Splunk® Supported Add-ons

Splunk Add-on for CyberArk

Source types for the Splunk Add-on for CyberArk

The Splunk Add-on for CyberArk provides index-time and search-time knowledge for CyberArk alerts, events, and traffic in the following formats.

Source type Description Eventtype CIM compatibility
cyberark:epv:cef Data from Enterprise Password Vault cyberark_epv_authentication Authentication
cyberark_epv_authentication_success Authentication
cyberark_epv_authentication_failure Authentication
cyberark_epv_change_analysis Change
cyberark_epv_change_analysis_cpm Change
cyberark_epv_change_analysis_cpm_tasks Change
cyberark_epv_change_analysis_cpm_auto_detection Change
cyberark_epv_change_analysis_account Change
cyberark_epv_change_analysis_psm Change
cyberark_epv_change_analysis_safe_acl Change
cyberark_epv_change_analysis_audit Change
cyberark_epv_network_sessions Network Sessions
cyberark_epv_network_sessions_start Network Sessions
cyberark_epv_network_sessions_end Network Sessions
cyberark_epv_endpoint_filesystem Endpoint
cyberark_epv_endpoint_process Endpoint
cyberark_epv_alert Alerts
cyberark:pta:cef Data from Privileged Threat Analytics. cyberark_pta_alerts Alerts
Last modified on 08 December, 2021
Lookups for the Splunk Add-on for CyberArk   Release notes for the Splunk Add-on for CyberArk

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters