cyberarkpas fields.
Cyberark Privileged Access Security Audit fields.
-
cyberarkpas.audit.action
-
A description of the audit record.
type: keyword
Account metadata.
-
cyberarkpas.audit.ca_properties.address
-
type: keyword
-
cyberarkpas.audit.ca_properties.cpm_disabled
-
type: keyword
-
cyberarkpas.audit.ca_properties.cpm_error_details
-
type: keyword
-
cyberarkpas.audit.ca_properties.cpm_status
-
type: keyword
-
cyberarkpas.audit.ca_properties.creation_method
-
type: keyword
-
cyberarkpas.audit.ca_properties.customer
-
type: keyword
-
cyberarkpas.audit.ca_properties.database
-
type: keyword
-
cyberarkpas.audit.ca_properties.device_type
-
type: keyword
-
cyberarkpas.audit.ca_properties.dual_account_status
-
type: keyword
-
cyberarkpas.audit.ca_properties.group_name
-
type: keyword
-
cyberarkpas.audit.ca_properties.in_process
-
type: keyword
-
cyberarkpas.audit.ca_properties.index
-
type: keyword
-
cyberarkpas.audit.ca_properties.last_fail_date
-
type: keyword
-
cyberarkpas.audit.ca_properties.last_success_change
-
type: keyword
-
cyberarkpas.audit.ca_properties.last_success_reconciliation
-
type: keyword
-
cyberarkpas.audit.ca_properties.last_success_verification
-
type: keyword
-
cyberarkpas.audit.ca_properties.last_task
-
type: keyword
-
cyberarkpas.audit.ca_properties.logon_domain
-
type: keyword
-
cyberarkpas.audit.ca_properties.policy_id
-
type: keyword
-
cyberarkpas.audit.ca_properties.port
-
type: keyword
-
cyberarkpas.audit.ca_properties.privcloud
-
type: keyword
-
cyberarkpas.audit.ca_properties.reset_immediately
-
type: keyword
-
cyberarkpas.audit.ca_properties.retries_count
-
type: keyword
-
cyberarkpas.audit.ca_properties.sequence_id
-
type: keyword
-
cyberarkpas.audit.ca_properties.tags
-
type: keyword
-
cyberarkpas.audit.ca_properties.user_dn
-
type: keyword
-
cyberarkpas.audit.ca_properties.user_name
-
type: keyword
-
cyberarkpas.audit.ca_properties.virtual_username
-
type: keyword
-
cyberarkpas.audit.ca_properties.other
-
type: flattened
-
cyberarkpas.audit.category
-
The category name (for category-related operations).
type: keyword
-
cyberarkpas.audit.desc
-
A static value that displays a description of the audit codes.
type: keyword
Specific extra details of the audit records.
-
cyberarkpas.audit.extra_details.ad_process_id
-
type: keyword
-
cyberarkpas.audit.extra_details.ad_process_name
-
type: keyword
-
cyberarkpas.audit.extra_details.application_type
-
type: keyword
-
cyberarkpas.audit.extra_details.command
-
type: keyword
-
cyberarkpas.audit.extra_details.connection_component_id
-
type: keyword
-
cyberarkpas.audit.extra_details.dst_host
-
type: keyword
-
cyberarkpas.audit.extra_details.logon_account
-
type: keyword
-
cyberarkpas.audit.extra_details.managed_account
-
type: keyword
-
cyberarkpas.audit.extra_details.process_id
-
type: keyword
-
cyberarkpas.audit.extra_details.process_name
-
type: keyword
-
cyberarkpas.audit.extra_details.protocol
-
type: keyword
-
cyberarkpas.audit.extra_details.psmid
-
type: keyword
-
cyberarkpas.audit.extra_details.session_duration
-
type: keyword
-
cyberarkpas.audit.extra_details.session_id
-
type: keyword
-
cyberarkpas.audit.extra_details.src_host
-
type: keyword
-
cyberarkpas.audit.extra_details.username
-
type: keyword
-
cyberarkpas.audit.extra_details.other
-
type: flattened
-
cyberarkpas.audit.file
-
The name of the target file.
type: keyword
-
cyberarkpas.audit.gateway_station
-
The IP of the web application machine (PVWA).
type: ip
-
cyberarkpas.audit.hostname
-
The hostname, in upper case.
type: keyword
example: MY-COMPUTER
-
cyberarkpas.audit.iso_timestamp
-
The timestamp, in ISO Timestamp format (RFC 3339).
type: date
example: 2013-06-25 10:47:19+00:00
-
cyberarkpas.audit.issuer
-
The Vault user who wrote the audit. This is usually the user who performed the operation.
type: keyword
-
cyberarkpas.audit.location
-
The target Location (for Location operations).
type: keyword
Field is not indexed.
-
cyberarkpas.audit.message
-
A description of the audit records (same information as in the Desc field).
type: keyword
-
cyberarkpas.audit.message_id
-
The code ID of the audit records.
type: keyword
-
cyberarkpas.audit.product
-
A static value that represents the product.
type: keyword
-
cyberarkpas.audit.pvwa_details
-
Specific details of the PVWA audit records.
type: flattened
-
cyberarkpas.audit.raw
-
Raw XML for the original audit record. Only present when XSLT file has debugging enabled.
type: keyword
Field is not indexed.
-
cyberarkpas.audit.reason
-
The reason entered by the user.
type: text
-
cyberarkpas.audit.rfc5424
-
Whether the syslog format complies with RFC5424.
type: boolean
example: True
-
cyberarkpas.audit.safe
-
The name of the target Safe.
type: keyword
-
cyberarkpas.audit.severity
-
The severity of the audit records.
type: keyword
-
cyberarkpas.audit.source_user
-
The name of the Vault user who performed the operation.
type: keyword
-
cyberarkpas.audit.station
-
The IP from where the operation was performed. For PVWA sessions, this will be the real client machine IP.
type: ip
-
cyberarkpas.audit.target_user
-
The name of the Vault user on which the operation was performed.
type: keyword
-
cyberarkpas.audit.timestamp
-
The timestamp, in MMM DD HH:MM:SS format.
type: keyword
example: Jun 25 10:47:19
-
cyberarkpas.audit.vendor
-
A static value that represents the vendor.
type: keyword
-
cyberarkpas.audit.version
-
A static value that represents the version of the Vault.
type: keyword