Re: How to integrate CyberArk with Splunk?

kpavan · ‎01-29-2016

Hi All,

Anyone integrated CyberArk with Splunk? I have configured syslog to get the CyberArk logs and send to Splunk. I have data in Splunk related to CyberArk. If anyone has done this, could you please share some dashboards to analyse the below details?

Password change Dashboard
a. Total Failure and Success.
b. Passwords not changed since: 1, 3,6 months.(count of devices)
c. Device Type wise Password success/failure.
d. Top 3 success/failure Policies
e. Next Password change(count of devices) in: Sep, Oct, Nov

Check in - Check out Dashboard
a. No of checkin and checkouts.
b. Which user had access to which Privileged Account IDs over a specific time period.
c. Most active users - Top 5 User with maximum accesses

Inventory Dashboard
a. No of devices according to Device types
b. Top 5 most accessed devices
c. Connected/Disconnected device count DeviceType wise.
d. Dormant accounts count along with the account privileges,

dantimola · ‎04-23-2018

Have you tried this?
app: https://splunkbase.splunk.com/app/2891/
docs: https://docs.splunk.com/Documentation/AddOns/released/CyberArk/About

smdasim · ‎04-22-2018

Hi Splunk Team,
Any update on the above question
Regards,
Smdasim!

How to integrate CyberArk with Splunk?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

Join the Conversation