Source types for the Splunk Add-on for CyberArk¶
The Splunk Add-on for CyberArk provides index-time and search-time knowledge for CyberArk alerts, events, and traffic in the following formats.
| Source type | Description | Eventtype | CIM compatibility |
|---|---|---|---|
cyberark:epv:cef |
Data from Enterprise Password Vault | cyberark_epv_authentication |
Authentication |
cyberark:epv:cef |
Data from Enterprise Password Vault | cyberark_epv_authentication_success |
Authentication |
cyberark:epv:cef |
Data from Enterprise Password Vault | cyberark_epv_authentication_failure |
Authentication |
cyberark:epv:cef |
Data from Enterprise Password Vault | cyberark_epv_change_analysis |
Change |
cyberark:epv:cef |
Data from Enterprise Password Vault | cyberark_epv_change_analysis_cpm |
Change |
cyberark:epv:cef |
Data from Enterprise Password Vault | cyberark_epv_change_analysis_cpm_tasks |
Change |
cyberark:epv:cef |
Data from Enterprise Password Vault | cyberark_epv_change_analysis_cpm_auto_detection |
Change |
cyberark:epv:cef |
Data from Enterprise Password Vault | cyberark_epv_change_analysis_account |
Change |
cyberark:epv:cef |
Data from Enterprise Password Vault | cyberark_epv_change_analysis_psm |
Change |
cyberark:epv:cef |
Data from Enterprise Password Vault | cyberark_epv_change_analysis_safe_acl |
Change |
cyberark:epv:cef |
Data from Enterprise Password Vault | cyberark_epv_change_analysis_audit |
Change |
cyberark:epv:cef |
Data from Enterprise Password Vault | cyberark_epv_network_sessions |
Network Sessions |
cyberark:epv:cef |
Data from Enterprise Password Vault | cyberark_epv_network_sessions_start |
Network Sessions |
cyberark:epv:cef |
Data from Enterprise Password Vault | cyberark_epv_network_sessions_end |
Network Sessions |
cyberark_epv_endpoint_filesystem |
Endpoint | ||
cyberark_epv_endpoint_process |
Endpoint | ||
cyberark_epv_alert |
Alerts | ||
cyberark:pta:cef |
Data from Privileged Threat Analytics. | cyberark_pta_alerts |
Alerts |