Re: How to integrate CyberArk with Splunk?

kpavan · ‎01-29-2016

Hi All,

Anyone integrated CyberArk with Splunk? I have configured syslog to get the CyberArk logs and send to Splunk. I have data in Splunk related to CyberArk. If anyone has done this, could you please share some dashboards to analyse the below details?

Password change Dashboard
a. Total Failure and Success.
b. Passwords not changed since: 1, 3,6 months.(count of devices)
c. Device Type wise Password success/failure.
d. Top 3 success/failure Policies
e. Next Password change(count of devices) in: Sep, Oct, Nov

Check in - Check out Dashboard
a. No of checkin and checkouts.
b. Which user had access to which Privileged Account IDs over a specific time period.
c. Most active users - Top 5 User with maximum accesses

Inventory Dashboard
a. No of devices according to Device types
b. Top 5 most accessed devices
c. Connected/Disconnected device count DeviceType wise.
d. Dormant accounts count along with the account privileges,

dantimola · ‎04-23-2018

Have you tried this?
app: https://splunkbase.splunk.com/app/2891/
docs: https://docs.splunk.com/Documentation/AddOns/released/CyberArk/About

smdasim · ‎04-22-2018

Hi Splunk Team,
Any update on the above question
Regards,
Smdasim!

How to integrate CyberArk with Splunk?

3 Ways to Make OpenTelemetry Even Better

What's New in Splunk Cloud Platform 9.2.2406?

Enterprise Security Content Update (ESCU) | New Releases