CyberArk provide secure and manage password and other credentials for applications. This connector facilitates automated crud operations for Account Group, User, Safe and Credentials.
This document provides information about the CyberArk connector, which facilitates automated interactions, with a CyberArk server using FortiSOAR™ playbooks. Add the CyberArk connector as a step in FortiSOAR™ playbooks and perform automated operations with CyberArk.
Connector Version: 2.1.0
Authored By: Fortinet
Certified: No
Following enhancements have been made to the CyberArk connector in version 2.1.0:
Get Accounts:
Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command as a root user to install the connector:
yum install cyops-connector-cyberark
For the procedure to configure a connector, click here
In FortiSOAR™, on the Connectors page, click the CyberArk connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:
| Parameter | Description |
|---|---|
| Server URL | URL of the CyberArk server to which you will connect and perform automated operations. |
| Username | Username used to access the CyberArk server to which you will connect and perform the automated operations. |
| Password | Password used to access the CyberArk server to which you will connect and perform the automated operations. |
| Use As Vault | CyberArk integration has other important actions apart from its usage as purely a vault. However, if you intend to use it as a vault in the system, select this option, i.e., set it to True and configure the following additional parameters that are required for the vault to work:
|
| Verify SSL | Specifies whether the SSL certificate for the server is to be verified. By default, this option is selected, i.e., set to true. |
You can use the following automated operations in playbooks and also use the annotations to access operations:
| Function | Description | Annotation and Category |
|---|---|---|
| Add Account Group | Adds a new account group to the vault based on the account ID and group ID you have specified. | add_account_group Miscellaneous |
| Get Accounts | Retrieves details of all accounts from the vault. | get_account Investigation |
| Get Account Group Members | Retrieves all the members of an existing account group from CyberArk based on the group ID you have specified. | get_account_group_info Investigation |
| Delete Member from Account Group | Removes a member from an account group in CyberArk based on the account ID and group ID you have specified. | delete_account_group_members Investigation |
| Add User to Group | Adds a specific user to an existing user group in the vault based on the Member ID and Group ID you have specified. | update_group Miscellaneous |
| Reset User Password | Resets the password for an existing vault user. Important: Only users who have audit users and reset users passwords permissions in the vault can reset the user passwords. Users who are resetting the password must be in the same location or higher as the user whose password is being reset. |
reset_user_password Investigation |
| Logged on User Details | Retrieves the user information of the user who is logged on to CyberArk. | user_details Investigation |
| Get User Details | Retrieves information for a specific user in the vault based on the user ID you have specified. | user_details Investigation |
| Get Groups | Retrieves information of all the groups of the existing user. | get_groups Investigation |
| Add Safe | Adds a new safe to the vault based on the safe name and other input parameters you have specified. | add_safe Miscellaneous |
| List Safes | Retrieves information for all of the user’s safes in the Vault. | list_safes Investigation |
| Get Safe Details | Retrieves details about a specific safe in the vault based on the safe name you have specified. | safe_details Investigation |
| Search Safe | Retrieves information about the safes in the vault based on the criteria mentioned in the search query you have specified. | safe_details Investigation |
| Get Safe Account Groups | Retrieves all the existing account groups that are associated with a specific safe in the vault based on the safe name you have specified. | get_safe_account_groups Investigation |
| Update Safe | Updates an existing safe in the vault based on the safe name and other input parameters you have specified. | update_safe Miscellaneous |
| Delete Safe | Deletes a specified safe from the vault based on the safe name you have specified. | delete_safe Miscellaneous |
| Add Safe Member | Adds an existing user as a safe member in the vault based on the safe name, member name, and other input parameters you have specified. Note: This operation also provides parameters that let the administrator define the type of permission that administrators want to assign to the user that they are adding as a safe member to the specific safe in the vault. |
add_safe_member Miscellaneous |
| List Safe Members | Retrieves a list of members of the specified safe from the vault, based on the safe name you have specified. | list_safe_members Investigation |
| Update Safe Member | Updates an existing safe member in the vault based on the safe name, member name, and other input parameters you have specified. Note: This operation also provides parameters that let the administrator define the type of permission that administrators want to assign to the user that they are updating as a safe member to the specific safe in the vault. |
update_safe_member Investigation |
| Delete Safe Member | Removes a specific member from a specific safe based on the safe name and member name you have specified. | delete_safe_member Investigation |
| Reconcile Credentials | Marks an account for automatic reconciliation by the CPM. | reconcile_credentials Investigation |
| Get Data Stream of Recorded Session | Retrieves a data stream of a specific recorded session. | play_recording Investigation |
| Get Recordings | Retrieves the details of recordings of PSM, PSM for SSH, or OPM sessions from CyberArk. | get_recordings Investigation |
| Get Recording Details by ID | Retrieve the details of a specific recorded session from cyberArk. | get_recording_details Investigation |
| Parameter | Description |
|---|---|
| Account ID | ID of the account that you want to add to the specified group in the vault. |
| Group ID | Group ID in which you want to add the specified account in the vault. |
The output contains the following populated JSON schema:
{
"AccountId": ""
}
| Parameter | Description |
|---|---|
| Filter | (Optional) Specify a filter to search for accounts in CyberArk. |
| Saved Filter | (Optional) Search for accounts using a saved filter(s). You can search using any of the following saved filter types: Regular, Recently, New, Link, etc. |
| Search | (Optional) Specify a list of keywords to search for in accounts, separated by a space. |
| Search Type | (Optional) Specify a search type. You can choose from the following options:
|
| Sort | (Optional) Specify the property or properties to sort returned accounts, followed by asc (default) or desc for ascending and descending, respectively. Separate multiple properties with commas, up to a maximum of three properties. |
| Offset | (Optional) Specify the offset of the first account that is returned in the collection of results. By Default, it set to 0. |
| Limit | Specify the maximum number of results to be returned in the response. Default is 50 and maximum is 1000. When used together with the Offset parameter, this value determines the number of accounts to return, starting from the first account that is returned. |
The output contains the following populated JSON schema:
{
"id": "",
"name": "",
"address": "",
"userName": "",
"platformId": "",
"safeName": "",
"secretType": "",
"platformAccountProperties": {},
"secretManagement": {
"automaticManagementEnabled": "",
"manualManagementReason": "",
"status": "",
"lastModifiedTime": ""
},
"createdTime": ""
}
| Parameter | Description |
|---|---|
| Group ID | Specify the ID of the group whose members you want to retrieve from CyberArk. |
The output contains the following populated JSON schema:
[
{
"AccountID": "",
"SafeName": "",
"PlatformID": "",
"Address": "",
"UserName": ""
}
]
| Parameter | Description |
|---|---|
| Group ID | Specify the ID of the Group in CyberArk from which you want to delete a specific member. |
| Account ID | Specify the ID of the account that you want to delete from the specific group in CyberArk. |
The output contains the following populated JSON schema:
{
"message": ""
}
| Parameter | Description |
|---|---|
| User ID | Specify the ID of the user whose password you want to reset using CyberArk. |
| New Password | Specify the new password that you want to set for the specified user in the vault. |
The output contains the following populated JSON schema:
{
"message": ""
}
| Parameter | Description |
|---|---|
| Member ID | Specify the ID of the member (user) that you want to add to a specified existing group in the vault. |
| Group ID | Specify the ID of the group to which you want to add the specified user. |
The output contains the following populated JSON schema:
{
"memberId": "",
"memberType": ""
}
None.
The output contains the following populated JSON schema:
{
"Users": [
{
"id": "",
"username": "",
"source": "",
"userType": "",
"componentUser": "",
"vaultAuthorization": [],
"location": "",
"personalDetails": {
"firstName": "",
"middleName": "",
"lastName": ""
}
}
]
}
| Parameter | Description |
|---|---|
| User ID | Specify the ID of the user whose details you want to retrieve from CyberArk. |
The output contains the following populated JSON schema:
{
"enableUser": "",
"changePassOnNextLogon": "",
"expiryDate": "",
"suspended": "",
"unAuthorizedInterfaces": [],
"authenticationMethod": [],
"passwordNeverExpires": "",
"distinguishedName": "",
"description": "",
"businessAddress": {
"workStreet": "",
"workCity": "",
"workState": "",
"workZip": "",
"workCountry": ""
},
"internet": {
"homePage": "",
"homeEmail": "",
"businessEmail": "",
"otherEmail": ""
},
"phones": {
"homeNumber": "",
"businessNumber": "",
"cellularNumber": "",
"faxNumber": "",
"pagerNumber": ""
},
"personalDetails": {
"street": "",
"city": "",
"state": "",
"zip": "",
"country": "",
"title": "",
"organization": "",
"department": "",
"profession": "",
"firstName": "",
"middleName": "",
"lastName": ""
},
"id": "",
"username": "",
"source": "",
"userType": "",
"componentUser": "",
"vaultAuthorization": [],
"location": ""
}
None.
The output contains the following populated JSON schema:
{
"Users": [
{
"id": "",
"username": "",
"source": "",
"userType": "",
"componentUser": "",
"vaultAuthorization": [],
"location": "",
"personalDetails": {
"firstName": "",
"middleName": "",
"lastName": ""
}
}
]
}
| Parameter | Description |
|---|---|
| Safe Name | Specify the name of the safe that you want to add to the vault. |
| Retention | Select the retention policy for the safe (for a number of versions or for a number of days) that you are adding to the vault. You can choose from following options:
|
| Description | (Optional) Specify a description of the safe that you want to add to the Vault. |
| Managing CPM | (Optional) Specify the name of the CPM that manages the safe being added to Vault. For example, PasswordManager. |
| OLAC Enabled | Select this option, i.e., set it to true, to enable Object Level Access Control (OLAC). |
The output contains the following populated JSON schema:
{
"NumberOfDaysRetention": "",
"NumberOfVersionsRetention": "",
"OLACEnabled": "",
"AutoPurgeEnabled": "",
"ManagingCPM": "",
"SafeName": "",
"Description": "",
"Location": ""
}
None.
The output contains the following populated JSON schema:
{
"Safes": [
{
"SafeUrlId": "",
"SafeName": "",
"Description": "",
"Location": ""
}
]
}
| Parameter | Description |
|---|---|
| Safe Name | Specify the name of the safe for which you want to retrieve the details from the vault. |
The output contains the following populated JSON schema:
{
"NumberOfDaysRetention": "",
"NumberOfVersionsRetention": "",
"OLACEnabled": "",
"AutoPurgeEnabled": "",
"ManagingCPM": "",
"SafeName": "",
"Description": "",
"Location": ""
}
| Parameter | Description |
|---|---|
| Search Query | Specify the query using which to retrieve details about safes from the vault. |
The output contains the following populated JSON schema:
{
"Safes": [
{
"SafeUrlId": "",
"SafeName": "",
"Description": "",
"Location": ""
}
]
}
| Parameter | Description |
|---|---|
| Safe Name | Specify the name of the safe whose associated account group details you want to retrieve from the vault. |
The output contains the following populated JSON schema:
[
{
"GroupID": "",
"GroupName": "",
"GroupPlatformID": "",
"Safe": ""
}
]
| Parameter | Description |
|---|---|
| Safe Name | Specify the name of the safe that you want to update in the vault. |
| Description | Specify the description of the safe that you want to update in the vault. |
| OLAC Enabled | Select this option, i.e., set it to true, to enable Object Level Access Control (OLAC). |
| Retention | Select the retention policy for the safe (for a number of versions or for a number of days) that you are updating in the vault. You can choose from following options:
|
| Managing CPM | (Optional) Specify the name of the CPM that manages the safe being updated in the Vault. For example, PasswordManager. |
| Location | Specify the location of the safe that you want to update in the vault. |
The output contains the following populated JSON schema:
{
"NumberOfDaysRetention": "",
"NumberOfVersionsRetention": "",
"OLACEnabled": "",
"AutoPurgeEnabled": "",
"ManagingCPM": "",
"SafeName": "",
"Description": "",
"Location": ""
}
| Parameter | Description |
|---|---|
| Safe Name | Specify the name of the safe that you want to delete from the vault. |
The output contains the following populated JSON schema:
{
"message": ""
}
| Parameter | Description |
|---|---|
| Safe Name | Specify the name of the safe in which you want to add a specific member as a safe member. |
| Member Name | Specify the name of the member who you want to add as a safe member to the specific safe. |
| IsExpired Membership Enable | Select this option to assign permission to the safe member that you are adding to enable the expiration of safe members' membership.
NOTE: This and the following parameters define the type of permission that the administrator wants to assign to the user that you want to add as a safe member to the specific safe in the vault. |
| Use Accounts | Select this option to assign permission that allows the safe member that you are adding to use this account but unable able to view the passwords. This is applicable to the safe member. |
| Retrieve Accounts | Select this option to assign permission to the safe member that you are adding to have the ability to view and retrieve accounts associated with the user that you are adding as a safe member in the vault. |
| List Accounts | Select this option to assign permission to the safe member that you are adding to allow the safe member to view account lists. |
| Add Accounts | Select this option to assign permission to the safe member that you are adding to add accounts in the safe. Users who are given Add Accounts authorization receive Update Account Properties as well.
Users who are assigned this permission are automatically assigned the permission to Update Account Properties. Therefore, when Add Accounts is selected, i.e. set to |
| Update Account Content | Select this option to assign permission to the safe member that you are adding to update the account content of a safe member. |
| Update Account Properties | Select this option to assign permission to the safe member that you are adding to update the existing account properties of safe members. When you enable the Add Accounts permission, the Update Account Properties permission is automatically enabled. |
| Initiate CPM Account Management Operations | Select this option to assign permission to the safe member that you are adding to initiate password management operations through CPM, such as changing passwords, verifying, and reconciling passwords. When this parameter is cleared, i.e., set to false, the Specify Next Account Content parameter is automatically set to false. |
| Specify Next Account Content | Select this option to assign permission to the safe member that you are adding to specify the password that will be used when the CPM changes the password value. This parameter can only be specified when Initiate CPM Account Management Operations is selected, i.e. set to True. If you clear the Initiate CPM Account Management Operations parameter, i.e., set to false, then this parameter is automatically set to false. |
| Rename Accounts | Select this option to assign permission to the safe member that you are adding to rename existing accounts in the safe. |
| Delete Accounts | Select this option to assign permission to the safe member that you are adding to delete existing accounts from the safe. |
| Unlock Accounts | Select this option to assign permission to the safe member that you are adding to unlock accounts that are locked by other users. |
| Manage Safe | Select this option to assign permission to the safe member that you are adding to perform administrative tasks of the safe, such as, updating the safe properties, recovering the safe, deleting the safe, etc. |
| Manage Safe Members | Select this option to assign permission to the safe member that you are adding to add and remove safe members, and update their authorizations in the safe. |
| Backup Safe | Select this option to assign permission to the safe member that you are adding to create a backup of a safe and its contents, and store the contents in another location of the safe. |
| View Audit Log | Select this option to assign permission to the safe member that you are adding to view account and user activity in the safe. |
| View Safe Members | Select this option to assign permission to the safe member that you are adding to view account permissions of the safe members. |
| Access Without Confirmation | Select this option to assign permission to the safe member that you are adding to access the safe without confirmation from other authorized users. This overrides the Safe Properties that specify that safe members require confirmation to access the safe. |
| Create Folders | Select this option to assign permission to the safe member that you are adding to create folders in the safe. |
| Delete Folders | Select this option to assign permission to the safe member that you are adding to delete folders from the safe. |
| Move Accounts And Folders | Select this option to assign permission to the safe member that you are adding to move accounts and folders of the safe to different folders and subfolders. |
| Requests Authorization Level1 | Select this option to assign permission to the safe member that you are adding to access the safe without confirmation from other authorized users. This overrides the Safe Properties that specify that safe members require confirmation to access the safe. |
| Requests Authorization Level2 | Select this option to assign permission to the safe member that you are adding to access the safe without confirmation from other authorized users. This overrides the Safe Properties that specify that safe members require confirmation to access the safe. |
The output contains the following populated JSON schema:
{
"MemberType": "",
"IsPredefinedUser": "",
"MemberName": "",
"IsExpiredMembershipEnable": "",
"MembershipExpirationDate": "",
"Permissions": {
"UseAccounts": "",
"RetrieveAccounts": "",
"ListAccounts": "",
"AddAccounts": "",
"UpdateAccountContent": "",
"UpdateAccountProperties": "",
"InitiateCPMAccountManagementOperations": "",
"SpecifyNextAccountContent": "",
"RenameAccounts": "",
"DeleteAccounts": "",
"UnlockAccounts": "",
"ManageSafe": "",
"ManageSafeMembers": "",
"BackupSafe": "",
"ViewAuditLog": "",
"ViewSafeMembers": "",
"AccessWithoutConfirmation": "",
"CreateFolders": "",
"DeleteFolders": "",
"MoveAccountsAndFolders": "",
"RequestsAuthorizationLevel1": "",
"RequestsAuthorizationLevel2": ""
}
}
| Parameter | Description |
|---|---|
| Safe Name | Specify the name of the safe whose safe members you want to retrieve from the vault. |
The output contains the following populated JSON schema:
{
"SafeMembers": [
{
"MemberType": "",
"IsPredefinedUser": "",
"MemberName": "",
"IsExpiredMembershipEnable": "",
"MembershipExpirationDate": "",
"Permissions": {
"UseAccounts": "",
"RetrieveAccounts": "",
"ListAccounts": "",
"AddAccounts": "",
"UpdateAccountContent": "",
"UpdateAccountProperties": "",
"InitiateCPMAccountManagementOperations": "",
"SpecifyNextAccountContent": "",
"RenameAccounts": "",
"DeleteAccounts": "",
"UnlockAccounts": "",
"ManageSafe": "",
"ManageSafeMembers": "",
"BackupSafe": "",
"ViewAuditLog": "",
"ViewSafeMembers": "",
"AccessWithoutConfirmation": "",
"CreateFolders": "",
"DeleteFolders": "",
"MoveAccountsAndFolders": "",
"RequestsAuthorizationLevel1": "",
"RequestsAuthorizationLevel2": ""
}
}
]
}
| Parameter | Description |
|---|---|
| Safe Name | Specify the name of the safe in which you want to update a specific member as a safe member. |
| Member Name | Specify the name of the member who you want to update as a safe member to the specific safe. |
| IsExpired Membership Enable | Select this option to assign permission to the safe member that you are updating to enable the expiration of safe members' membership.
NOTE: This and the following parameters define the type of permission that the administrator wants to assign to the user that you want to add as a safe member to the specific safe in the vault. |
| Use Accounts | Select this option to assign permission that allows the safe member that you are adding to use this account but who will be unable able to view the passwords. This is applicable to the safe member. |
| Retrieve Accounts | Select this option to assign permission to the safe member that you are updating to have the ability to view and retrieve accounts associated with the user that you are adding as a safe member in the vault. |
| List Accounts | Select this option to assign permission to the safe member that you are updating to allow the safe member to view account lists. |
| Add Accounts | Select this option to assign permission to the safe member that you are updating to add accounts in the safe. Users who are given Add Accounts authorization receive Update Account Properties as well.
Users who are assigned this permission are automatically assigned the permission to Update Account Properties. Therefore, when Add Accounts is selected, i.e. set to |
| Update Account Content | Select this option to assign permission to the safe member that you are updating to update the account content of a safe member. |
| Update Account Properties | Select this option to assign permission to the safe member that you are updating to update the existing account properties of safe members. When you enable the Add Accounts permission, the Update Account Properties permission is automatically enabled. |
| Initiate CPM Account Management Operations | Select this option to assign permission to the safe member that you are updating to initiate password management operations through CPM, such as changing passwords, verifying, and reconciling passwords. When this parameter is cleared, i.e., set to false, the Specify Next Account Content parameter is automatically set to false. |
| Specify Next Account Content | Select this option to assign permission to the safe member that you are updating to specify the password that will be used when the CPM changes the password value. This parameter can only be specified when Initiate CPM Account Management Operations is selected, i.e. set to True. If you clear the Initiate CPM Account Management Operations parameter, i.e., set to false, then this parameter is automatically set to false. |
| Rename Accounts | Select this option to assign permission to the safe member that you are updating to rename existing accounts in the safe. |
| Delete Accounts | Select this option to assign permission to the safe member that you are updating to delete existing accounts from the safe. |
| Unlock Accounts | Select this option to assign permission to the safe member that you are updating to unlock accounts that are locked by other users. |
| Manage Safe | Select this option to assign permission to the safe member that you are updating to perform administrative tasks of the safe, such as, updating the safe properties, recovering the safe, deleting the safe, etc. |
| Manage Safe Members | Select this option to assign permission to the safe member that you are updating to add and remove safe members, and update their authorizations in the safe. |
| Backup Safe | Select this option to assign permission to the safe member that you are updating to create a backup of a safe and its contents, and store the contents in another location of the safe. |
| View Audit Log | Select this option to assign permission to the safe member that you are updating to view account and user activity in the safe. |
| View Safe Members | Select this option to assign permission to the safe member that you are updating to view account permissions of the safe members. |
| Access Without Confirmation | Select this option to assign permission to the safe member that you are updating to access the safe without confirmation from other authorized users. This overrides the Safe Properties that specify that safe members require confirmation to access the safe. |
| Create Folders | Select this option to assign permission to the safe member that you are updating to create folders in the safe. |
| Delete Folders | Select this option to assign permission to the safe member that you are updating to delete folders from the safe. |
| Move Accounts And Folders | Select this option to assign permission to the safe member that you are updating to move accounts and folders of the safe to different folders and subfolders. |
| Requests Authorization Level1 | Select this option to assign permission to the safe member that you are updating to access the safe without confirmation from other authorized users. This overrides the Safe Properties that specify that safe members require confirmation to access the safe. |
| Requests Authorization Level2 | Select this option to assign permission to the safe member to access the safe without confirmation from other authorized users. This overrides the Safe Properties that specify that safe members require confirmation to access the safe. |
The output contains the following populated JSON schema:
{
"MemberType": "",
"IsPredefinedUser": "",
"MemberName": "",
"IsExpiredMembershipEnable": "",
"MembershipExpirationDate": "",
"Permissions": {
"UseAccounts": "",
"RetrieveAccounts": "",
"ListAccounts": "",
"AddAccounts": "",
"UpdateAccountContent": "",
"UpdateAccountProperties": "",
"InitiateCPMAccountManagementOperations": "",
"SpecifyNextAccountContent": "",
"RenameAccounts": "",
"DeleteAccounts": "",
"UnlockAccounts": "",
"ManageSafe": "",
"ManageSafeMembers": "",
"BackupSafe": "",
"ViewAuditLog": "",
"ViewSafeMembers": "",
"AccessWithoutConfirmation": "",
"CreateFolders": "",
"DeleteFolders": "",
"MoveAccountsAndFolders": "",
"RequestsAuthorizationLevel1": "",
"RequestsAuthorizationLevel2": ""
}
}
| Parameter | Description |
|---|---|
| Safe Name | Specify the name of the safe from which you want to delete the specified safe member. |
| Member Name | Specify the name of the member that you want to delete from the specified safe. |
The output contains the following populated JSON schema:
{
"message": ""
}
| Parameter | Description |
|---|---|
| Account ID | Specify the ID of the account that you want to reconcile credentials in CyberArk. |
The output contains a non-dictionary value.
| Parameter | Description |
|---|---|
| Recording ID | Specify the ID of the recording based on which you want to retrieve data stream. |
The output contains a non-dictionary value.
| Parameter | Description |
|---|---|
| Safe Name | (Optional) Specify the name of the safe from which to retrieve specific recording details. |
| FromTime | (Optional) Specify the unix time to filter retrieved recordings from the specified date. |
| ToTime | (Optional) Specify the unix time to filter retrieved recordings before the specified date. |
| Activities | (Optional) Specify the specific activities to filter retrieved recordings. |
| Search | (Optional) Specify the search text to filter retrieved recordings by properties. |
| Sort | (Optional) Specify the sorting criteria and order to sort retrieved recordings. Add - (dash) before a recording property to sort in descending order by that property. |
| Offset | (Optional) Specify the count of items to skip when retrieving recordings. By Default, it set to 0. |
| Limit | (Optional) Specify the maximum number of results to be returned in the response. When used together with the Offset parameter, this value determines the number of recordings to return, starting from the first recording that is returned. By Default, it set to 25. |
The output contains a non-dictionary value.
| Parameter | Description |
|---|---|
| Recording ID | Specify the ID of the recording to retrieve its details from CyberArk. |
The output contains a non-dictionary value.
The Sample - CyberArk - 2.1.0 playbook collection comes bundled with the CyberArk connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the CyberArk connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
To configure your CyberArk Connector you must have the application ID issued to you by CyberArk that is used for the password retrieval process and the name of the Safe that stores the credentials, including passwords. Use the following procedure to retrieve your application ID:
You can search for applications on the Applications List page and also retrieve the application ID for your application from this page. You will require the Application ID when you are configuring the CyberArk connector.
Enter the details required in the Add Application form and click Add.
You can either add a new safe by clicking the Add Safe button or, you can edit the details of an existing safe.
If you are adding a new safe then fill in the details of the new safe in the Add Safe form and then edit the members of the newly-created safe to add the application that you had created in Step 3.
If you want to edit the details of an existing safe, then select the safe that you want to edit as shown in the above image, and then click Members.
Click Add Member to add the application that you had created in Step 3.
Complete the Add Account wizard that includes selecting the system type and platform for the account. In the Store in Safe step, ensure that you select the same safe that you had selected or created in Step 4, and then define the properties of the account and click Add.
Important: If you leave the Username field blank in the Add Account screen, then the user gets saved as a "blank" entry. The username that you specify on this screen is what gets displayed in the "Vault" option of Dynamic Values. For more information on Dynamic Values, see the FortiSOAR™ product documentation.
Therefore, when you are using CyberArk as your Password Vault, a user who has been saved as a "blank" also shows up as a blank in "Dynamic Values".
CyberArk provide secure and manage password and other credentials for applications. This connector facilitates automated crud operations for Account Group, User, Safe and Credentials.
This document provides information about the CyberArk connector, which facilitates automated interactions, with a CyberArk server using FortiSOAR™ playbooks. Add the CyberArk connector as a step in FortiSOAR™ playbooks and perform automated operations with CyberArk.
Connector Version: 2.1.0
Authored By: Fortinet
Certified: No
Following enhancements have been made to the CyberArk connector in version 2.1.0:
Get Accounts:
Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command as a root user to install the connector:
yum install cyops-connector-cyberark
For the procedure to configure a connector, click here
In FortiSOAR™, on the Connectors page, click the CyberArk connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:
| Parameter | Description |
|---|---|
| Server URL | URL of the CyberArk server to which you will connect and perform automated operations. |
| Username | Username used to access the CyberArk server to which you will connect and perform the automated operations. |
| Password | Password used to access the CyberArk server to which you will connect and perform the automated operations. |
| Use As Vault | CyberArk integration has other important actions apart from its usage as purely a vault. However, if you intend to use it as a vault in the system, select this option, i.e., set it to True and configure the following additional parameters that are required for the vault to work:
|
| Verify SSL | Specifies whether the SSL certificate for the server is to be verified. By default, this option is selected, i.e., set to true. |
You can use the following automated operations in playbooks and also use the annotations to access operations:
| Function | Description | Annotation and Category |
|---|---|---|
| Add Account Group | Adds a new account group to the vault based on the account ID and group ID you have specified. | add_account_group Miscellaneous |
| Get Accounts | Retrieves details of all accounts from the vault. | get_account Investigation |
| Get Account Group Members | Retrieves all the members of an existing account group from CyberArk based on the group ID you have specified. | get_account_group_info Investigation |
| Delete Member from Account Group | Removes a member from an account group in CyberArk based on the account ID and group ID you have specified. | delete_account_group_members Investigation |
| Add User to Group | Adds a specific user to an existing user group in the vault based on the Member ID and Group ID you have specified. | update_group Miscellaneous |
| Reset User Password | Resets the password for an existing vault user. Important: Only users who have audit users and reset users passwords permissions in the vault can reset the user passwords. Users who are resetting the password must be in the same location or higher as the user whose password is being reset. |
reset_user_password Investigation |
| Logged on User Details | Retrieves the user information of the user who is logged on to CyberArk. | user_details Investigation |
| Get User Details | Retrieves information for a specific user in the vault based on the user ID you have specified. | user_details Investigation |
| Get Groups | Retrieves information of all the groups of the existing user. | get_groups Investigation |
| Add Safe | Adds a new safe to the vault based on the safe name and other input parameters you have specified. | add_safe Miscellaneous |
| List Safes | Retrieves information for all of the user’s safes in the Vault. | list_safes Investigation |
| Get Safe Details | Retrieves details about a specific safe in the vault based on the safe name you have specified. | safe_details Investigation |
| Search Safe | Retrieves information about the safes in the vault based on the criteria mentioned in the search query you have specified. | safe_details Investigation |
| Get Safe Account Groups | Retrieves all the existing account groups that are associated with a specific safe in the vault based on the safe name you have specified. | get_safe_account_groups Investigation |
| Update Safe | Updates an existing safe in the vault based on the safe name and other input parameters you have specified. | update_safe Miscellaneous |
| Delete Safe | Deletes a specified safe from the vault based on the safe name you have specified. | delete_safe Miscellaneous |
| Add Safe Member | Adds an existing user as a safe member in the vault based on the safe name, member name, and other input parameters you have specified. Note: This operation also provides parameters that let the administrator define the type of permission that administrators want to assign to the user that they are adding as a safe member to the specific safe in the vault. |
add_safe_member Miscellaneous |
| List Safe Members | Retrieves a list of members of the specified safe from the vault, based on the safe name you have specified. | list_safe_members Investigation |
| Update Safe Member | Updates an existing safe member in the vault based on the safe name, member name, and other input parameters you have specified. Note: This operation also provides parameters that let the administrator define the type of permission that administrators want to assign to the user that they are updating as a safe member to the specific safe in the vault. |
update_safe_member Investigation |
| Delete Safe Member | Removes a specific member from a specific safe based on the safe name and member name you have specified. | delete_safe_member Investigation |
| Reconcile Credentials | Marks an account for automatic reconciliation by the CPM. | reconcile_credentials Investigation |
| Get Data Stream of Recorded Session | Retrieves a data stream of a specific recorded session. | play_recording Investigation |
| Get Recordings | Retrieves the details of recordings of PSM, PSM for SSH, or OPM sessions from CyberArk. | get_recordings Investigation |
| Get Recording Details by ID | Retrieve the details of a specific recorded session from cyberArk. | get_recording_details Investigation |
| Parameter | Description |
|---|---|
| Account ID | ID of the account that you want to add to the specified group in the vault. |
| Group ID | Group ID in which you want to add the specified account in the vault. |
The output contains the following populated JSON schema:
{
"AccountId": ""
}
| Parameter | Description |
|---|---|
| Filter | (Optional) Specify a filter to search for accounts in CyberArk. |
| Saved Filter | (Optional) Search for accounts using a saved filter(s). You can search using any of the following saved filter types: Regular, Recently, New, Link, etc. |
| Search | (Optional) Specify a list of keywords to search for in accounts, separated by a space. |
| Search Type | (Optional) Specify a search type. You can choose from the following options:
|
| Sort | (Optional) Specify the property or properties to sort returned accounts, followed by asc (default) or desc for ascending and descending, respectively. Separate multiple properties with commas, up to a maximum of three properties. |
| Offset | (Optional) Specify the offset of the first account that is returned in the collection of results. By Default, it set to 0. |
| Limit | Specify the maximum number of results to be returned in the response. Default is 50 and maximum is 1000. When used together with the Offset parameter, this value determines the number of accounts to return, starting from the first account that is returned. |
The output contains the following populated JSON schema:
{
"id": "",
"name": "",
"address": "",
"userName": "",
"platformId": "",
"safeName": "",
"secretType": "",
"platformAccountProperties": {},
"secretManagement": {
"automaticManagementEnabled": "",
"manualManagementReason": "",
"status": "",
"lastModifiedTime": ""
},
"createdTime": ""
}
| Parameter | Description |
|---|---|
| Group ID | Specify the ID of the group whose members you want to retrieve from CyberArk. |
The output contains the following populated JSON schema:
[
{
"AccountID": "",
"SafeName": "",
"PlatformID": "",
"Address": "",
"UserName": ""
}
]
| Parameter | Description |
|---|---|
| Group ID | Specify the ID of the Group in CyberArk from which you want to delete a specific member. |
| Account ID | Specify the ID of the account that you want to delete from the specific group in CyberArk. |
The output contains the following populated JSON schema:
{
"message": ""
}
| Parameter | Description |
|---|---|
| User ID | Specify the ID of the user whose password you want to reset using CyberArk. |
| New Password | Specify the new password that you want to set for the specified user in the vault. |
The output contains the following populated JSON schema:
{
"message": ""
}
| Parameter | Description |
|---|---|
| Member ID | Specify the ID of the member (user) that you want to add to a specified existing group in the vault. |
| Group ID | Specify the ID of the group to which you want to add the specified user. |
The output contains the following populated JSON schema:
{
"memberId": "",
"memberType": ""
}
None.
The output contains the following populated JSON schema:
{
"Users": [
{
"id": "",
"username": "",
"source": "",
"userType": "",
"componentUser": "",
"vaultAuthorization": [],
"location": "",
"personalDetails": {
"firstName": "",
"middleName": "",
"lastName": ""
}
}
]
}
| Parameter | Description |
|---|---|
| User ID | Specify the ID of the user whose details you want to retrieve from CyberArk. |
The output contains the following populated JSON schema:
{
"enableUser": "",
"changePassOnNextLogon": "",
"expiryDate": "",
"suspended": "",
"unAuthorizedInterfaces": [],
"authenticationMethod": [],
"passwordNeverExpires": "",
"distinguishedName": "",
"description": "",
"businessAddress": {
"workStreet": "",
"workCity": "",
"workState": "",
"workZip": "",
"workCountry": ""
},
"internet": {
"homePage": "",
"homeEmail": "",
"businessEmail": "",
"otherEmail": ""
},
"phones": {
"homeNumber": "",
"businessNumber": "",
"cellularNumber": "",
"faxNumber": "",
"pagerNumber": ""
},
"personalDetails": {
"street": "",
"city": "",
"state": "",
"zip": "",
"country": "",
"title": "",
"organization": "",
"department": "",
"profession": "",
"firstName": "",
"middleName": "",
"lastName": ""
},
"id": "",
"username": "",
"source": "",
"userType": "",
"componentUser": "",
"vaultAuthorization": [],
"location": ""
}
None.
The output contains the following populated JSON schema:
{
"Users": [
{
"id": "",
"username": "",
"source": "",
"userType": "",
"componentUser": "",
"vaultAuthorization": [],
"location": "",
"personalDetails": {
"firstName": "",
"middleName": "",
"lastName": ""
}
}
]
}
| Parameter | Description |
|---|---|
| Safe Name | Specify the name of the safe that you want to add to the vault. |
| Retention | Select the retention policy for the safe (for a number of versions or for a number of days) that you are adding to the vault. You can choose from following options:
|
| Description | (Optional) Specify a description of the safe that you want to add to the Vault. |
| Managing CPM | (Optional) Specify the name of the CPM that manages the safe being added to Vault. For example, PasswordManager. |
| OLAC Enabled | Select this option, i.e., set it to true, to enable Object Level Access Control (OLAC). |
The output contains the following populated JSON schema:
{
"NumberOfDaysRetention": "",
"NumberOfVersionsRetention": "",
"OLACEnabled": "",
"AutoPurgeEnabled": "",
"ManagingCPM": "",
"SafeName": "",
"Description": "",
"Location": ""
}
None.
The output contains the following populated JSON schema:
{
"Safes": [
{
"SafeUrlId": "",
"SafeName": "",
"Description": "",
"Location": ""
}
]
}
| Parameter | Description |
|---|---|
| Safe Name | Specify the name of the safe for which you want to retrieve the details from the vault. |
The output contains the following populated JSON schema:
{
"NumberOfDaysRetention": "",
"NumberOfVersionsRetention": "",
"OLACEnabled": "",
"AutoPurgeEnabled": "",
"ManagingCPM": "",
"SafeName": "",
"Description": "",
"Location": ""
}
| Parameter | Description |
|---|---|
| Search Query | Specify the query using which to retrieve details about safes from the vault. |
The output contains the following populated JSON schema:
{
"Safes": [
{
"SafeUrlId": "",
"SafeName": "",
"Description": "",
"Location": ""
}
]
}
| Parameter | Description |
|---|---|
| Safe Name | Specify the name of the safe whose associated account group details you want to retrieve from the vault. |
The output contains the following populated JSON schema:
[
{
"GroupID": "",
"GroupName": "",
"GroupPlatformID": "",
"Safe": ""
}
]
| Parameter | Description |
|---|---|
| Safe Name | Specify the name of the safe that you want to update in the vault. |
| Description | Specify the description of the safe that you want to update in the vault. |
| OLAC Enabled | Select this option, i.e., set it to true, to enable Object Level Access Control (OLAC). |
| Retention | Select the retention policy for the safe (for a number of versions or for a number of days) that you are updating in the vault. You can choose from following options:
|
| Managing CPM | (Optional) Specify the name of the CPM that manages the safe being updated in the Vault. For example, PasswordManager. |
| Location | Specify the location of the safe that you want to update in the vault. |
The output contains the following populated JSON schema:
{
"NumberOfDaysRetention": "",
"NumberOfVersionsRetention": "",
"OLACEnabled": "",
"AutoPurgeEnabled": "",
"ManagingCPM": "",
"SafeName": "",
"Description": "",
"Location": ""
}
| Parameter | Description |
|---|---|
| Safe Name | Specify the name of the safe that you want to delete from the vault. |
The output contains the following populated JSON schema:
{
"message": ""
}
| Parameter | Description |
|---|---|
| Safe Name | Specify the name of the safe in which you want to add a specific member as a safe member. |
| Member Name | Specify the name of the member who you want to add as a safe member to the specific safe. |
| IsExpired Membership Enable | Select this option to assign permission to the safe member that you are adding to enable the expiration of safe members' membership.
NOTE: This and the following parameters define the type of permission that the administrator wants to assign to the user that you want to add as a safe member to the specific safe in the vault. |
| Use Accounts | Select this option to assign permission that allows the safe member that you are adding to use this account but unable able to view the passwords. This is applicable to the safe member. |
| Retrieve Accounts | Select this option to assign permission to the safe member that you are adding to have the ability to view and retrieve accounts associated with the user that you are adding as a safe member in the vault. |
| List Accounts | Select this option to assign permission to the safe member that you are adding to allow the safe member to view account lists. |
| Add Accounts | Select this option to assign permission to the safe member that you are adding to add accounts in the safe. Users who are given Add Accounts authorization receive Update Account Properties as well.
Users who are assigned this permission are automatically assigned the permission to Update Account Properties. Therefore, when Add Accounts is selected, i.e. set to |
| Update Account Content | Select this option to assign permission to the safe member that you are adding to update the account content of a safe member. |
| Update Account Properties | Select this option to assign permission to the safe member that you are adding to update the existing account properties of safe members. When you enable the Add Accounts permission, the Update Account Properties permission is automatically enabled. |
| Initiate CPM Account Management Operations | Select this option to assign permission to the safe member that you are adding to initiate password management operations through CPM, such as changing passwords, verifying, and reconciling passwords. When this parameter is cleared, i.e., set to false, the Specify Next Account Content parameter is automatically set to false. |
| Specify Next Account Content | Select this option to assign permission to the safe member that you are adding to specify the password that will be used when the CPM changes the password value. This parameter can only be specified when Initiate CPM Account Management Operations is selected, i.e. set to True. If you clear the Initiate CPM Account Management Operations parameter, i.e., set to false, then this parameter is automatically set to false. |
| Rename Accounts | Select this option to assign permission to the safe member that you are adding to rename existing accounts in the safe. |
| Delete Accounts | Select this option to assign permission to the safe member that you are adding to delete existing accounts from the safe. |
| Unlock Accounts | Select this option to assign permission to the safe member that you are adding to unlock accounts that are locked by other users. |
| Manage Safe | Select this option to assign permission to the safe member that you are adding to perform administrative tasks of the safe, such as, updating the safe properties, recovering the safe, deleting the safe, etc. |
| Manage Safe Members | Select this option to assign permission to the safe member that you are adding to add and remove safe members, and update their authorizations in the safe. |
| Backup Safe | Select this option to assign permission to the safe member that you are adding to create a backup of a safe and its contents, and store the contents in another location of the safe. |
| View Audit Log | Select this option to assign permission to the safe member that you are adding to view account and user activity in the safe. |
| View Safe Members | Select this option to assign permission to the safe member that you are adding to view account permissions of the safe members. |
| Access Without Confirmation | Select this option to assign permission to the safe member that you are adding to access the safe without confirmation from other authorized users. This overrides the Safe Properties that specify that safe members require confirmation to access the safe. |
| Create Folders | Select this option to assign permission to the safe member that you are adding to create folders in the safe. |
| Delete Folders | Select this option to assign permission to the safe member that you are adding to delete folders from the safe. |
| Move Accounts And Folders | Select this option to assign permission to the safe member that you are adding to move accounts and folders of the safe to different folders and subfolders. |
| Requests Authorization Level1 | Select this option to assign permission to the safe member that you are adding to access the safe without confirmation from other authorized users. This overrides the Safe Properties that specify that safe members require confirmation to access the safe. |
| Requests Authorization Level2 | Select this option to assign permission to the safe member that you are adding to access the safe without confirmation from other authorized users. This overrides the Safe Properties that specify that safe members require confirmation to access the safe. |
The output contains the following populated JSON schema:
{
"MemberType": "",
"IsPredefinedUser": "",
"MemberName": "",
"IsExpiredMembershipEnable": "",
"MembershipExpirationDate": "",
"Permissions": {
"UseAccounts": "",
"RetrieveAccounts": "",
"ListAccounts": "",
"AddAccounts": "",
"UpdateAccountContent": "",
"UpdateAccountProperties": "",
"InitiateCPMAccountManagementOperations": "",
"SpecifyNextAccountContent": "",
"RenameAccounts": "",
"DeleteAccounts": "",
"UnlockAccounts": "",
"ManageSafe": "",
"ManageSafeMembers": "",
"BackupSafe": "",
"ViewAuditLog": "",
"ViewSafeMembers": "",
"AccessWithoutConfirmation": "",
"CreateFolders": "",
"DeleteFolders": "",
"MoveAccountsAndFolders": "",
"RequestsAuthorizationLevel1": "",
"RequestsAuthorizationLevel2": ""
}
}
| Parameter | Description |
|---|---|
| Safe Name | Specify the name of the safe whose safe members you want to retrieve from the vault. |
The output contains the following populated JSON schema:
{
"SafeMembers": [
{
"MemberType": "",
"IsPredefinedUser": "",
"MemberName": "",
"IsExpiredMembershipEnable": "",
"MembershipExpirationDate": "",
"Permissions": {
"UseAccounts": "",
"RetrieveAccounts": "",
"ListAccounts": "",
"AddAccounts": "",
"UpdateAccountContent": "",
"UpdateAccountProperties": "",
"InitiateCPMAccountManagementOperations": "",
"SpecifyNextAccountContent": "",
"RenameAccounts": "",
"DeleteAccounts": "",
"UnlockAccounts": "",
"ManageSafe": "",
"ManageSafeMembers": "",
"BackupSafe": "",
"ViewAuditLog": "",
"ViewSafeMembers": "",
"AccessWithoutConfirmation": "",
"CreateFolders": "",
"DeleteFolders": "",
"MoveAccountsAndFolders": "",
"RequestsAuthorizationLevel1": "",
"RequestsAuthorizationLevel2": ""
}
}
]
}
| Parameter | Description |
|---|---|
| Safe Name | Specify the name of the safe in which you want to update a specific member as a safe member. |
| Member Name | Specify the name of the member who you want to update as a safe member to the specific safe. |
| IsExpired Membership Enable | Select this option to assign permission to the safe member that you are updating to enable the expiration of safe members' membership.
NOTE: This and the following parameters define the type of permission that the administrator wants to assign to the user that you want to add as a safe member to the specific safe in the vault. |
| Use Accounts | Select this option to assign permission that allows the safe member that you are adding to use this account but who will be unable able to view the passwords. This is applicable to the safe member. |
| Retrieve Accounts | Select this option to assign permission to the safe member that you are updating to have the ability to view and retrieve accounts associated with the user that you are adding as a safe member in the vault. |
| List Accounts | Select this option to assign permission to the safe member that you are updating to allow the safe member to view account lists. |
| Add Accounts | Select this option to assign permission to the safe member that you are updating to add accounts in the safe. Users who are given Add Accounts authorization receive Update Account Properties as well.
Users who are assigned this permission are automatically assigned the permission to Update Account Properties. Therefore, when Add Accounts is selected, i.e. set to |
| Update Account Content | Select this option to assign permission to the safe member that you are updating to update the account content of a safe member. |
| Update Account Properties | Select this option to assign permission to the safe member that you are updating to update the existing account properties of safe members. When you enable the Add Accounts permission, the Update Account Properties permission is automatically enabled. |
| Initiate CPM Account Management Operations | Select this option to assign permission to the safe member that you are updating to initiate password management operations through CPM, such as changing passwords, verifying, and reconciling passwords. When this parameter is cleared, i.e., set to false, the Specify Next Account Content parameter is automatically set to false. |
| Specify Next Account Content | Select this option to assign permission to the safe member that you are updating to specify the password that will be used when the CPM changes the password value. This parameter can only be specified when Initiate CPM Account Management Operations is selected, i.e. set to True. If you clear the Initiate CPM Account Management Operations parameter, i.e., set to false, then this parameter is automatically set to false. |
| Rename Accounts | Select this option to assign permission to the safe member that you are updating to rename existing accounts in the safe. |
| Delete Accounts | Select this option to assign permission to the safe member that you are updating to delete existing accounts from the safe. |
| Unlock Accounts | Select this option to assign permission to the safe member that you are updating to unlock accounts that are locked by other users. |
| Manage Safe | Select this option to assign permission to the safe member that you are updating to perform administrative tasks of the safe, such as, updating the safe properties, recovering the safe, deleting the safe, etc. |
| Manage Safe Members | Select this option to assign permission to the safe member that you are updating to add and remove safe members, and update their authorizations in the safe. |
| Backup Safe | Select this option to assign permission to the safe member that you are updating to create a backup of a safe and its contents, and store the contents in another location of the safe. |
| View Audit Log | Select this option to assign permission to the safe member that you are updating to view account and user activity in the safe. |
| View Safe Members | Select this option to assign permission to the safe member that you are updating to view account permissions of the safe members. |
| Access Without Confirmation | Select this option to assign permission to the safe member that you are updating to access the safe without confirmation from other authorized users. This overrides the Safe Properties that specify that safe members require confirmation to access the safe. |
| Create Folders | Select this option to assign permission to the safe member that you are updating to create folders in the safe. |
| Delete Folders | Select this option to assign permission to the safe member that you are updating to delete folders from the safe. |
| Move Accounts And Folders | Select this option to assign permission to the safe member that you are updating to move accounts and folders of the safe to different folders and subfolders. |
| Requests Authorization Level1 | Select this option to assign permission to the safe member that you are updating to access the safe without confirmation from other authorized users. This overrides the Safe Properties that specify that safe members require confirmation to access the safe. |
| Requests Authorization Level2 | Select this option to assign permission to the safe member to access the safe without confirmation from other authorized users. This overrides the Safe Properties that specify that safe members require confirmation to access the safe. |
The output contains the following populated JSON schema:
{
"MemberType": "",
"IsPredefinedUser": "",
"MemberName": "",
"IsExpiredMembershipEnable": "",
"MembershipExpirationDate": "",
"Permissions": {
"UseAccounts": "",
"RetrieveAccounts": "",
"ListAccounts": "",
"AddAccounts": "",
"UpdateAccountContent": "",
"UpdateAccountProperties": "",
"InitiateCPMAccountManagementOperations": "",
"SpecifyNextAccountContent": "",
"RenameAccounts": "",
"DeleteAccounts": "",
"UnlockAccounts": "",
"ManageSafe": "",
"ManageSafeMembers": "",
"BackupSafe": "",
"ViewAuditLog": "",
"ViewSafeMembers": "",
"AccessWithoutConfirmation": "",
"CreateFolders": "",
"DeleteFolders": "",
"MoveAccountsAndFolders": "",
"RequestsAuthorizationLevel1": "",
"RequestsAuthorizationLevel2": ""
}
}
| Parameter | Description |
|---|---|
| Safe Name | Specify the name of the safe from which you want to delete the specified safe member. |
| Member Name | Specify the name of the member that you want to delete from the specified safe. |
The output contains the following populated JSON schema:
{
"message": ""
}
| Parameter | Description |
|---|---|
| Account ID | Specify the ID of the account that you want to reconcile credentials in CyberArk. |
The output contains a non-dictionary value.
| Parameter | Description |
|---|---|
| Recording ID | Specify the ID of the recording based on which you want to retrieve data stream. |
The output contains a non-dictionary value.
| Parameter | Description |
|---|---|
| Safe Name | (Optional) Specify the name of the safe from which to retrieve specific recording details. |
| FromTime | (Optional) Specify the unix time to filter retrieved recordings from the specified date. |
| ToTime | (Optional) Specify the unix time to filter retrieved recordings before the specified date. |
| Activities | (Optional) Specify the specific activities to filter retrieved recordings. |
| Search | (Optional) Specify the search text to filter retrieved recordings by properties. |
| Sort | (Optional) Specify the sorting criteria and order to sort retrieved recordings. Add - (dash) before a recording property to sort in descending order by that property. |
| Offset | (Optional) Specify the count of items to skip when retrieving recordings. By Default, it set to 0. |
| Limit | (Optional) Specify the maximum number of results to be returned in the response. When used together with the Offset parameter, this value determines the number of recordings to return, starting from the first recording that is returned. By Default, it set to 25. |
The output contains a non-dictionary value.
| Parameter | Description |
|---|---|
| Recording ID | Specify the ID of the recording to retrieve its details from CyberArk. |
The output contains a non-dictionary value.
The Sample - CyberArk - 2.1.0 playbook collection comes bundled with the CyberArk connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the CyberArk connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
To configure your CyberArk Connector you must have the application ID issued to you by CyberArk that is used for the password retrieval process and the name of the Safe that stores the credentials, including passwords. Use the following procedure to retrieve your application ID:
You can search for applications on the Applications List page and also retrieve the application ID for your application from this page. You will require the Application ID when you are configuring the CyberArk connector.
Enter the details required in the Add Application form and click Add.
You can either add a new safe by clicking the Add Safe button or, you can edit the details of an existing safe.
If you are adding a new safe then fill in the details of the new safe in the Add Safe form and then edit the members of the newly-created safe to add the application that you had created in Step 3.
If you want to edit the details of an existing safe, then select the safe that you want to edit as shown in the above image, and then click Members.
Click Add Member to add the application that you had created in Step 3.
Complete the Add Account wizard that includes selecting the system type and platform for the account. In the Store in Safe step, ensure that you select the same safe that you had selected or created in Step 4, and then define the properties of the account and click Add.
Important: If you leave the Username field blank in the Add Account screen, then the user gets saved as a "blank" entry. The username that you specify on this screen is what gets displayed in the "Vault" option of Dynamic Values. For more information on Dynamic Values, see the FortiSOAR™ product documentation.
Therefore, when you are using CyberArk as your Password Vault, a user who has been saved as a "blank" also shows up as a blank in "Dynamic Values".