This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

CyberArk

1 - Privileged Threat Analytics (PTA)

Privileged Threat Analytics (PTA): Analyzes privileged account behavior to detect threats and suspicious activity in real time.

To onboard such a source to Axoflow, complete the generic appliance onboarding steps.

Labels

Axoflow automatically adds the following labels to data collected from this source:

Analytics label Message field value
vendor meta.vendor cyberark
product meta.product pta

You can use the labels as:

You can use the message fields

  • in Flow Processing steps, for example, in the Query field of Select Messages steps,
  • in AQL expressions in the search bars.

Sending data to Splunk

When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:

sourcetype index
cyberark:pta:cef main

Sending data to Google SecOps

When sending the data collected from this source to a dynamic Google SecOps destination, Axoflow sets the following log type: CYBERARK_PTA.

2 - Vault

Vault: Stores and manages privileged credentials, session recordings, and access control policies securely.

To onboard such a source to Axoflow, complete the generic appliance onboarding steps.

Labels

Axoflow automatically adds the following labels to data collected from this source:

Analytics label Message field value
vendor meta.vendor cyberark
product meta.product vault

You can use the labels as:

You can use the message fields

  • in Flow Processing steps, for example, in the Query field of Select Messages steps,
  • in AQL expressions in the search bars.

Sending data to Splunk

When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:

sourcetype index
cyberark:epv:cef netauth

Sending data to Google SecOps

When sending the data collected from this source to a dynamic Google SecOps destination, Axoflow sets the following log type: CYBERARK.