Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Juan Tomás Alonso Nieto

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel2
maxLevel2
outlinefalse
typeflat
separatorbrackets
printablefalse

Introduction

The tags beginning with iam.cyberark identify events generated by Cyberark.

Valid tags and data tables 

...

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Cyberark

iam.cyberark.audit

iam.cyberark.audit

iam.cyberark.identity.event

iam.cyberark.identity.event

iam.cyberark.vault.cef

iam.cyberark.vault

iam.cyberark.vault_leef

iam.cyberark.vault_leef

For more information, read more about Devo tags.

...

These are the fields displayed in these tables:

Anchor
iam.cyberark.audit
iam.cyberark.audit
iam.cyberark.audit

Field

Type

Extra field

eventdate

timestamp

Hostname

str

EventReceivedTime

str

SourceModuleName

str

SourceModuleType

str

SourceName

str

Message

str

hostchain

str

tag

str

rawMessage

str

Anchor
iam.cyberark.identity.cloud_saas_application_applaunch
iam.cyberark.identity.cloud_saas_application_applaunch
iam.cyberark.identity.event

Field

Type

Extra fields

eventdate

timestamp

 

hostname

str

 

old_entity

str

 

entity_name

str

 

entity_uuid

str

 

normalized_user

str

 

internal_session_id

str

 

impersonator_uuid

str

 

template_name

str

 

az_deployment_id

str

 

event_type

str

 

application_name

str

 

directory_service_uuid

str

 

internal_tracking_id

str

 

auth_method

str

 

entity_type

str

 

when_occurred

str

 

az_role_id

str

 

when_logged

str

 

table_name

str

 

new_entity

str

 

tenant

str

 

application_id

str

 

thread_type

str

 

from_ip_address

str

 

from_ip_addressv4

ip4

 

from_ip_addressv6

ip6

 

request_device_os

str

 

request_is_mobile_device

bool

 

level2

str

 

directory_service_partner_name

str

 

application_type

str

 

user_guid

str

 

id

str

 

az_role_name

str

 

request_host_name

str

 

request_host_namev4

ip4

 

request_host_namev6

ip6

 

at_devo_pulling_id

str

 

hostchain

str

tag

str

rawMessage

str

Anchor
iam.cyberark.vault
iam.cyberark.vault
iam.cyberark.vault

Field

Type

Extra field

Source field name

eventdate

timestamp

 

host

str

vhost

act

str

 

rt

str

 

suser

str

 

fname

str

 

dvc

ip4

 

shost

ip4

 

dhost

str

 

duser

str

 

externalId

str

 

app

str

 

reason

str

 

cs1Label

str

 

cs1

str

 

cs2Label

str

 

cs2

str

 

cs3Label

str

 

cs3

str

 

cs4Label

str

 

cs4

str

 

cs5Label

str

 

cs5

str

 

cn1Label

str

 

cn1

str

 

cn2Label

str

 

cn2

str

 

msg

str

 

hostchain

str

 

tag

str

 

rawMessage

str

rawSource

Anchor
iam.cyberark.vault_leef
iam.cyberark.vault_leef
iam.cyberark.vault_leef

Field

Type

Extra Label

Source field name

eventdate

timestamp

 

host

str

vhost

leefVer

str

 

vendor

str

 

product

str

 

version

str

 

eventID

str

 

sev

int4

 

Action

str

 

EventMessage

str

 

OSUser

str

 

usrName

str

 

src

ip4

 

SourceUser

str

 

TargetUser

str

 

File

str

 

Safe

str

 

Location

str

 

Category

str

 

RequestId

str

 

Reason

str

 

ExtraDetails

str

 

GatewayStation

str

 

CAPolicy

str

 

hostchain

str

 

tag

str

 

rawMessage

str