CyberArk Identity
The IBM QRadar DSM for CyberArk Identity collects logs from a CyberArk Identity log source.
Important: The Centrify Identity Platform DSM name is now the CyberArk Identity DSM. The
DSM RPM name remains as Centrify Identity Platform in QRadar.
To integrate CyberArk Identity with QRadar, complete the following steps:
- If automatic updates are not enabled, download and install the most recent version of the
following RPMs from the IBM® Support Website onto your QRadar
Console:
- Protocol Common RPM
- Centrify Redrock REST API Protocol RPM
- DSMCommon RPM
- Centrify Identity Platform DSM RPM
- Configure your CyberArk Identity DSM to communicate with QRadar.
- Add a CyberArk Identity log source on the QRadar Console. The following
table describes the Centrify Redrock REST API protocol parameters that require specific values to
collect events from CyberArk Identity:
Table 1. Centrify Redrock REST API protocol log source parameters Parameter Value Log Source type CyberArk Identity Protocol Configuration Centrify Redrock REST API For a complete list of Centrify Redrock REST API protocol parameters and their values, see Centrify Redrock REST API protocol configuration options.