CyberArk Vault

Version: CyberArk Vault version 10.5 or above.

The Digital Vault software is the core of CyberArk's solutions. It is the secure repository of all sensitive information and is responsible for securing this information, managing and controlling all access to it, and maintaining and providing tamper-proof audit records.

Netsurion's Open XDR platform collects the event logs delivered from the CyberArk Vault and filters them out to get some critical event types for creating a report, dashboard, category, and alerts. Among the event types, we are considering: Threat detection, Suspicious behavior detection, Configuration change and action taken on threats.

After the CyberArk Vault is configured to deliver events to the Netsurion's Open XDR platform, the dashboards and reports can be configured into Netsurion's Open XDR platform.

Some of the Data Source Integrations available in Netsurion are listed below.

Alerts

Type Name Description
Security CyberArk Vault - Critical activity detected This alert is triggered based on the severity of the log whenever the user’s suspicious activities are detected.
Security CyberArk Vault - Security activity detected This alert is triggered based on the security warning of the log whenever the user’s suspicious and anomalies actions are detected.

Reports

Type Name Description
Security CyberArk Vault - Critical and security activities This report provides a detailed summary of all the critical and security activities performed by the users based on their severity and action codes. The report includes the User IP, Source username, and more.
Security CyberArk Vault - Update and add activities This report provides a detailed summary of all the update activities performed by the users. The report includes Log Time, Computer, Action, Device, and more.
Security CyberArk Vault - Failed and delete activities This report provides a detailed summary of all the failed and delete activities performed by the users. The report includes the Message ID, Request ID, Safe name, Severity, and more.
Security CyberArk Vault - Logon and logoff activities This report provides a detailed summary of overall activities performed by the users. The report includes Action, Source IP address, Source username, and more.

Documentation

The configuration details are consistent with Netsurion's Open XDR platform version 9.3 or later, and CyberArk Vault version 10.5 or above.

Download Integration Guide and How-to Guide for more information and to configuration instructions.