive syslog directly.
  5. Restart your CyberArk Vault server service.

Configure PTA to produce syslog

For PTA, see "Sending PTA syslog records to SIEM" in the Privileged Threat Analytics (PTA) Implementation Guide and follow the instructions to configure syslog output. For the Host and Port parameters, enter the address of your syslog aggregator, or specify a Splunk platform instance that you want to use to receive syslog directly.

PREVIOUS
Install the Splunk Add-on for CyberArk
  NEXT
Configure inputs for Splunk Add-on for CyberArk

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters