Skip to content

CyberArk Identity (IIS)

CyberArk Identity provides a secure platform for managing application access, endpoints, and network infrastructure.

Cyderes by default ingests the following event types from CyberArk Identity:

Cloud.Core.MfaSummary Cloud.Saas.Application.AppLaunch Cloud.Saas.Application.GatewayAppLaunch Cloud.Saas.Application.SelfServiceAppLaunch Cloud.Server.ManualAccount.SessionStart Cloud.Server.LocalAccount.SessionStart Cloud.Server.LocalAccount.PasswordExport Cloud.Server.DomainAccount.PasswordExport Cloud.Core.Server.CpsTileLaunch Cloud.Core.AdaptiveMfa.RiskAnalysis

Chronicle Data Types


Caveats / Known Limitations

This integration supports pulling events from CyberArk's Identity service, but it does not support other CyberArk services.


The web app created must have the ability to query Redrock/query.*. For instructions on how to create a web application with the required permissions, please refer to this document.

Gather Information

Provide the following information to Cyderes to complete implementation:

  • SSO Instance URL
  • Client ID
  • Client Secret
  • Application ID
  • Scope