Skip to content

CyberArk Identity (IIS)

CyberArk Identity provides a secure platform for managing application access, endpoints, and network infrastructure.

Cyderes by default ingests the following event types from CyberArk Identity:

CyberArk event types
Cloud.Core.MfaSummary
Cloud.Saas.Application.AppLaunch
Cloud.Saas.Application.GatewayAppLaunch
Cloud.Saas.Application.SelfServiceAppLaunch
Cloud.Server.ManualAccount.SessionStart
Cloud.Server.LocalAccount.SessionStart
Cloud.Server.LocalAccount.PasswordExport
Cloud.Server.DomainAccount.PasswordExport
Cloud.Core.Server.CpsTileLaunch
Cloud.Core.AdaptiveMfa.RiskAnalysis
Cloud.Core.Logout
Cloud.Core.StartImpersonate
Cloud.Core.FinishImpersonate
Cloud.Core.Cus.CusEntity.CusCreateUser
Cloud.Core.Cus.CusEntity.CusDeleteUser

A full list of event types to collect can be found here in CyberArk's documentation

Chronicle Data Types

  • CYBERARK_SSO

Caveats / Known Limitations

This integration supports pulling events from CyberArk's Identity service, but it does not support other CyberArk services.

Requirements

The web app created must have the ability to query Redrock/query.*. For instructions on how to create a web application with the required permissions, please refer to this document.

Gather Information

Provide the following information to Cyderes to complete implementation:

  • SSO Instance URL
  • Client ID
  • Client Secret
  • Application ID
  • Scope