Hi All,
Anyone integrated CyberArk with Splunk? I have configured syslog to get the CyberArk logs and send to Splunk. I have data in Splunk related to CyberArk. If anyone has done this, could you please share some dashboards to analyse the below details?
Password change Dashboard
a. Total Failure and Success.
b. Passwords not changed since: 1, 3,6 months.(count of devices)
c. Device Type wise Password success/failure.
d. Top 3 success/failure Policies
e. Next Password change(count of devices) in: Sep, Oct, Nov
Check in - Check out Dashboard
a. No of checkin and checkouts.
b. Which user had access to which Privileged Account IDs over a specific time period.
c. Most active users - Top 5 User with maximum accesses
Inventory Dashboard
a. No of devices according to Device types
b. Top 5 most accessed devices
c. Connected/Disconnected device count DeviceType wise.
d. Dormant accounts count along with the account privileges,
Have you tried this?
app: https://splunkbase.splunk.com/app/2891/
docs: https://docs.splunk.com/Documentation/AddOns/released/CyberArk/About
Hi Splunk Team,
Any update on the above question
Regards,
Smdasim!