CyberArk Privileged Threat Analytics
The IBM QRadar DSM for CyberArk Privileged Threat Analytics collects events from a CyberArk Privileged Threat Analytics device.
The following table describes the specifications for the CyberArk Privileged Threat Analytics
DSM:
| Specification | Value |
|---|---|
| Manufacturer | CyberArk |
| DSM name | CyberArk Privileged Threat Analytics |
| RPM file name | DSM-CyberArkPrivilegedThreatAnalytics-Qradar_version-build_number.noarch.rpm |
| Supported versions | V3.1 |
| Protocol | Syslog |
| Recorded event types | Detected security events |
| Automatically discovered? | Yes |
| Includes identity? | No |
| Includes custom properties? | No |
| More information | CyberArk website (http://www.cyberark.com) |
To integrate CyberArk Privileged Threat Analytics with QRadar, complete the following steps:
- If automatic updates are not enabled, download and install the most recent version of the
following RPMs from the IBM® Support Website onto your QRadar
Console:
- CyberArk Privileged Threat Analytics DSM RPM
- DSMCommon RPM
- Configure your CyberArk Privileged Threat Analytics device to send syslog events to QRadar.
- If QRadar does not
automatically detect the log source, add a CyberArk Privileged Threat Analytics log source on the
QRadar Console. The following
table describes the parameters that require specific values for CyberArk Privileged Threat Analytics
event collection:
Table 2. CyberArk Privileged Threat Analytics log source parameters Parameter Value Log Source type CyberArk Privileged Threat Analytics Protocol Configuration Syslog