+1Has anyone done the log ingestion for CyberArk privileged cloud? Looking at the CyberArk's documentation you need a custom translator file. Has anyone else found another way to get these logs? or know of a XSL file that is publicly available?
Cyberark Doc: https://docs.cyberark.com/privilege-cloud-standard/Latest/en/Content/Privilege%20Cloud/privCloud-connect-siem.htm
+16We have a parser for it so somebody must be doing it.
Can you setup a webhook and get the data into SecOps in that manner?
+1Looks like that should be the case just for the audit section just not seeing Privileged cloud logs there.
https://docs.cyberark.com/audit/latest/en/content/audit/isp_siem-integration.htm?tocpath=SIEM%20integrations%7C_____1
+1From talking with CyberArk's support you can generate a report via webhook. The other is gettings logs for specific user IDs for a specific number of days which isn't super helpful.
https://github.com/cyberark/epv-api-scripts/tree/main/Reports
https://docs.cyberark.com/privilege-cloud-standard/latest/en/content/privilegecloudapis/privcloud-ticketing-systems-custom-export-logs.htm
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.