Syslog - CyberArk

Device Details

Device Name	Syslog - CyberArk
Vendor	Cyber-Ark
Device Type	Vault
Supported Model Name/Number	N/A
Supported Software Version	N/A
Collection Method	Syslog
Configurable Log Output	N/A
Log Source Type	Syslog - CyberArk
Log Processing Policy	LogRhythm Default V 2.0
Exceptions	N/A
Additional Information	https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/13.0/en/Content/PASREF/Vault%20Audit%20Action%20Codes.htm?tocpath=Administrator%7CReferences%7C_____3 https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/13.0/en/Content/PTA/CEF-Based-Format-Definition.htm

Supported Log Messages

(List of LR tags used to parse the log information for each message type)

Type	Product Version	Supported Schema Fields
V 2.0 Cyberark Vault Audit Events	N/A	<vendorinfo>, <version>, <tag1>, <vmid>, <severity>, <action>, <login>, <object>, <sname>, <dname>, <account>, <protname>, <reason>, <sip>, <dip>, <domainimpacted>, <subject>

Revision History

KB Version	Log Type	Change Type	Details
KB 7.1.673.0	Syslog - CyberArk	New Log Source Optimization (LSO) policy: LogRhythm Default v2.0	Optimized new log processing policy for Syslog - CyberArk.