Splunk® Enterprise

The CyberArk Privileged Account Security Solution and CyberArk Privileged Threat Analytics extracts CyberArk real-time privileged account activities (e.g. individual user activity when using shared accounts) into Splunk Enterprise and Splunk Enterprise Security, providing a single place to analyze unusual account activity.

Privileged account activities are sent as syslog messages in Common Event Format (CEF), and are tagged and mapped to Splunk’s Common Information Model (CIM).