Release notes for the Splunk Add-on for CyberArk¶
Version 1.2.0 (latest)¶
Compatibility¶
Version 1.2.0 of the Splunk Add-on for CyberArk is compatible with the following software, CIM versions, and platforms.
| Component | Description |
|---|---|
| Splunk platform versions | 8.0, 8.1, 8.2 |
| CIM | 4.20.2 |
| Platforms | Platform independent |
| Vendor Products | Privileged Threat Analytics (PTA) 12.2, Enterprise Password Vault (EPV) 12.2 |
New features¶
Version 1.2.0 of the Splunk Add-on for CyberArk has the following new features.
- Added the support for the latest CyberArk Enterprise Password Vault 12.2 and CyberArk Privileged Threat Analytics 12.2.
- Added support for the latest Splunk Common Information Model version 4.20.2.
See the following tables for information on field changes between 1.1.0 and 1.2.0:
| Source-type | sourcetype | Fields added | Fields removed |
|---|---|---|---|
['cyberark:epv:cef'] |
cyberark:epv:cef | EventID, user_name, src_user_name, id, result_id, SourceAddress, object_id, description, signature_id |
| Source-type | sourcetype | Fields added | Fields removed |
|---|---|---|---|
['cyberark:pta:cef'] |
cyberark:pta:cef | user_name, dvc, description |
See the following table for a list of fields modified between 1.1.0 and 1.2.0:
| Sourcetype | CIM Field | cef_name | Vendor Field in 1.1.1 | Vendor Field in 1.2.0 |
|---|---|---|---|---|
| cyberark:epv:cef | object | Add Location, Delete Location, Rename/Move Location, Update Location | suser, Example: user404 |
Static: location |
| Delete Group | suser, Example: user404 |
Static: group | ||
| Move Network Area, Rename Network Area, Update Network Area | suser, Example: user404 |
Static: network area | ||
| object_category | Add Note | Static: unknown | Static: note | |
| Failure:CPM Reconcile Password Failed | Static: User | Sttaic: user | ||
| Clear User History | Static: file | Static: user | ||
| Failure: Open/Close Safe, Safe Access through Gateway | Static: object | Static: safe | ||
| Update Address | Static: unknown | Static: user | ||
| change_type | Add Owner, Update Owner | Static: vault | Static: Vault | |
| Delete Group | Static: Group | Static: AAA | ||
| Set Password | Static: Password | Static: AAA | ||
| action | Failure:CPM Reconcile Password Failed | created | modified | |
| Failure: User Has Expired, Failure: User Is Disabled | read | failure | ||
| result | Delete Folder | N/A | Static: folder deleted | |
| Lock As Draft | N/A | Static: draft locked | ||
| Move File | N/A | Static: file moved | ||
| Rename File | N/A | Static: file renamed | ||
| reason | Window Title | reason, Example: explorer.exe |
Static: success | |
cyberar:pta:cef |
signature_id | All | EventId, Example: a2f3c7eb-0a56-41c9-8b55-99ceaab6cc97 |
cef_signature, Example: 24 |
| severity | Static: unknown | Static: low | ||
| dest_type | Static: storage | Static: instance |
CIM model changes¶
See the following CIM model changes between 1.1.0 and 1.2.0:
| Sourcetype | cef_name | Previous CIM model | New CIM model |
|---|---|---|---|
| cyberark:epv:cef | Set Password, Delete Group | Change:All_Changes | Change:Account_Management |
| User Has Expired, User Is Disabled | Change:Auditing_Changes | Authentication:Authentication | |
| Update Safe, Delete Safe | Change:Account_Management | Change:All_Changes | |
| Monitor DR Replication start, Monitor DR Replication end, Monitor Backup Replication start, Monitor Backup Replication end | N/A | Change:All_Changes | |
| Privileged Threat Analytics Event | N/A | Alerts:Alerts | |
| Update existing Add Account Bulk Operation succeeded | N/A | Change:Account_Management | |
cyberark:pta:cef |
Privileged access to the Vault from irregular | N/A | Alerts:Alerts |
Fixed issues¶
Version 1.2.0 of the Splunk Add-on for CyberArk contains the following fixed issues. If this section is blank, there are no fixed issues.
Known issues¶
Version 1.2.0 of the Splunk Add-on for CyberArk contains the following known issues. If this section is blank, there are no known issues.
Version 1.1.1¶
Compatibility¶
Version 1.1.1 of the Splunk Add-on for CyberArk is compatible with the following software, CIM versions, and platforms.
| Component | Description |
|---|---|
| Splunk platform versions | 7.3, 8.0, 8.1 |
| CIM | 4.18 |
| Platforms | Platform independent |
| Vendor Products | Privileged Threat Analytics (PTA) 12.0, Enterprise Password Vault (EPV) 12.0 |
New features¶
Version 1.1.1 of the Splunk Add-on for CyberArk has the following new features.
- Added the support for the latest CyberArk Enterprise Password Vault 11.7 and 12.0 and CyberArk Privileged Threat Analytics 12.0.
- Added support for two new event types: endpoint filesystem and endpoint process.
- Added support for the latest Splunk Common Information Model version 4.18.0.
Fixed issues¶
Version 1.1.1 of the Splunk Add-on for CyberArk contains the following fixed issues. If this section is blank, there are no fixed issues.
Known issues¶
Version 1.1.1 of the Splunk Add-on for CyberArk contains the following known issues. If this section is blank, there are no known issues.
Version 1.0.0¶
Compatibility¶
Version 1.0.0 of the Splunk Add-on for CyberArk is compatible with the following software, CIM versions, and platforms.
| Component | Description |
|---|---|
| Splunk platform versions | 6.2.2 or later |
| CIM | 4.2 or later |
| Platforms | Platform independent |
| Vendor Products | Privileged Threat Analytics (PTA) 2.6.3, Enterprise Password Vault (EPV) 9.x |
New features¶
Version 1.0.0 of the Splunk Add-on for CyberArk has the following new features.
- New Splunk-supported add-on.
Known issues¶
Version 1.0.0 of the Splunk Add-on for CyberArk has no reported known issues.