Skip to main content
 
 
Splunk Lantern

CyberArk

 

The CyberArk Identity Security Platform enables secure access for any identity — human or machine — to any resource or environment from anywhere, using any device. It combines secure SSO, adaptive MFA, lifecycle management, directory services and user behavior analytics for seamless and secure access for all identities. It applies intelligent privilege controls, as well as differentiated controls to secure unique needs and access sensitive data.

CyberArk EPM dashboard is a powerful tool for your endpoints having CyberArk EPM agent installed. It provides you with out of the box dashboards related to event management, policies and Computers as well as Policy audit events. CyberArk Endpoint Privilege Manager provides endpoint privilege security by removing local admin rights, enforcing role-specific least privilege, defending credentials, and protecting from ransomware — all while removing friction for end-users, streamlining their experience, and easing the load on IT Service Desk.

Before looking at documentation for specific data sources, review the Splunk Docs information on general data ingestion: 

Getting data in

Source Add-ons and Apps Guidance

CyberArk

Splunk platform

Configuration

CyberArk EPM

Splunk platform

Configuration

The CyberArk EPM APP is a powerful tool for your endpoints that have a CyberArk EPM agent installed. It provides you with out-of-the-box dashboards related to event management, policies, and computers, as well as policy audit events. The CyberArk EPM App is built on the Splunk Add-on for CyberArk EPM. To use the app, when using the add-on configuration instructions in the document linked to above, be sure to do the following:

  1. Create an index called epm.
  2. Configure inputs as follows:
    • InboxEvents for Inbox Event Inputs
    • PoliciesandComputers for Policies and Computers Input
    • PolicyAuditEvents for Policy Audit events Input

Use cases