CyberArk Identity

The IBM® QRadar® DSM for CyberArk Identity collects logs from a CyberArk Identity log source.

Important: The Centrify Identity Platform DSM name is now the CyberArk Identity DSM. The DSM RPM name remains as Centrify Identity Platform in QRadar.
To integrate CyberArk Identity with QRadar, complete the following steps:
  1. If automatic updates are not enabled, download and install the most recent version of the following RPMs from the IBM Support Website onto your QRadar Console:
    • Protocol Common RPM
    • Centrify Redrock REST API Protocol RPM
    • DSMCommon RPM
    • Centrify Identity Platform DSM RPM
  2. Configure your CyberArk Identity DSM to communicate with QRadar.
  3. Add a CyberArk Identity log source on the QRadar Console. The following table describes the Centrify Redrock REST API protocol parameters that require specific values to collect events from CyberArk Identity:
    Table 1. Centrify Redrock REST API protocol log source parameters
    Parameter Value
    Log Source type CyberArk Identity
    Protocol Configuration Centrify Redrock REST API

    For a complete list of Centrify Redrock REST API protocol parameters and their values, see Centrify Redrock REST API protocol configuration options.