Splunk® Supported Add-ons

Splunk Add-on for CyberArk EPM

Source types

The Splunk Add-on for CyberArk EPM supports the following source types.

Source type Event type CIM compatibility
cyberark:epm:admin:audit cyberark_epm_admin_audit_logs_all_changes, cyberark_epm_admin_audit_logs_account_changes Change - All_Changes, Change - Account_Management
cyberark:epm:application:events cyberark_epm_endoint_process Endpoint - Processes
cyberark:epm:policy:audit cyberark_epm_endoint_process Endpoint - Processes
cyberark:epm:threat:detection cyberark_epm_attack Intrusion Detection
cyberark:epm:policies N/A N/A
cyberark:epm:computers cyberark_epm_computers Inventory
cyberark:epm:computer:groups N/A N/A
cyberark:epm:raw:events cyberark_epm_raw_events_endpoint_process, cyberark_epm_events_ids_attack, cyberark_epm_events_malware_attack Endpoint - Processes, Intrusion Detection, Malware Attacks
cyberark:epm:aggregated:events cyberark_epm_events_ids_attack, cyberark_epm_events_malware_attack Intrusion Detection, Malware Attacks
cyberark:epm:raw:policy:audit cyberark_epm_raw_policyaudit_endpoint_process Endpoint - Processes
cyberark:epm:aggregated:policy:audit N/A N/A
Last modified on 22 July, 2024
Configure inputs   Events for the Splunk Add-on for Cyberark EPM

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters