Source types¶
The Splunk Add-on for CyberArk EPM supports the following source types.
| Source type | Event type | CIM compatibility |
|---|---|---|
| cyberark:epm:account:admin:audit | cyberark_epm_account_admin_audit_logs_all_changes, cyberark_epm_account_admin_audit_logs_account_changes | Change - All_Changes, Change - Account_Management |
| cyberark:epm:admin:audit | cyberark_epm_admin_audit_logs_all_changes, cyberark_epm_admin_audit_logs_account_changes | Change - All_Changes, Change - Account_Management |
| cyberark:epm:application:events | cyberark_epm_endoint_process | Endpoint - Processes |
| cyberark:epm:policy:audit | cyberark_epm_endoint_process | Endpoint - Processes |
| cyberark:epm:threat:detection | cyberark_epm_attack | Intrusion Detection |
| cyberark:epm:policies | N/A | N/A |
| cyberark:epm:computers | cyberark_epm_computers | Inventory |
| cyberark:epm:computer:groups | N/A | N/A |
| cyberark:epm:raw:events | cyberark_epm_raw_events_endpoint_process, cyberark_epm_events_ids_attack, cyberark_epm_events_malware_attack | Endpoint - Processes, Intrusion Detection, Malware Attacks |
| cyberark:epm:aggregated:events | cyberark_epm_events_ids_attack, cyberark_epm_events_malware_attack | Intrusion Detection, Malware Attacks |
| cyberark:epm:raw:policy:audit | cyberark_epm_raw_policyaudit_endpoint_process | Endpoint - Processes |
| cyberark:epm:aggregated:policy:audit | N/A | N/A |