Note: There may be known issues pertaining to this solution, please refer to them before installing.

CyberArk Privilege Access Management solution for Microsoft Sentinel enables ingestion of Common Event Format (CEF) logs into Microsoft Sentinel. The PAM generates an xml Syslog message for every action taken against the Vault. The PAM will send the xml messages through the Microsoft Sentinel.xsl translator to be converted into CEF standard format and sent to a syslog server of your choice (syslog-ng, rsyslog). The Azure Monitor Agent installed on your syslog staging server will import the messages into Azure Log Analytics. Refer to the CyberArk documentation for more guidance on SIEM integrations.

Underlying Microsoft Technologies used:

This solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:

1. Azure Monitor Agent (AMA)-based log collection (CEF over Syslog)

Data Connectors: 1, Workbooks: 1

Learn more about Microsoft Sentinel | Learn more about Solutions

Azure-Sentinel/known_issues.md at master · Azure/Azure-Sentinel

Cloud-native SIEM for intelligent security analytics for your entire enterprise. - Azure-Sentinel/known_issues.md at master · Azure/Azure-Sentinel