From af89f2eb4a5c49d1b791c391b3d1d7322c5fd790 Mon Sep 17 00:00:00 2001 From: Yair Leiferman Date: Mon, 3 Mar 2025 14:41:27 -0600 Subject: [PATCH 1/2] Remove mentions to real credentials --- .../cyberark-audit-source.md | 10 +++++----- static/files/c2c/cyberark-audit/example.json | 8 ++++---- static/files/c2c/cyberark-audit/example.tf | 8 ++++---- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cyberark-audit-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cyberark-audit-source.md index ad37abcfaf..01eb5cb8f6 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cyberark-audit-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cyberark-audit-source.md @@ -30,7 +30,7 @@ The Audit service offers detailed audit trails for activities, events, and sessi ### Vendor configuration -In this configuration, you will set up a CyberArk audit source and configure it to be authorized and authenticated to use CyberArk Audit SIEM API. CyberArk audit supports OAuth authentication. +In this configuration, you will set up a CyberArk audit source and configure it to be authorized and authenticated to use CyberArk Audit SIEM API. CyberArk audit supports OAuth authentication. Follow the instructions mentioned in the [CyberArk Documentation](https://docs.cyberark.com/audit/latest/en/content/audit/isp_siem-integration.htm?tocpath=SIEM%20integrations%7C_____1) to retrieve the following parameters to configure the CyberArk audit source. @@ -54,9 +54,9 @@ To configure a CyberArk Audit source, follow the steps below: 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema is ignored, known as dropped. -1. **Identity ID**. Enter your identity ID collected from the [Vendor configuration](#vendor-configuration) section. For example, `abr4338`. +1. **Identity ID**. Enter your identity ID collected from the [Vendor configuration](#vendor-configuration) section. For example, `ac212`. 1. **Web Application ID**. Enter your application ID collected from the [Vendor configuration](#vendor-configuration) section. For example, `sumologic`. -1. **Username**. Enter your username(client-id) collected from the [Vendor configuration](#vendor-configuration) section. For example, `c2c@cyberark.cloud.30488`. +1. **Username**. Enter your username(client-id) collected from the [Vendor configuration](#vendor-configuration) section. For example, `user@cyberark.cloud.1234`. 1. **Password**. Enter your password(client-secret) collected from the [Vendor configuration](#vendor-configuration) section. 1. **Tenant URL**. Enter your tenant URL collected from the [Vendor configuration](#vendor-configuration) section. For example, `https://sumologic.audit.cyberark.cloud`. 1. **API Key**. Enter your API key collected from the [Vendor configuration](#vendor-configuration) section. @@ -85,9 +85,9 @@ Sources can be configured using UTF-8 encoded JSON files with the Collector Ma | description | String | No | `null` | Type a description of the source. | `"Testing source"` | | category | String | No | `null` | Type a category of the source. This value is assigned to the [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field `_sourceCategory`. See [best practices](/docs/send-data/best-practices) for details. | `"mySource/test"` | | fields | JSON Object | No | `null` | JSON map of key-value fields (metadata) to apply to the collector or source. Use the boolean field `_siemForward` to enable forwarding to SIEM.| `{"_siemForward": false, "fieldA": "valueA"}` | -| identityId | String | Yes | `null` | Identity ID for your CyberArk account. | `abr4338` | +| identityId | String | Yes | `null` | Identity ID for your CyberArk account. | `ac212` | | appId | String | Yes | `null` | App ID for your CyberArk account. | `sumologic` | -| username | String | Yes | `null` | Username(Client ID) for your configured server. | `c2c@cyberark.cloud.30488` | +| username | String | Yes | `null` | Username(Client ID) for your configured server. | `myuser@cyberark.cloud.1234` | | password | String | Yes | `null` | Password for your configured server. | | | tenantURL | String | Yes | `null` | Tenant URL for your configured server. | `https://sumologic.audit.cyberark.cloud` | | apiKey | String | Yes | `null` | API key for your configured server. | | diff --git a/static/files/c2c/cyberark-audit/example.json b/static/files/c2c/cyberark-audit/example.json index c3f187b489..ab35d3143b 100644 --- a/static/files/c2c/cyberark-audit/example.json +++ b/static/files/c2c/cyberark-audit/example.json @@ -3,12 +3,12 @@ "source": { "config": { "name": "CyberArkAudit", - "identityId": "abr43969", + "identityId": "ac212", "appId": "sumologic", - "username": "c2c@cyberark.cloud.43969", - "password": "rECxxxx__4_xxxx_G4n6", + "username": "user@cyberark.cloud.1234", + "password": "******", "tenantURL": "https://sumologic.audit.cyberark.cloud", - "apiKey": "JxxxxxxS9gFJv96LcKcxxxxxxxxxxxxxYqP09OGxxxY", + "apiKey": "*******", "serviceType": [], "statusType": [], "actionType": [], diff --git a/static/files/c2c/cyberark-audit/example.tf b/static/files/c2c/cyberark-audit/example.tf index a70b5c0d39..e04dfe208e 100644 --- a/static/files/c2c/cyberark-audit/example.tf +++ b/static/files/c2c/cyberark-audit/example.tf @@ -5,12 +5,12 @@ resource "sumologic_cloud_to_cloud_source" "cyberark_audit_test_source" { } config = jsonencode({ "name": "CyberArkAudit", - "identityId": "abr43969", + "identityId": "ac212", "appId": "sumologic", - "username": "c2c@cyberark.cloud.43969", - "password": "rECxxxx__4_xxxx_G4n6", + "username": "user@cyberark.cloud.1234", + "password": "******", "tenantURL": "https://sumologic.audit.cyberark.cloud", - "apiKey": "JxxxxxxS9gFJv96LcKcxxxxxxxxxxxxxYqP09OGxxxY", + "apiKey": "*******", "serviceType": [], "statusType": [], "actionType": [], From 8595ec9195965b8eaf68c4e8e7c1ea53c2653ac4 Mon Sep 17 00:00:00 2001 From: "Kim (Sumo Logic)" <56411016+kimsauce@users.noreply.github.com> Date: Mon, 3 Mar 2025 15:55:51 -0500 Subject: [PATCH 2/2] Update docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cyberark-audit-source.md --- .../cyberark-audit-source.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cyberark-audit-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cyberark-audit-source.md index 01eb5cb8f6..229e5fb33e 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cyberark-audit-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cyberark-audit-source.md @@ -30,7 +30,7 @@ The Audit service offers detailed audit trails for activities, events, and sessi ### Vendor configuration -In this configuration, you will set up a CyberArk audit source and configure it to be authorized and authenticated to use CyberArk Audit SIEM API. CyberArk audit supports OAuth authentication. +In this configuration, you will set up a CyberArk audit source and configure it to be authorized and authenticated to use CyberArk Audit SIEM API. CyberArk audit supports OAuth authentication. Follow the instructions mentioned in the [CyberArk Documentation](https://docs.cyberark.com/audit/latest/en/content/audit/isp_siem-integration.htm?tocpath=SIEM%20integrations%7C_____1) to retrieve the following parameters to configure the CyberArk audit source.