Splunk® Supported Add-ons

Splunk Add-on for CyberArk EPM

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Release notes history

The latest release of Splunk Add-on for CyberArk EPM is version 2.0.1. For information, see Release notes for the Splunk Add-on for CyberArk EPM.

Version 2.0.0

Splunk Add-on for CyberArk EPM version 2.0.0 was released on March 27, 2023.

About this release

Version 2.0.0 of the Splunk Add-on for CyberArk EPM is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 8.1, 8.2, 9.0.x
CIM 5.1.0
Platforms Platform independent
Vendor Products CyberArk EPM v21.10, v23.3.0


Features

Version 2.0.0 of the Splunk Add-on for CyberArk EPM provides the following improvement:

  • Support for CyberArk EPM APIs v23.3.0
  • Support for Raw Events along with Aggregated Events
  • Introduced 2 new inputs which collects data using both the API types - Inbox Events and Policy Audit Events
  • Introduced 4 new sourcetypes. 2 each for both the inputs -
    • cyberark:epm:raw:events - Collects Inbox Events from raw API endpoint
    • cyberark:epm:aggregated:events - Collects Inbox Events from aggregated API endpoint
    • cyberark:epm:raw:policy:audit - Collects Policy Audit Events from raw API endpoint
    • cyberark:epm:aggregated:policy:audit - Collects Policy Audit Events from aggregated API endpoint
  • Added functionality of "Start Date" to start the data collection as and when needed, for the 2 new inputs
  • Provided support of CIM version 5.1.0
  • Upgraded certifi library to version 2022.12.7 to fix a security vulnerability

Application Events, Policy Audit, and Threat Detection are marked as deprecated inputs in the UI. When configuring these inputs, a warning message appears that suggests using the newly introduced input to utilize the enhanced APIs introduced by CyberArk. The deprecated inputs will be removed in a future release.

Version 2.0.0 of the Splunk Add-on for CyberArk EPM has no reported known issues.

Third-party software attributions

Version 2.0.0 of the Splunk Add-on for CyberArk EPM incorporate the following third-party software Media:Third_Party_CyberArk_EPM_2_0_0.pdf

Version 1.2.0

Splunk Add-on for CyberArk EPM version 1.2.0 was released on December 2, 2021.

About this release

Version 1.2.0 of the Splunk Add-on for CyberArk EPM is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 8.0, 8.1, 8.2
CIM 4.20.2
Platforms Platform independent
Vendor Products

CyberArk EPM v11.6, v21.10

The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.

Features

Version 1.2.0 of the Splunk Add-on for CyberArk EPM provides the following improvement: Support for CyberArk EPM v21.10 Enhanced CIM mapping and compatibility with CIM v4.20.2 For cyberark:epm:computers sourcetype added Inventory Data Model mappings. For cyberark:epm:threat:detection sourcetype ThreatDetectionAction=Detected Data Model has been changed from Change DM to Intrusion Detection DM. Due to DM changes the following changes have been made for these events: dest field has been removed from these events. action field value has been changed from read to allowed.

Version 1.2.0 of the Splunk Add-on for CyberArk EPM has no reported known issues.

Third-party software attributions

Version 1.2.0 of the Splunk Add-on for CyberArk EPM incorporate the following third-party software Media:AsciiDoc_disclosure_document_CyberArkEPM_1_1_0.pdf

Version 1.1.0

Splunk Add-on for CyberArk EPM version 1.1.0 was released on July 14, 2021. Version 1.1.0 of the Splunk Add-on for CyberArk EPM is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 8.0, 8.1, 8.2
CIM 4.16
Platforms Platform independent
Vendor Products

CyberArk EPM v11.6

The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.

Features

Version 1.1.0 of the Splunk Add-on for CyberArk EPM provides the following improvement:

  • Support for the latest UCC Framework 5.4.3.
  • Restarts on search heads are no longer required.

Version 1.1.0 of the Splunk Add-on for CyberArk EPM has no reported known issues.

Third-party software attributions

Version 1.1.0 of the Splunk Add-on for CyberArk EPM incorporate the following third-party software File:AsciiDoc disclosure document CyberArkEPM 1 1 0.pdf

Version 1.0.0

Version 1.0.0 of the Splunk Add-on for CyberArk EPM is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 8.0
CIM 4.16
Platforms Platform independent
Vendor Products

CyberArk EPM v11.6

The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.

Features

Version 1.0.0 of the Splunk Add-on for CyberArk EPM provides the following features:

  • Let a Splunk software administrator pull aggregated events of Application Events, Policy Audit, and Threat Detection categories using the cloud administration APIs of CyberArk EPM.
  • Collects logs related to Policies, Computers, and Computer Groups.
  • Supported the following Data Models (CIM v4.16):
    • Change
    • Intrusion Detection
    • Endpoint

Known issues

Version 1.0.0 of the Splunk Add-on for CyberArk EPM has no reported known issues.

Third-party software attributions

Version 1.0.0 of the Splunk Add-on for CyberArk EPM incorporate the following third-party software:

Last modified on 13 December, 2023
PREVIOUS
Release notes for the Splunk Add-on for CyberArk EPM
 

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters