Note: There may be known issues pertaining to this Solution, please refer to them before installing.

CyberArk Enterprise Password Vault Solution for Microsoft Sentinel enables ingestion of Common Event Format (CEF) logs into Microsoft Sentinel. The EPV generates an xml Syslog message for every action taken against the Vault. The EPV will send the xml messages through the Sentinel.xsl translator to be converted into CEF standard format and sent to a syslog server of your choice (syslog-ng, rsyslog). The Log Analytics agent installed on your syslog staging server will import the messages into Azure Log Analytics. Refer to the CyberArk documentation for more guidance on SIEM integrations.

Underlying Microsoft Technologies used:

This solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:

1. Agent-based log collection (CEF over Syslog)

Data Connectors: 1, Workbooks: 1

Learn more about Microsoft Sentinel | Learn more about Solutions

Azure-Sentinel/known_issues.md at master · Azure/Azure-Sentinel

Cloud-native SIEM for intelligent security analytics for your entire enterprise. - Azure-Sentinel/known_issues.md at master · Azure/Azure-Sentinel