Lookups for the Splunk Add-on for CyberArk¶
The Splunk Add-on for CyberArk has the following lookups. The lookup files map fields from CyberArk systems to CIM-compliant values in the Splunk platform. The lookup files are located in $SPLUNK_HOME/etc/apps/Splunk_TA_cyberark/lookups.
| Filename | Description |
|---|---|
cyberark_epv_vault_audit_action_codes_lookup.csv |
Maps code to description, alert, cim_data_model, action, change_type, extratag, vendor_object, object_category, and status. |
cyberark_epv_all_changes_result.csv |
Maps code to result, object_attrs. |
cyberark_epv_vault_alert.csv |
Maps code to type, dest_type. |
cyberark_epv_all_changes_object.csv |
Maps code to object, object_id. |