For Hunters to integrate with your CyberArk Logs, the logs should be collect to a Storage Service (e.g. to an S3 bucket or Azure Blob Storage) shared with Hunters.
Supported Format
Example expected log:
Dec 14 09:49:33 PRODVAULT CEF:0|Cyber-Ark|Vault|6.0.0430|38|Failure: CPM Verify Password Failed|7|act=CPM Verify Password Failed duser=PasswordManager fname=Root\S-1-5-21-1147481723-1708746877-4547331-38808 src=10.7.3.171 cs1Label="Affected User Name" cs1= cs2Label="Safe Name" cs2=Windows PCAdmin Accounts cs3Label="Location" cs3= cs4Label="Property Name" cs4= cs5Label="Target User Name" cs5= cn1Label="Request Id" cn1= msg=Failure. Failure Description: CACPM344E Verifying Password Safe: Windows PCAdmin Accounts, Folder: Root, Object: S-1-5-21-1147481723-1708746877-4547331-38808 failed (try #368). Code: 2101, Error: Error in verifypass to user IT28326D1L.hmcorp.local\pcadmin on domain IT28326D1L.hmcorp.local(\\IT28326D1L.HMCORP.LOCAL). Reason: No network provider accepted the given network path. (winRc\=1203). , address\=IT28326D1L.hmcorp.local;retriescount\=368;username\=pcadmin;, Failure: CPM Verify Password Failed
CODE
JavaScript errors detected
Please note, these errors can depend on your browser setup.
If this problem persists, please contact our support.