Skip to content

CyberArk PAM

CyberArk PAM


Keep your business and its most valuable assets secure. Preventing malicious account or credential access starts with comprehensive privileged access management.

Product Details

Vendor URL: CyberArk | Privileged Access Manager

Additional URLs:

Product Type: Identity and Access Management

Product Tier: Tier II

Integration Method: Syslog

Parser Details

Log Format: CEF:0/KV

Expected Normalization Rate: near 90%


UDM Fields (list of all UDM fields leveraged in the Parser):

Log File Field UDM Event Classification
action metadata.product_event_type
cn1 principal.labels["cn1Label"]
cn2 principal.labels["cn2Label"]
cs1 principal.labels["cs1Label"]
cs2 principal.labels["cs2Label"]
cs3 principal.labels["cs3Label"]
cs4 principal.labels["cs4Label"]
cs5 principal.labels["cs5Label"]
dhost target.hostname
duser target.user.userid
fname target.file.names
hostname observer.hostname
product_name metadata.product_name
shost principal.ip
shost src.hostname
suser principal.user.userid
vendor_name metadata.vendor_name
version metadata.product_version

Product Event Types

Event UDM Event Classification
GENERIC_EVENT metadata.event_type

Log Sample

<5>1 2023-07-28T05:01:01Z server01 CEF:0|Cyber-Ark|Vault|12.2.0008|59|Clear Safe History|5|act=Clear Safe History suser=exampleuser fname= dvc= shost= dhost= duser= externalId= app= reason= cs1Label="Affected User Name" cs1= cs2Label="Safe Name" cs2=PasswordManagerTemp cs3Label="Device Type" cs3= cs4Label="Database" cs4= cs5Label="Other info" cs5= cn1Label="Request Id" cn1= cn2Label="Ticket Id" cn2=  msg=

Sample Parsing

metadata.event_type = GENERIC_EVENT
metadata.vendor_name = "Cyber-Ark"
metadata.product_name = "Vault"
metadata.product_version = "12.2.0008"
metadata.product_event_type = "Clear Safe History"
observer.hostname = "server01"
principal.user.userid = "exampleuser"
principal.ip = ""
principal.labels["Safe Name"] = "PasswordManagerTemp"
src.hostname = ""

Parser Alerting

This product currently does not have any Parser-based Alerting


Coming soon