Release notes history¶
The latest release of Splunk Add-on for CyberArk EPM is version 3.1.0. For information, see Release notes for the Splunk Add-on for CyberArk EPM.
Version 3.0.0¶
Splunk Add-on for CyberArk EPM version 3.0.0 was released on January 30, 2025.
Compatibility¶
Version 3.0.0 of the Splunk Add-on for CyberArk EPM is compatible with the following software, CIM versions, and platforms.
| Component | Description |
|---|---|
| Splunk platform versions | 9.0.x 9.1.x, 9.2.x, 9.3.x, 9.4.x |
| CIM | 5.3.2 |
| Platforms | Platform independent |
| Vendor Products | CyberArk EPM v21.10, v23.3.0, v24.5.0 |
New features¶
- Introduced new input to collect Account Admin Audit Logs for improved tracking of account admin activities.
- Added CIM support of the Change data model to the Account Admin Audit Logs collected using the modular input.
- Added support for the UCC Monitoring Dashboard.
- This dashboard enables users to visualize data volume metrics based on source, index, sourcetype, event trendlines etc, and also visualize errors in the Splunk add-on for CyberArk EPM.
- Added validation for the URLs that do not use basic authentication when you provide a EPM Dispatcher Server URL value during account configuration.
Fixed issues¶
Version 3.0.0 of the Splunk Add-on for CyberArk EPM has no reported fixed issues.
Known issues¶
Version 3.0.0 of the Splunk Add-on for CyberArk EPM has no reported known issues.
Version 2.1.0¶
Splunk Add-on for CyberArk EPM version 2.1.0 was released on July 22, 2024.
Compatibility¶
Version 2.1.0 of the Splunk Add-on for CyberArk EPM is compatible with the following software, CIM versions, and platforms.
| Component | Description |
|---|---|
| Splunk platform versions | 9.0.x 9.1.x, 9.2.x |
| CIM | 5.3.2 |
| Platforms | Platform independent |
| Vendor Products | CyberArk EPM v21.10, v23.3.0, v24.5.0 |
New features¶
- Support for CyberArk EPM APIs v24.5.0.
- Introduced new input for fetching Admin Audit Logs.
- Added CIM support of the Change data model to the Admin Audit Logs collected using the modular input.
- IPv6 support - the Splunk Add-on for CyberArk EPM is now compatible with Splunk running on the IPv6 environment.
- Support of Python 3.9.
Fixed issues¶
Version 2.1.0 of the Splunk Add-on for CyberArk EPM has no reported fixed issues.
Known issues¶
Version 2.1.0 of the Splunk Add-on for CyberArk EPM has no reported known issues.
Version 2.0.1¶
Splunk Add-on for CyberArk EPM version 2.0.1 was released on December 12, 2023.
Compatibility¶
Version 2.0.1 of the Splunk Add-on for CyberArk EPM is compatible with the following software, CIM versions, and platforms.
| Component | Description |
|---|---|
| Splunk platform versions | 9.0.x 9.1.x |
| CIM | 5.1.0 |
| Platforms | Platform independent |
| Vendor Products | CyberArk EPM v21.10, v23.3.0 |
New features¶
Fixed the security vulnerabilities found in the certifi and urllib3 libraries by upgrading their versions from 2022.12.7 to 2023.11.17 and 1.26.9 to 1.26.18 respectively.
Fixed issues¶
Version 2.0.1 of the Splunk Add-on for CyberArk EPM has no reported fixed issues.
Known issues¶
Version 3.0.0 of the Splunk Add-on for CyberArk EPM has no reported known issues.
Version 2.0.0¶
Splunk Add-on for CyberArk EPM version 2.0.0 was released on March 27, 2023.
Compatibility¶
Version 2.0.0 of the Splunk Add-on for CyberArk EPM is compatible with the following software, CIM versions, and platforms.
| Component | Description |
|---|---|
| Splunk platform versions | 8.1, 8.2, 9.0.x |
| CIM | 5.1.0 |
| Platforms | Platform independent |
| Vendor Products | CyberArk EPM v21.10, v23.3.0 |
New features¶
Version 2.0.0 of the Splunk Add-on for CyberArk EPM provides the following improvement:
- Support for CyberArk EPM APIs v23.3.0
- Support for Raw Events along with Aggregated Events
- Introduced 2 new inputs which collects data using both the API types - Inbox Events and Policy Audit Events
- Introduced 4 new sourcetypes. 2 each for both the inputs -
cyberark:epm:raw:events- Collects Inbox Events from raw API endpointcyberark:epm:aggregated:events- Collects Inbox Events from aggregated API endpointcyberark:epm:raw:policy:audit- Collects Policy Audit Events from raw API endpointcyberark:epm:aggregated:policy:audit- Collects Policy Audit Events from aggregated API endpoint
- Added functionality of “Start Date” to start the data collection as and when needed, for the 2 new inputs
- Provided support of CIM version 5.1.0
- Upgraded certifi library to version 2022.12.7 to fix a security vulnerability
Application Events, Policy Audit, and Threat Detection are marked as deprecated inputs in the UI. When configuring these inputs, a warning message appears that suggests using the newly introduced input to utilize the enhanced APIs introduced by CyberArk. The deprecated inputs will be removed in a future release.
Fixed issues¶
Version 2.0.0 of the Splunk Add-on for CyberArk EPM has no reported fixed issues.
Known issues¶
Version 2.0.0 of the Splunk Add-on for CyberArk EPM has no reported known issues.
Version 1.2.0¶
Splunk Add-on for CyberArk EPM version 1.2.0 was released on December 2, 2021.
Compatibility¶
Version 1.2.0 of the Splunk Add-on for CyberArk EPM is compatible with the following software, CIM versions, and platforms.
| Component | Description |
|---|---|
| Splunk platform versions | 8.0, 8.1, 8.2 |
| CIM | 4.20.2 |
| Platforms | Platform independent |
| Vendor Products | CyberArk EPM v11.6, v21.10 |
Note
The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.
For more information about the field alias configuration change, see the Splunk Enterprise Release Notes.
New features¶
Version 1.2.0 of the Splunk Add-on for CyberArk EPM provides the following improvement:
- Support for CyberArk EPM v21.10 Enhanced CIM mapping and compatibility with CIM v4.20.2
- For
cyberark:epm:computerssourcetype added Inventory Data Model mappings. - For
cyberark:epm:threat:detectionsourcetype ThreatDetectionAction=Detected Data Model has been changed from Change DM to Intrusion Detection DM. - Due to DM changes the following changes have been made for these events:
destfield has been removed from these events.actionfield value has been changed from read to allowed.
Known issues¶
Version 1.2.0 of the Splunk Add-on for CyberArk EPM has no reported known issues.
Version 1.1.0¶
Splunk Add-on for CyberArk EPM version 1.1.0 was released on July 14, 2021.
Compatibility¶
Version 1.1.0 of the Splunk Add-on for CyberArk EPM is compatible with the following software, CIM versions, and platforms.
| Component | Description |
|---|---|
| Splunk platform versions | 8.0, 8.1, 8.2 |
| CIM | 4.16 |
| Platforms | Platform independent |
| Vendor Products | CyberArk EPM v11.6 |
Note
The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.
For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.
New features¶
Version 1.1.0 of the Splunk Add-on for CyberArk EPM provides the following improvement:
- Support for the latest UCC Framework 5.4.3.
- Restarts on search heads are no longer required.
Known issues¶
Version 1.1.0 of the Splunk Add-on for CyberArk EPM has no reported known issues.
Version 1.0.0¶
Compatibility¶
Version 1.0.0 of the Splunk Add-on for CyberArk EPM is compatible with the following software, CIM versions, and platforms.
| Component | Description |
|---|---|
| Splunk platform versions | 8.0 |
| CIM | 4.16 |
| Platforms | Platform independent |
| Vendor Products | CyberArk EPM v11.6 |
Note
The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.
For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.
New features¶
Version 1.0.0 of the Splunk Add-on for CyberArk EPM provides the following features:
- Let a Splunk software administrator pull aggregated events of Application Events, Policy Audit, and Threat Detection categories using the cloud administration APIs of CyberArk EPM.
- Collects logs related to Policies, Computers, and Computer Groups.
- Supported the following Data Models (CIM v4.16):
- Change
- Intrusion Detection
- Endpoint
Known issues¶
Version 1.0.0 of the Splunk Add-on for CyberArk EPM has no reported known issues.