CyberArk_AuditEvents_CL

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Tables Index

---

Attribute	Value
Ingestion API Supported	✓ Yes

Contents

• Schema
• Solutions
• Connectors
• Content Items

Schema (17 columns)

Source: KQL validation test schema

Column Name	Type
action	string
actionType	string
applicationCode	string
auditCode	string
auditType	string
command	string
component	string
CyberArkTenantId	string
message	string
serviceName	string
sessionId	string
source	string
target	string
TimeGenerated	datetime
timestamp	int
userId	string
username	string

Solutions (1)

This table is used by the following solutions:

• CyberArkAudit

Connectors (2)

This table is ingested by the following connectors:

Connector	Selection Criteria
CyberArkAudit
CyberArk Audit

---

Content Items Using This Table (3)

Analytic Rules (3)

In solution CyberArkAudit:

Analytic Rule	Selection Criteria
CyberArk - High-Risk Actions Outside Business Hours
CyberArk - Multiple Failed Actions Followed by Success (15m)
CyberArk - Sensitive Safe/Permission/Entitlement Changes (with customData)

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Tables Index