Fortinet Document Library

Version:


Table of Contents

1.0.0
Copy Link

About the connector

CyberArk helps you to manage all the privileged account within your organization with automatic password management, access control, dual control, video recordings and numerous features. 

This document provides information about the CyberArk connector, which facilitates automated interactions with CyberArk using FortiSOAR™ playbooks. Add the CyberArk connector as a step in FortiSOAR™ playbooks and perform automated operations, such as getting all the account groups in a specific safe from CyberArk, or adding new user to a Vault in CyberArk

Version information

Connector Version: 1.0.0

Authored By: Fortinet

Certified: No

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-cyberark

For the detailed procedure to install a connector, click here

Prerequisites to configuring the connector

  • You must have the URL of CyberArk server to which you will connect and perform automated operations and credentials to access that server.
  • To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.

Configuring the connector

For the procedure to configure a connector, click here

Configuration parameters

In FortiSOAR™, on the connectors page, select the CyberArk connector and click Configure to configure the following parameters:

Parameter Description
Server URL URL of the CyberArk server to which you will connect and perform automated operations.
Username Username used to access the CyberArk server to which you will connect and perform the automated operations.
Password Password used to access the CyberArk server to which you will connect and perform the automated operations.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:

Function Description Annotation and Category
Add Account Group Adds new account group to the Vault. add_account_group
Miscellaneous
Get Account Group by Safe Gets all the account groups in a specific safe. get_account_group_info
Investigation
Get Account Group Members Gets all the members of an existing account group. get_account_group_info
Investigation
Delete Member from Account Group Removes an account member from an account group. delete_account_group_members
Investigation
Add User Adds new user to the Vault. add_user
Miscellaneous
Add User to Group Adds a specific user to an existing user group in the Vault. update_group
Miscellaneous
Logged on User Details Gets the user information of the user who is logged on. user_details
Investigation
Get User Details Gets the user information about a specific user in the Vault. user_details
Investigation
Update User Updates an existing Vault user. update_user
Miscellaneous
Activate User Activates an existing Vault user. activate_user
Investigation
Delete User Deletes a specific user in the Vault. delete_user
Miscellaneous
Add Safe Adds new safe to the Vault. add_safe
Miscellaneous
List Safes Gets information about all of the user’s safes in the Vault. list_safes
Investigation
Get Safe Details Gets information about a specific safe in the Vault. safe_details
Investigation
Search Safe Gets information about the safes in the Vault that meet the criteria specified in the search query. safe_details
Investigation
Get Safe Account Groups Gets all the existing account groups in a specific Safe. get_safe_account_groups
Investigation
Update Safe Updates the specified safe in the Vault. update_safe
Miscellaneous
Delete Safe Deletes the specified safe from the Vault. delete_safe
Miscellaneous
Add Safe Member Adds an existing user as a safe member. add_safe_member
Miscellaneous
List Safe Members List of the members of the Safe. list_safe_members
Investigation
Update Safe Member Updates an existing safe member. update_safe_member
Investigation
Delete Safe Member Removes a specific member from a safe. delete_safe_member
Investigation
Add Policy/ACL Adds a new privileged command rule to the policy. add_policy
Miscellaneous
List Policy/ACL Gets a list of the privileged commands (OPM rules) associated with this policy. list_policy
Investigation
Delete Policy/ACL Deletes all privileged commands rules associated with the policy. delete_policy
Miscellaneous

operation: Add Account Group

Input parameters

Parameter Description
Group Name Group name of the group that you want to add in the Vault.
Group Platform Group platform of the group that you want to add in the Vault.
Safe Name Safe name that you want to add in the Vault.

Output

The output contains a non-dictionary value.

operation: Get Account Group by Safe

Input parameters

Parameter Description
Safe Safe name for which you want to retrieve all account groups.

Output

The output contains a non-dictionary value.

operation: Get Account Group Members

Input parameters

Parameter Description
Group Name Group name for which you want to retrieve all members from specified group name.

Output

The output contains a non-dictionary value.

operation: Delete Member from Account Group

Input parameters

Parameter Description
Group Name Group name from which you want to delete a member.

Output

The output contains a non-dictionary value.

operation: Add User

Input parameters

Parameter Description
Username Username that you want to add to the Vault.
First Name First name of the user that you want to add to the Vault.
Last Name Last name of the user that you want to add to the Vault.
Initial Password Initial password of the user that you want to add to the Vault.
Email Email address of the user for that you want to add to the Vault.
User Type Name User type name that you want to add to the Vault.
For example: EPVUser
Expiry Date Expiry date of the user account that you want to add to the Vault.
Disabled Disable newly created user. By default, this is set as true.
Change Password On The Next Logon Change password on the next logon for newly created user. By default, this is set as false.

Output

The output contains a non-dictionary value.

operation: Add User to Group

Input parameters

Parameter Description
Username Username that you want to add to the existing group.
Group Name Group name to which you want to add the user.

Output

The output contains a non-dictionary value.

operation: Logged on User Details

Input parameters

None.

Output

The output contains a non-dictionary value.

operation: Get User Details

Input parameters

Parameter Description
Username Username for which you want to retrieve the details.

Output

The output contains a non-dictionary value.

operation: Update User

Input parameters

Parameter Description
Username Username of the user that you want to update in the Vault.
First Name First name of the user that you want to update in the Vault.
Last Name Last name of the user that you want to update in the Vault.
New Password New password of the user that you want to update in the Vault.
Email Email address of the user that you want to update in the Vault.
User Type Name User type name that you want to update in the Vault.
For example: EPVUser
Expiry Date Expiry date of the user account for which you want to update in the Vault.
Disabled Disable newly created user. By default, this is set as true.
Change Password On The Next Logon Change password on the next logon for newly created user. By default, this is set as false.

Output

The output contains a non-dictionary value.

operation: Activate User

Input parameters

Parameter Description
Username Username of the user that you want to activate in the Vault.
Suspended Activates the suspended user if you select this option. By default this is set as false, i.e., a user is Suspended.

Output

The output contains a non-dictionary value.

operation: Delete User

Input parameters

Parameter Description
Username Username that you want to delete from the Vault.

Output

The output contains a non-dictionary value.

operation: Add Safe

Input parameters

Parameter Description
Safe Name Safe name that you want to add to the Vault
Description Description of the safe that you want to add to the Vault.
Managing CPM Managing CPM of the safe that you want to add to Vault.
For example: PasswordManager
Number of Versions Retention Provide the number of versions of the safe to be retained in the vault.
Number of Days Retention Provide the number of days the safe should be retained in the vault.

Output

The output contains a non-dictionary value.

operation: List Safes

Input parameters

None.

Output

The output contains a non-dictionary value.

operation: Get Safe Details

Input parameters

Parameter Description
Safe Name Safe name for which you want to retrieve the details from the Vault.

Output

The output contains a non-dictionary value.

operation: Search Safe

Input parameters

Parameter Description
Search Query Query that retrieves the details about the safe from the vault.

Output

The output contains a non-dictionary value.

operation: Get Safe Account Groups

Input parameters

Parameter Description
Safe Name Safe name for which you want to retrieve all account groups from the Vault.

Output

The output contains a non-dictionary value.

operation: Update Safe

Input parameters

Parameter Description
Safe Name Safe name that you want to update in the Vault
Description Description of the safe that you want to update in Vault
Managing CPM Managing CPM of the safe that you want to update in the Vault.
For example: PasswordManager
Number of Versions Retention Update the number of versions of the safe to be retained in the vault.
Number of Days Retention Update the number of days the safe should be retained in the vault.

Output

The output contains a non-dictionary value.

operation: Delete Safe

Input parameters

Parameter Description
Safe Name Safe name that you want to delete from the Vault.

Output

The output contains a non-dictionary value.

operation: Add Safe Member

Input parameters

Parameter Description
Safe Name Safe name in which to add member as a safe member.
Member Name Member name that you want to add as a safe member in the Vault.
Search In Search a member in the specified value.
For example: If you specify Active Directory (AD) as the value, the specified member name will be searched in AD.
Membership Expiration Date Provide the expiration date of membership.
Permissions Selected permissions set as true for the safe member. You can select more than one permissions.

Output

The output contains a non-dictionary value.

operation: List Safe Members

Input parameters

Parameter Description
Safe Name Safe name for which you want to retrieve the list of all safe members from the Vault.

Output

The output contains a non-dictionary value.

operation: Update Safe Member

Input parameters

Parameter Description
Safe Name Safe name in which to update the safe member.
Membership Expiration Date Provide the expiration date of membership.
Permissions Selected permissions set as true for the safe member. You can select more than one permissions.

Output

The output contains a non-dictionary value.

operation: Delete Safe Member

Input parameters

Parameter Description
Safe Name Safe name from which you want to delete a safe member.
Member Name Name of the member that you want to delete from the safe.

Output

The output contains a non-dictionary value.

operation: Add Policy/ACL

Input parameters

Parameter Description
Command Command that you want to add as a rule to the policy.
Permission Type Allow/deny the specified command.
Restrictions Provide the restrictions to the specified command.
Username Provide the username for whom to apply this policy.

Output

The output contains a non-dictionary value.

operation: List Policy/ACL

Input parameters

None.

Output

The output contains a non-dictionary value.

operation: Delete Policy/ACL

Input parameters

Parameter Description
Policy ID ID of the policy for which you want to delete the specified rules that are associated with the policy.

Output

The output contains a non-dictionary value.

Included playbooks

The Sample - CyberArk - 1.0.0 playbook collection comes bundled with the CyberArk connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the CyberArk connector.

  • Activate User
  • Add Account Group
  • Add Policy/ACL
  • Add Safe
  • Add Safe Member
  • Add User
  • Add User to Group
  • Delete Member from Account Group
  • Delete Policy/ACL
  • Delete Safe
  • Delete Safe Member
  • Delete User
  • Get Account Group by Safe
  • Get Account Group Members
  • Get Safe Account Groups
  • Get Safe Details
  • Get User Details
  • List Policy/ACL
  • List Safe Members
  • List Safes
  • Logged on User Details
  • Search Safe
  • Update Safe
  • Update Safe Member
  • Update User

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.

About the connector

CyberArk helps you to manage all the privileged account within your organization with automatic password management, access control, dual control, video recordings and numerous features. 

This document provides information about the CyberArk connector, which facilitates automated interactions with CyberArk using FortiSOAR™ playbooks. Add the CyberArk connector as a step in FortiSOAR™ playbooks and perform automated operations, such as getting all the account groups in a specific safe from CyberArk, or adding new user to a Vault in CyberArk

Version information

Connector Version: 1.0.0

Authored By: Fortinet

Certified: No

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-cyberark

For the detailed procedure to install a connector, click here

Prerequisites to configuring the connector

Configuring the connector

For the procedure to configure a connector, click here

Configuration parameters

In FortiSOAR™, on the connectors page, select the CyberArk connector and click Configure to configure the following parameters:

Parameter Description
Server URL URL of the CyberArk server to which you will connect and perform automated operations.
Username Username used to access the CyberArk server to which you will connect and perform the automated operations.
Password Password used to access the CyberArk server to which you will connect and perform the automated operations.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:

Function Description Annotation and Category
Add Account Group Adds new account group to the Vault. add_account_group
Miscellaneous
Get Account Group by Safe Gets all the account groups in a specific safe. get_account_group_info
Investigation
Get Account Group Members Gets all the members of an existing account group. get_account_group_info
Investigation
Delete Member from Account Group Removes an account member from an account group. delete_account_group_members
Investigation
Add User Adds new user to the Vault. add_user
Miscellaneous
Add User to Group Adds a specific user to an existing user group in the Vault. update_group
Miscellaneous
Logged on User Details Gets the user information of the user who is logged on. user_details
Investigation
Get User Details Gets the user information about a specific user in the Vault. user_details
Investigation
Update User Updates an existing Vault user. update_user
Miscellaneous
Activate User Activates an existing Vault user. activate_user
Investigation
Delete User Deletes a specific user in the Vault. delete_user
Miscellaneous
Add Safe Adds new safe to the Vault. add_safe
Miscellaneous
List Safes Gets information about all of the user’s safes in the Vault. list_safes
Investigation
Get Safe Details Gets information about a specific safe in the Vault. safe_details
Investigation
Search Safe Gets information about the safes in the Vault that meet the criteria specified in the search query. safe_details
Investigation
Get Safe Account Groups Gets all the existing account groups in a specific Safe. get_safe_account_groups
Investigation
Update Safe Updates the specified safe in the Vault. update_safe
Miscellaneous
Delete Safe Deletes the specified safe from the Vault. delete_safe
Miscellaneous
Add Safe Member Adds an existing user as a safe member. add_safe_member
Miscellaneous
List Safe Members List of the members of the Safe. list_safe_members
Investigation
Update Safe Member Updates an existing safe member. update_safe_member
Investigation
Delete Safe Member Removes a specific member from a safe. delete_safe_member
Investigation
Add Policy/ACL Adds a new privileged command rule to the policy. add_policy
Miscellaneous
List Policy/ACL Gets a list of the privileged commands (OPM rules) associated with this policy. list_policy
Investigation
Delete Policy/ACL Deletes all privileged commands rules associated with the policy. delete_policy
Miscellaneous

operation: Add Account Group

Input parameters

Parameter Description
Group Name Group name of the group that you want to add in the Vault.
Group Platform Group platform of the group that you want to add in the Vault.
Safe Name Safe name that you want to add in the Vault.

Output

The output contains a non-dictionary value.

operation: Get Account Group by Safe

Input parameters

Parameter Description
Safe Safe name for which you want to retrieve all account groups.

Output

The output contains a non-dictionary value.

operation: Get Account Group Members

Input parameters

Parameter Description
Group Name Group name for which you want to retrieve all members from specified group name.

Output

The output contains a non-dictionary value.

operation: Delete Member from Account Group

Input parameters

Parameter Description
Group Name Group name from which you want to delete a member.

Output

The output contains a non-dictionary value.

operation: Add User

Input parameters

Parameter Description
Username Username that you want to add to the Vault.
First Name First name of the user that you want to add to the Vault.
Last Name Last name of the user that you want to add to the Vault.
Initial Password Initial password of the user that you want to add to the Vault.
Email Email address of the user for that you want to add to the Vault.
User Type Name User type name that you want to add to the Vault.
For example: EPVUser
Expiry Date Expiry date of the user account that you want to add to the Vault.
Disabled Disable newly created user. By default, this is set as true.
Change Password On The Next Logon Change password on the next logon for newly created user. By default, this is set as false.

Output

The output contains a non-dictionary value.

operation: Add User to Group

Input parameters

Parameter Description
Username Username that you want to add to the existing group.
Group Name Group name to which you want to add the user.

Output

The output contains a non-dictionary value.

operation: Logged on User Details

Input parameters

None.

Output

The output contains a non-dictionary value.

operation: Get User Details

Input parameters

Parameter Description
Username Username for which you want to retrieve the details.

Output

The output contains a non-dictionary value.

operation: Update User

Input parameters

Parameter Description
Username Username of the user that you want to update in the Vault.
First Name First name of the user that you want to update in the Vault.
Last Name Last name of the user that you want to update in the Vault.
New Password New password of the user that you want to update in the Vault.
Email Email address of the user that you want to update in the Vault.
User Type Name User type name that you want to update in the Vault.
For example: EPVUser
Expiry Date Expiry date of the user account for which you want to update in the Vault.
Disabled Disable newly created user. By default, this is set as true.
Change Password On The Next Logon Change password on the next logon for newly created user. By default, this is set as false.

Output

The output contains a non-dictionary value.

operation: Activate User

Input parameters

Parameter Description
Username Username of the user that you want to activate in the Vault.
Suspended Activates the suspended user if you select this option. By default this is set as false, i.e., a user is Suspended.

Output

The output contains a non-dictionary value.

operation: Delete User

Input parameters

Parameter Description
Username Username that you want to delete from the Vault.

Output

The output contains a non-dictionary value.

operation: Add Safe

Input parameters

Parameter Description
Safe Name Safe name that you want to add to the Vault
Description Description of the safe that you want to add to the Vault.
Managing CPM Managing CPM of the safe that you want to add to Vault.
For example: PasswordManager
Number of Versions Retention Provide the number of versions of the safe to be retained in the vault.
Number of Days Retention Provide the number of days the safe should be retained in the vault.

Output

The output contains a non-dictionary value.

operation: List Safes

Input parameters

None.

Output

The output contains a non-dictionary value.

operation: Get Safe Details

Input parameters

Parameter Description
Safe Name Safe name for which you want to retrieve the details from the Vault.

Output

The output contains a non-dictionary value.

operation: Search Safe

Input parameters

Parameter Description
Search Query Query that retrieves the details about the safe from the vault.

Output

The output contains a non-dictionary value.

operation: Get Safe Account Groups

Input parameters

Parameter Description
Safe Name Safe name for which you want to retrieve all account groups from the Vault.

Output

The output contains a non-dictionary value.

operation: Update Safe

Input parameters

Parameter Description
Safe Name Safe name that you want to update in the Vault
Description Description of the safe that you want to update in Vault
Managing CPM Managing CPM of the safe that you want to update in the Vault.
For example: PasswordManager
Number of Versions Retention Update the number of versions of the safe to be retained in the vault.
Number of Days Retention Update the number of days the safe should be retained in the vault.

Output

The output contains a non-dictionary value.

operation: Delete Safe

Input parameters

Parameter Description
Safe Name Safe name that you want to delete from the Vault.

Output

The output contains a non-dictionary value.

operation: Add Safe Member

Input parameters

Parameter Description
Safe Name Safe name in which to add member as a safe member.
Member Name Member name that you want to add as a safe member in the Vault.
Search In Search a member in the specified value.
For example: If you specify Active Directory (AD) as the value, the specified member name will be searched in AD.
Membership Expiration Date Provide the expiration date of membership.
Permissions Selected permissions set as true for the safe member. You can select more than one permissions.

Output

The output contains a non-dictionary value.

operation: List Safe Members

Input parameters

Parameter Description
Safe Name Safe name for which you want to retrieve the list of all safe members from the Vault.

Output

The output contains a non-dictionary value.

operation: Update Safe Member

Input parameters

Parameter Description
Safe Name Safe name in which to update the safe member.
Membership Expiration Date Provide the expiration date of membership.
Permissions Selected permissions set as true for the safe member. You can select more than one permissions.

Output

The output contains a non-dictionary value.

operation: Delete Safe Member

Input parameters

Parameter Description
Safe Name Safe name from which you want to delete a safe member.
Member Name Name of the member that you want to delete from the safe.

Output

The output contains a non-dictionary value.

operation: Add Policy/ACL

Input parameters

Parameter Description
Command Command that you want to add as a rule to the policy.
Permission Type Allow/deny the specified command.
Restrictions Provide the restrictions to the specified command.
Username Provide the username for whom to apply this policy.

Output

The output contains a non-dictionary value.

operation: List Policy/ACL

Input parameters

None.

Output

The output contains a non-dictionary value.

operation: Delete Policy/ACL

Input parameters

Parameter Description
Policy ID ID of the policy for which you want to delete the specified rules that are associated with the policy.

Output

The output contains a non-dictionary value.

Included playbooks

The Sample - CyberArk - 1.0.0 playbook collection comes bundled with the CyberArk connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the CyberArk connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.