CyberArk Privileged Threat Analytics
The IBM QRadar DSM for CyberArk Privileged Threat Analytics collects events from a CyberArk Privileged Threat Analytics device.
The following table describes the specifications for the CyberArk Privileged Threat Analytics
DSM:
Specification | Value |
---|---|
Manufacturer | CyberArk |
DSM name | CyberArk Privileged Threat Analytics |
RPM file name | DSM-CyberArkPrivilegedThreatAnalytics-Qradar_version-build_number.noarch.rpm |
Supported versions | V3.1 |
Protocol | Syslog |
Recorded event types | Detected security events |
Automatically discovered? | Yes |
Includes identity? | No |
Includes custom properties? | No |
More information | CyberArk website (http://www.cyberark.com) |
To integrate CyberArk Privileged Threat Analytics with QRadar, complete the following steps:
- If automatic updates are not enabled, download and install the most recent version of the
following RPMs from the IBM® Support Website onto your QRadar
Console:
- CyberArk Privileged Threat Analytics DSM RPM
- DSMCommon RPM
- Configure your CyberArk Privileged Threat Analytics device to send syslog events to QRadar.
- If QRadar does not
automatically detect the log source, add a CyberArk Privileged Threat Analytics log source on the
QRadar Console. The following
table describes the parameters that require specific values for CyberArk Privileged Threat Analytics
event collection:
Table 2. CyberArk Privileged Threat Analytics log source parameters Parameter Value Log Source type CyberArk Privileged Threat Analytics Protocol Configuration Syslog