CyberArk Identity (IIS)¶
CyberArk Identity provides a secure platform for managing application access, endpoints, and network infrastructure.
Cyderes by default ingests the following event types from CyberArk Identity:
CyberArk event types |
---|
Cloud.Core.MfaSummary |
Cloud.Saas.Application.AppLaunch |
Cloud.Saas.Application.GatewayAppLaunch |
Cloud.Saas.Application.SelfServiceAppLaunch |
Cloud.Server.ManualAccount.SessionStart |
Cloud.Server.LocalAccount.SessionStart |
Cloud.Server.LocalAccount.PasswordExport |
Cloud.Server.DomainAccount.PasswordExport |
Cloud.Core.Server.CpsTileLaunch |
Cloud.Core.AdaptiveMfa.RiskAnalysis |
Cloud.Core.Logout |
Cloud.Core.StartImpersonate |
Cloud.Core.FinishImpersonate |
Cloud.Core.Cus.CusEntity.CusCreateUser |
Cloud.Core.Cus.CusEntity.CusDeleteUser |
A full list of event types to collect can be found here in CyberArk's documentation
Chronicle Data Types¶
- CYBERARK_SSO
Caveats / Known Limitations¶
This integration supports pulling events from CyberArk's Identity service, but it does not support other CyberArk services.
Requirements¶
The web app created must have the ability to query Redrock/query.*
. For instructions on how to create a web application with the required permissions, please refer to this document.
Gather Information¶
Provide the following information to Cyderes to complete implementation:
- SSO Instance URL
- Client ID
- Client Secret
- Application ID
- Scope