This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Platform Product Advisories
Read and subscribe to the latest announcements and advisories relating to the NetWitness Platform.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

CyberArk Log Parser major update for user related Meta's

Summary

 

Historically, certain fields in CyberArk logs have been parsed inversely, causing confusion regarding the user's actions related to source and destination information.

The latest update to the CyberArk parser now accurately maps the following fields to the correct source and destination users.


Fields

Updated meta

Issuer

user.src

ActingUserName

user.src

UserName

user.dst

ActionTargetUser

user.dst

 

Affected Versions

12.2 or above.

 

Impact

 

Rules, and Reports based on user.dst and user.src meta’s may be affected due to this update.

 

Workaround

 

If you prefer not to implement this new change immediately, NetWitness recommends you retain a copy of the parser within your Log Decoder. NetWitness suggests using this copy as a custom parser alongside our live CyberArk parser, which has been updated with the latest changes.

Labels (2)
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2024-04-01 10:10 AM
Updated by:
Contributor Contributor

Related Content

© 2022 RSA Security LLC or its affiliates. All rights reserved.