CyberArk Identity (IIS)¶
CyberArk Identity provides a secure platform for managing application access, endpoints, and network infrastructure.
Cyderes by default ingests the following event types from CyberArk Identity:
Cloud.Core.MfaSummary Cloud.Saas.Application.AppLaunch Cloud.Saas.Application.GatewayAppLaunch Cloud.Saas.Application.SelfServiceAppLaunch Cloud.Server.ManualAccount.SessionStart Cloud.Server.LocalAccount.SessionStart Cloud.Server.LocalAccount.PasswordExport Cloud.Server.DomainAccount.PasswordExport Cloud.Core.Server.CpsTileLaunch Cloud.Core.AdaptiveMfa.RiskAnalysis
Chronicle Data Types¶
Caveats / Known Limitations¶
This integration supports pulling events from CyberArk's Identity service, but it does not support other CyberArk services.
The web app created must have the ability to query
Redrock/query.*. For instructions on how to create a web application with the required permissions, please refer to this document.
Provide the following information to Cyderes to complete implementation:
- SSO Instance URL
- Client ID
- Client Secret
- Application ID