Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

CyberArk Privileged Threat Analytics

 

The JSA DSM for CyberArk Privileged Threat Analytics collects events from a CyberArk Privileged Threat Analytics device.

The following table describes the specifications for the CyberArk Privileged Threat Analytics DSM:

Table 1: CyberArk Privileged Threat Analytics DSM Specifications

Specification

Value

Manufacturer

CyberArk

DSM name

CyberArk Privileged Threat Analytics

RPM file name

DSM-CyberArkPrivilegedThreatAnalytics-JSA_version-

build_number


.noarch.rpm

Supported versions

V3.1

Protocol

Syslog

Recorded event types

Detected security events

Automatically discovered?

Yes

Includes identity?

No

Includes custom properties?

No

More information

CyberArk website (http://www.cyberark.com)

To integrate CyberArk Privileged Threat Analytics with JSA, complete the following steps:

  1. If automatic updates are not enabled, download and install the most recent version of the following RPMs on your JSA console:

    • CyberArk Privileged Threat Analytics DSM RPM

    • DSMCommon RPM

  2. Configure your CyberArk Privileged Threat Analytics device to send syslog events to JSA.

  3. If JSA does not automatically detect the log source, add a CyberArk Privileged Threat Analytics log source on the JSA Console. The following table describes the parameters that require specific values for CyberArk Privileged Threat Analytics event collection:

    Table 2: CyberArk Privileged Threat Analytics Log Source Parameters

    Parameter

    Value

    Log Source type

    CyberArk Privileged Threat Analytics

    Protocol Configuration

    Syslog

Configuring CyberArk Privileged Threat Analytics to Communicate with JSA

To collect all events from CyberArk Privileged Threat Analytics, you must specify JSA as the syslog server and configure the syslog format. The CyberArk Privileged Threat Analytics device sends syslog events that are formatted as Log Event Extended Format (LEEF).

  1. On the CyberArk Privileged Threat Analytics machine, go to the /opt/tomcat/diamond-resources/local/ directory, and open the systemparm.properties file in a text editor such as vi.
  2. Uncomment the syslog_outbound property and then edit the following parameters:

    Parameter

    Value

    Host

    The host name or IP address of the JSA system.

    Port

    514

    Protocol

    UDP

    Format

    JSA

    The following is an example of the syslog_outbound property:

    The following is an example of the syslog_outbound property specifying multiple syslog recipients, separated by commas:

  3. Save the systemparm.properties configuration file, and then close it.
  4. Restart CyberArk Privileged Threat Analytics.

Related Documentation