CyberArk Endpoint Privilege Manager provides holistic endpoint protection to secure all endpoints and enforce least privilege without disrupting business.

Connect Cyberark EPM with Devo SOAR

1. Navigate to Automations > Integrations.

2. Search for Cyberark EPM.

3. Click Details, then the + icon. Enter the required information in the following fields.

4. Label: Enter a connection name.

5. Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.

6. Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).

7. Remote Agent: Run this integration using the Devo SOAR Remote Agent.

8. EPM dispatcher server: EPM dispatcher server. Example 'in.epm.cyberark.com'. Follow https://docs.cyberark.com/EPM/Latest/en/Content/WebServices/WebServicesIntro.htm#EPMdispatcherservername

9. Username: Username for EPM server.

10. Password: Password of the user in EPM server.

11. Application Id: The name of the application or system where the REST API originated. This is hardcoded by users. For example, postman, serviceNow, commandline.

12. After you've entered all the details, click Connect.

Actions for Cyberark EPM

List Policies

Retrieves a list of policies, according to one or more filters.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Output

JSON containing the following items:

``` {json}[ { "PolicyType": 11, "ModifiedDate": "2024-04-24T07:58:07.5568286", "ReferencedApplicationGroups": [], "PolicyId": "test-id", "IsAppliedToAllComputers": true, "CreatedDate": "2024-04-24T07:58:07.5568286", "OsType": 1, "has_error": false, "error": null, "PolicyName": "test_2401", "Order": 440, "UserPolicyPermissions": -1, "IsActive": true, "Action": 4 }, { "PolicyType": 12, "ModifiedDate": "2024-04-24T08:58:07.5568286", "ReferencedApplicationGroups": [], "PolicyId": "test-id1", "IsAppliedToAllComputers": true, "CreatedDate": "2024-04-24T07:58:07.5568286", "OsType": 1, "has_error": false, "error": null, "PolicyName": "test_2411", "Order": 440, "UserPolicyPermissions": -1, "IsActive": true, "Action": 4 } ]

Delete Policy

This method deletes a policy.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Output

JSON containing the following items:

``` {json}{ "message": "Successfully Deleted.", "has_error": false, "error": null }

Update Policy

This method updates an existing policy.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Output

JSON containing the following items:

``` {json}{ "message": "Successfully Updated.", "Updated Policy": { "ShellExtension": false, "Priority": 40, "UIAuditVideoError": { "AllowedDialogType": "AuditVideoLowDisk", "Id": "00000000-0000-0000-0000-000000000000" }, "ReplaceUAC": true, "ExcludeADComputerGroups": [], "UIShellExtension": { "AllowedDialogType": "ElevateOnDemand", "Id": "00000000-0000-0000-0000-000000000000" }, "Description": "test_2501_edit description", "Executors": [], "RecordAuditVideo": false, "Activation": { "DeactivateDate": null, "ActivateDate": null, "AutoDelete": false, "Scheduler": null }, "IncludeADComputerGroups": [], "PreviouslyAppGroup": false, "Applications": [ { "displayName": "", "description": "", "internalId": 0, "includeInMatching": true, "applicationGroupId": "00000000-0000-0000-0000-000000000000", "protectInstalledFiles": false, "securityTokenId": "00000000-0000-0000-0000-000000000000", "patterns": { "FILE_NAME": { "compareAs": 0, "hashAlgorithm": "", "hash": "", "content": "test", "caseSensitive": false, "isEmpty": false, "fileSize": 0, "hashSHA256": "", "@type": "FileName" } }, "applicationType": 3, "restrictOpenSaveFileDialog": true, "accountId": "00000000-0000-0000-0000-000000000000", "id": "Test", "childProcess": false, "internalApplicationGroupId": 0 } ], "UIReplaceUacAdmin": { "AllowedDialogType": "ElevateOnDemand", "Id": "00000000-0000-0000-0000-000000000000" }, "Audit": false, "IsAppliedToAllComputers": true, "Name": "test_2501_edit", "UIAuditVideo": { "AllowedDialogType": "AuditVideoConfirmation", "Id": "00000000-0000-0000-0000-000000000000" }, "IncludeAccounts": { "Operator": 0, "UserGroupCollection": [], "CollectionName": "", "SelectedAccountCollection": [], "CollectionId": "00000000-0000-0000-0000-000000000000" }, "Action": 4, "ConditionalEnforcement": [], "AccessControl": null, "Accounts": [], "UIAuditVideoInit": { "AllowedDialogType": "AuditVideoNotify", "Id": "00000000-0000-0000-0000-000000000000" }, "ReplaceUacAdmin": true, "LinkedAgentPolicies": [ { "DefaultApplicationGroupId": "Test", "PolicyType": 3, "Id": "Test" } ], "UIReplaceUAC": { "AllowedDialogType": "ElevateOnDemand", "Id": "00000000-0000-0000-0000-000000000000" }, "ExcludeAccounts": { "Operator": 0, "UserGroupCollection": [], "CollectionName": "", "SelectedAccountCollection": [], "CollectionId": "00000000-0000-0000-0000-000000000000" }, "PolicyType": 11, "Id": "Test", "IsActive": true }, "has_error": false, "error": null }

Temporary Elevation

This method sets the ransomware protection mode.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Output

JSON containing the following items:

{json}{ "SendEmail": true, "Filter": "aggregatedBy EQ \"16,32\"", "Elevation": 1 }

Release Notes

• v1.0.3 - Initial release with the 7 actions: List Policies, Get Policy,Create Policy, Delete Policy,Update Policy,Update Ransomware Mode and Temporary Elevation