CyberArk Audit for Microsoft Sentinel

Solution: CyberArkAudit

CyberArkAudit Logo

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Attribute	Value
Publisher	CyberArk Support
Support Tier	Partner
Support Link	https://www.cyberark.com/services-support/technical-support-contact/
Categories	domains
Version	3.1.0
Author	CyberArk Business Development - BizDevTech@cyberark.com
First Published	2024-03-01
Last Updated	2026-03-05
Solution Folder	CyberArkAudit
Marketplace	Azure Marketplace · Popularity: 🟢 High (89%)

The integration between CyberArk Audit and Microsoft Sentinel aims to seamlessly connect the robust audit capabilities of CyberArk with the advanced security analytics and threat detection features of Microsoft Sentinel

Data Connectors
Tables Used
Content Items

Data Connectors

This solution provides 2 data connector(s):

Tables Used

This solution uses 1 table(s):

Table	Used By Connectors	Used By Content
`CyberArk_AuditEvents_CL`	CyberArk Audit, CyberArkAudit	Analytics

Content Items

This solution includes 3 content item(s):

Content Type	Count
Analytic Rules	3

Analytic Rules

Name	Severity	Tactics	Tables Used
CyberArk - High-Risk Actions Outside Business Hours	High	DefenseEvasion	`CyberArk_AuditEvents_CL`
CyberArk - Multiple Failed Actions Followed by Success (15m)	Medium	CredentialAccess	`CyberArk_AuditEvents_CL`
CyberArk - Sensitive Safe/Permission/Entitlement Changes (with customData)	Low	PrivilegeEscalation	`CyberArk_AuditEvents_CL`

Release Notes

Version	Date Modified (DD-MM-YYYY)	Change History
3.1.0	13-03-2026	New Data Connector based on CCF. added missing migration instructions and disclaimers.
3.0.2	16-10-2025	Add Analytics Rules.
3.0.1	29-04-2024	Configuration procedure update.
3.0.0	03-04-2024	Initial Solution Release.