CyberArk PAS fieldsedit
cyberarkpas fields.
auditedit
Cyberark Privileged Access Security Audit fields.
-
cyberarkpas.audit.action -
A description of the audit record.
type: keyword
ca_propertiesedit
Account metadata.
-
cyberarkpas.audit.ca_properties.address -
type: keyword
-
cyberarkpas.audit.ca_properties.cpm_disabled -
type: keyword
-
cyberarkpas.audit.ca_properties.cpm_error_details -
type: keyword
-
cyberarkpas.audit.ca_properties.cpm_status -
type: keyword
-
cyberarkpas.audit.ca_properties.creation_method -
type: keyword
-
cyberarkpas.audit.ca_properties.customer -
type: keyword
-
cyberarkpas.audit.ca_properties.database -
type: keyword
-
cyberarkpas.audit.ca_properties.device_type -
type: keyword
-
cyberarkpas.audit.ca_properties.dual_account_status -
type: keyword
-
cyberarkpas.audit.ca_properties.group_name -
type: keyword
-
cyberarkpas.audit.ca_properties.in_process -
type: keyword
-
cyberarkpas.audit.ca_properties.index -
type: keyword
-
cyberarkpas.audit.ca_properties.last_fail_date -
type: keyword
-
cyberarkpas.audit.ca_properties.last_success_change -
type: keyword
-
cyberarkpas.audit.ca_properties.last_success_reconciliation -
type: keyword
-
cyberarkpas.audit.ca_properties.last_success_verification -
type: keyword
-
cyberarkpas.audit.ca_properties.last_task -
type: keyword
-
cyberarkpas.audit.ca_properties.logon_domain -
type: keyword
-
cyberarkpas.audit.ca_properties.policy_id -
type: keyword
-
cyberarkpas.audit.ca_properties.port -
type: keyword
-
cyberarkpas.audit.ca_properties.privcloud -
type: keyword
-
cyberarkpas.audit.ca_properties.reset_immediately -
type: keyword
-
cyberarkpas.audit.ca_properties.retries_count -
type: keyword
-
cyberarkpas.audit.ca_properties.sequence_id -
type: keyword
-
cyberarkpas.audit.ca_properties.tags -
type: keyword
-
cyberarkpas.audit.ca_properties.user_dn -
type: keyword
-
cyberarkpas.audit.ca_properties.user_name -
type: keyword
-
cyberarkpas.audit.ca_properties.virtual_username -
type: keyword
-
cyberarkpas.audit.ca_properties.other -
type: flattened
-
cyberarkpas.audit.category -
The category name (for category-related operations).
type: keyword
-
cyberarkpas.audit.desc -
A static value that displays a description of the audit codes.
type: keyword
extra_detailsedit
Specific extra details of the audit records.
-
cyberarkpas.audit.extra_details.ad_process_id -
type: keyword
-
cyberarkpas.audit.extra_details.ad_process_name -
type: keyword
-
cyberarkpas.audit.extra_details.application_type -
type: keyword
-
cyberarkpas.audit.extra_details.command -
type: keyword
-
cyberarkpas.audit.extra_details.connection_component_id -
type: keyword
-
cyberarkpas.audit.extra_details.dst_host -
type: keyword
-
cyberarkpas.audit.extra_details.logon_account -
type: keyword
-
cyberarkpas.audit.extra_details.managed_account -
type: keyword
-
cyberarkpas.audit.extra_details.process_id -
type: keyword
-
cyberarkpas.audit.extra_details.process_name -
type: keyword
-
cyberarkpas.audit.extra_details.protocol -
type: keyword
-
cyberarkpas.audit.extra_details.psmid -
type: keyword
-
cyberarkpas.audit.extra_details.session_duration -
type: keyword
-
cyberarkpas.audit.extra_details.session_id -
type: keyword
-
cyberarkpas.audit.extra_details.src_host -
type: keyword
-
cyberarkpas.audit.extra_details.username -
type: keyword
-
cyberarkpas.audit.extra_details.other -
type: flattened
-
cyberarkpas.audit.file -
The name of the target file.
type: keyword
-
cyberarkpas.audit.gateway_station -
The IP of the web application machine (PVWA).
type: ip
-
cyberarkpas.audit.hostname -
The hostname, in upper case.
type: keyword
example: MY-COMPUTER
-
cyberarkpas.audit.iso_timestamp -
The timestamp, in ISO Timestamp format (RFC 3339).
type: date
example: 2013-06-25 10:47:19+00:00
-
cyberarkpas.audit.issuer -
The Vault user who wrote the audit. This is usually the user who performed the operation.
type: keyword
-
cyberarkpas.audit.location -
The target Location (for Location operations).
type: keyword
Field is not indexed.
-
cyberarkpas.audit.message -
A description of the audit records (same information as in the Desc field).
type: keyword
-
cyberarkpas.audit.message_id -
The code ID of the audit records.
type: keyword
-
cyberarkpas.audit.product -
A static value that represents the product.
type: keyword
-
cyberarkpas.audit.pvwa_details -
Specific details of the PVWA audit records.
type: flattened
-
cyberarkpas.audit.raw -
Raw XML for the original audit record. Only present when XSLT file has debugging enabled.
type: keyword
Field is not indexed.
-
cyberarkpas.audit.reason -
The reason entered by the user.
type: text
-
cyberarkpas.audit.rfc5424 -
Whether the syslog format complies with RFC5424.
type: boolean
example: True
-
cyberarkpas.audit.safe -
The name of the target Safe.
type: keyword
-
cyberarkpas.audit.severity -
The severity of the audit records.
type: keyword
-
cyberarkpas.audit.source_user -
The name of the Vault user who performed the operation.
type: keyword
-
cyberarkpas.audit.station -
The IP from where the operation was performed. For PVWA sessions, this will be the real client machine IP.
type: ip
-
cyberarkpas.audit.target_user -
The name of the Vault user on which the operation was performed.
type: keyword
-
cyberarkpas.audit.timestamp -
The timestamp, in MMM DD HH:MM:SS format.
type: keyword
example: Jun 25 10:47:19
-
cyberarkpas.audit.vendor -
A static value that represents the vendor.
type: keyword
-
cyberarkpas.audit.version -
A static value that represents the version of the Vault.
type: keyword