Skip to content

CyberArk Identity (IIS)

CyberArk Identity provides a secure platform for managing application access, endpoints, and network infrastructure.

Cyderes by default ingests the following event types from CyberArk Identity:

Cloud.Core.MfaSummary Cloud.Saas.Application.AppLaunch Cloud.Saas.Application.GatewayAppLaunch Cloud.Saas.Application.SelfServiceAppLaunch Cloud.Server.ManualAccount.SessionStart Cloud.Server.LocalAccount.SessionStart Cloud.Server.LocalAccount.PasswordExport Cloud.Server.DomainAccount.PasswordExport Cloud.Core.Server.CpsTileLaunch Cloud.Core.AdaptiveMfa.RiskAnalysis

Chronicle Data Types

  • CYBERARK_SSO

Caveats / Known Limitations

This integration supports pulling events from CyberArk's Identity service, but it does not support other CyberArk services.

Requirements

The web app created must have the ability to query Redrock/query.*. For instructions on how to create a web application with the required permissions, please refer to this document.

Gather Information

Provide the following information to Cyderes to complete implementation:

  • SSO Instance URL
  • Client ID
  • Client Secret
  • Application ID
  • Scope