CyberArk Privileged Threat Analytics (PTA)

[jamiehynds]

Description

CyberArk’s PTA is a modern system designed for privileged account security intelligence that provides detailed, immediate actionable threats analytics by pinpointing previously hidden malicious privileged user activity. Privileged Threat Analytics (PTA) continuously monitors the use of privileged accounts that are managed in the CyberArk Privileged Access Security (PAS) platform, as well as accounts that are not yet managed by CyberArk, and looks for indications of abuse or misuse of the CyberArk platform. PTA also looks for attackers who compromise privileged accounts by running sophisticated attacks, such as Golden Ticket.

For a full list of detections reported by PTA, see here.

Architecture

Syslog is supported and events are CEF formatted. Relevant docs here.

Integration release checklist

This checklist is intended for integrations maintainers to ensure consistency when creating or updating a Package, Module or Dataset for an Integration.

All changes

• [x] Change follows the contributing guidelines
• [x] Supported versions of the monitoring target are documented
• [x] Supported operating systems are documented (if applicable)
• [x] Integration or System tests exist
• [x] Documentation exists
• [x] Fields follow ECS and naming conventions
• [x] At least a manual test with ES / Kibana / Agent has been performed.
• [x] Required Kibana version set to:

New Package

• [ ] Screenshot of the "Add Integration" page on Fleet added

Dashboards changes

• [x] Dashboards exists
• [x] Screenshots added or updated
• [x] Datastream filters added to visualizations

Log dataset changes

• [x] Pipeline tests exist (if applicable)
• [x] Generated output for at least 1 log file exists
• [x] Sample event (sample_event.json) exists

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)