CyberArk Privileged Threat Analytics

The IBM QRadar DSM for CyberArk Privileged Threat Analytics collects events from a CyberArk Privileged Threat Analytics device.

The following table describes the specifications for the CyberArk Privileged Threat Analytics DSM:
Table 1. CyberArk Privileged Threat Analytics DSM specifications
Specification Value
Manufacturer CyberArk
DSM name CyberArk Privileged Threat Analytics
RPM file name DSM-CyberArkPrivilegedThreatAnalytics-Qradar_version-build_number.noarch.rpm
Supported versions V3.1
Protocol Syslog
Recorded event types Detected security events
Automatically discovered? Yes
Includes identity? No
Includes custom properties? No
More information CyberArk website (http://www.cyberark.com)
To integrate CyberArk Privileged Threat Analytics with QRadar, complete the following steps:
  1. If automatic updates are not enabled, download and install the most recent version of the following RPMs from the IBM® Support Website onto your QRadar Console:
    • CyberArk Privileged Threat Analytics DSM RPM
    • DSMCommon RPM
  2. Configure your CyberArk Privileged Threat Analytics device to send syslog events to QRadar.
  3. If QRadar does not automatically detect the log source, add a CyberArk Privileged Threat Analytics log source on the QRadar Console. The following table describes the parameters that require specific values for CyberArk Privileged Threat Analytics event collection:
    Table 2. CyberArk Privileged Threat Analytics log source parameters
    Parameter Value
    Log Source type CyberArk Privileged Threat Analytics
    Protocol Configuration Syslog