Lookups for the Splunk Add-on for CyberArk EPM¶
The Splunk Add-on for CyberArk EPM has the following lookups. The CSV lookup files are located in $SPLUNK\_HOME/etc/apps/Splunk\_TA\_cyberark\_epm/lookups.
| Lookup name | Description |
|---|---|
| cyberark_epm_action_name.csv | Action(integer) field from the event is mapped to the ActionName field in sourcetype cyberark:epm:policies |