Privileged Threat Analytics (PTA)
Privileged Threat Analytics (PTA): Analyzes privileged account behavior to detect threats and suspicious activity in real time.
To onboard such a source to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | cyberark |
| product | pta |
| format | cef |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | index |
|---|---|
| cyberark:pta:cef | main |
Sending data to Google SecOps
When sending the data collected from this source to a dynamic Google SecOps destination, Axoflow sets the following log type: CYBERARK_PTA.