Source types for the Splunk Add-on for CyberArk
The Splunk Add-on for CyberArk provides index-time and search-time knowledge for CyberArk alerts, events, and traffic in the following formats.
| Source type | Description | Eventtype | CIM compatibility |
|---|---|---|---|
cyberark:epv:cef
|
Data from Enterprise Password Vault | cyberark_epv_authentication | Authentication |
| cyberark_epv_authentication_success | Authentication | ||
| cyberark_epv_authentication_failure | Authentication | ||
| cyberark_epv_change_analysis | Change | ||
| cyberark_epv_change_analysis_cpm | Change | ||
| cyberark_epv_change_analysis_cpm_tasks | Change | ||
| cyberark_epv_change_analysis_cpm_auto_detection | Change | ||
| cyberark_epv_change_analysis_account | Change | ||
| cyberark_epv_change_analysis_psm | Change | ||
| cyberark_epv_change_analysis_safe_acl | Change | ||
| cyberark_epv_change_analysis_audit | Change | ||
| cyberark_epv_network_sessions | Network Sessions | ||
| cyberark_epv_network_sessions_start | Network Sessions | ||
| cyberark_epv_network_sessions_end | Network Sessions | ||
| cyberark_epv_endpoint_filesystem | Endpoint | ||
| cyberark_epv_endpoint_process | Endpoint | ||
| cyberark_epv_alert | Alerts | ||
cyberark:pta:cef
|
Data from Privileged Threat Analytics. | cyberark_pta_alerts | Alerts |
Last modified on 08 December, 2021
| Lookups for the Splunk Add-on for CyberArk | Release notes for the Splunk Add-on for CyberArk |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Download manual
Feedback submitted, thanks!