Cyberark EPM
Version: 1.0.3
CyberArk Endpoint Privilege Manager provides holistic endpoint protection to secure all endpoints and enforce least privilege without disrupting business.
Connect Cyberark EPM with LogicHub
- Navigate to Automations > Integrations.
- Search for Cyberark EPM.
- Click Details, then the + icon. Enter the required information in the following fields.
- Label: Enter a connection name.
- Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
- Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
- Remote Agent: Run this integration using the LogicHub Remote Agent.
- EPM dispatcher server: EPM dispatcher server. Example 'in.epm.cyberark.com'. Follow https://docs.cyberark.com/EPM/Latest/en/Content/WebServices/WebServicesIntro.htm#EPMdispatcherservername
- Username: Username for EPM server.
- Password: Password of the user in EPM server.
- Application Id: The name of the application or system where the REST API originated. This is hardcoded by users. For example, postman, serviceNow, commandline.
- After you've entered all the details, click Connect.
Actions for Cyberark EPM
List Policies
Retrieves a list of policies, according to one or more filters.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Set ID | Jinja Templated text containing ID of a set that the user has permission to view. | Required |
| Filter | Jinja Templated text containing the filter query to filter policies. E.g "PolicyName CONTAINS elevate". | Optional |
Output
JSON containing the following items:
[
{
"PolicyType": 11,
"ModifiedDate": "2024-04-24T07:58:07.5568286",
"ReferencedApplicationGroups": [],
"PolicyId": "test-id",
"IsAppliedToAllComputers": true,
"CreatedDate": "2024-04-24T07:58:07.5568286",
"OsType": 1,
"has_error": false,
"error": null,
"PolicyName": "test_2401",
"Order": 440,
"UserPolicyPermissions": -1,
"IsActive": true,
"Action": 4
},
{
"PolicyType": 12,
"ModifiedDate": "2024-04-24T08:58:07.5568286",
"ReferencedApplicationGroups": [],
"PolicyId": "test-id1",
"IsAppliedToAllComputers": true,
"CreatedDate": "2024-04-24T07:58:07.5568286",
"OsType": 1,
"has_error": false,
"error": null,
"PolicyName": "test_2411",
"Order": 440,
"UserPolicyPermissions": -1,
"IsActive": true,
"Action": 4
}
]
Get Policy Details
Retrieves details of a policy.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Set ID | Jinja Templated text containing ID of a set that the user has permission to view. | Required |
| Policy ID | Jinja Templated text containing ID of the policy for which to retrieve details. | Required |
Output
JSON containing the following items:
{
"PolicyType": 11,
"ModifiedDate": "2024-04-24T07:58:07.5568286",
"ReferencedApplicationGroups": [],
"PolicyId": "test1",
"IsAppliedToAllComputers": true,
"CreatedDate": "2024-04-24T07:58:07.5568286",
"OsType": 1,
"has_error": false,
"error": null,
"PolicyName": "test_2401",
"Order": 440,
"UserPolicyPermissions": -1,
"IsActive": true,
"Action": 4
}
Delete Policy
This method deletes a policy.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Set Id | Jinja Templated text containing ID of a set that the user has permission to view. | Required |
| Policy Id | Jinja Templated text containing unique ID of the policy to delete. | Required |
Output
JSON containing the following items:
{
"message": "Successfully Deleted.",
"has_error": false,
"error": null
}
Create Policy
This method creates a new policy.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Set Id | Jinja Templated text containing ID of a set that the user has permission to view. | Required |
| Policy Body | Jinja-templated JSON containing the body of the policy. | Required |
Output
JSON containing the following items:
{
"PolicyType": 11,
"Id": "Test",
"UIReplaceUAC": {
"AllowedDialogType": "ElevateOnDemand",
"Id": "00000000-0000-0000-0000-000000000000"
},
"UIAuditVideoInit": {
"AllowedDialogType": "AuditVideoNotify",
"Id": "00000000-0000-0000-0000-000000000000"
},
"Audit": false,
"ExcludeAccounts": {
"Operator": 0,
"UserGroupCollection": [],
"CollectionName": "",
"SelectedAccountCollection": [],
"CollectionId": "00000000-0000-0000-0000-000000000000"
},
"Name": "test_2501",
"Applications": [
{
"displayName": "",
"description": "",
"internalId": 0,
"includeInMatching": true,
"applicationGroupId": "00000000-0000-0000-0000-000000000000",
"protectInstalledFiles": false,
"securityTokenId": "00000000-0000-0000-0000-000000000000",
"patterns": {
"FILE_NAME": {
"compareAs": 0,
"hashAlgorithm": "",
"hash": "",
"content": "test",
"caseSensitive": false,
"isEmpty": false,
"fileSize": 0,
"hashSHA256": "",
"@type": "FileName"
}
},
"applicationType": 3,
"restrictOpenSaveFileDialog": true,
"accountId": "00000000-0000-0000-0000-000000000000",
"id": "Test",
"childProcess": false,
"internalApplicationGroupId": 0
}
],
"IsAppliedToAllComputers": true,
"IncludeADComputerGroups": [],
"ExcludeADComputerGroups": [],
"Executors": [],
"Description": "test_2501 description",
"UIAuditVideoError": {
"AllowedDialogType": "AuditVideoLowDisk",
"Id": "00000000-0000-0000-0000-000000000000"
},
"UIReplaceUacAdmin": {
"AllowedDialogType": "ElevateOnDemand",
"Id": "00000000-0000-0000-0000-000000000000"
},
"ReplaceUacAdmin": true,
"IncludeAccounts": {
"Operator": 0,
"UserGroupCollection": [],
"CollectionName": "",
"SelectedAccountCollection": [],
"CollectionId": "00000000-0000-0000-0000-000000000000"
},
"Accounts": [],
"has_error": false,
"LinkedAgentPolicies": [
{
"DefaultApplicationGroupId": "Test",
"PolicyType": 3,
"Id": "Test"
}
],
"error": null,
"RecordAuditVideo": false,
"Priority": 40,
"AccessControl": null,
"UIShellExtension": {
"AllowedDialogType": "ElevateOnDemand",
"Id": "00000000-0000-0000-0000-000000000000"
},
"Activation": {
"DeactivateDate": null,
"ActivateDate": null,
"AutoDelete": false,
"Scheduler": null
},
"UIAuditVideo": {
"AllowedDialogType": "AuditVideoConfirmation",
"Id": "00000000-0000-0000-0000-000000000000"
},
"ConditionalEnforcement": [],
"ShellExtension": false,
"PreviouslyAppGroup": false,
"IsActive": true,
"ReplaceUAC": true,
"Action": 4
}
Update Policy
This method updates an existing policy.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Set Id | Jinja Templated text containing ID of a set that the user has permission to view. | Required |
| Policy Id | Jinja Templated text containing unique ID of the policy to update. | Required |
| Policy Body | Jinja-templated JSON containing the updated body of the policy. | Required |
Output
JSON containing the following items:
{
"message": "Successfully Updated.",
"Updated Policy": {
"ShellExtension": false,
"Priority": 40,
"UIAuditVideoError": {
"AllowedDialogType": "AuditVideoLowDisk",
"Id": "00000000-0000-0000-0000-000000000000"
},
"ReplaceUAC": true,
"ExcludeADComputerGroups": [],
"UIShellExtension": {
"AllowedDialogType": "ElevateOnDemand",
"Id": "00000000-0000-0000-0000-000000000000"
},
"Description": "test_2501_edit description",
"Executors": [],
"RecordAuditVideo": false,
"Activation": {
"DeactivateDate": null,
"ActivateDate": null,
"AutoDelete": false,
"Scheduler": null
},
"IncludeADComputerGroups": [],
"PreviouslyAppGroup": false,
"Applications": [
{
"displayName": "",
"description": "",
"internalId": 0,
"includeInMatching": true,
"applicationGroupId": "00000000-0000-0000-0000-000000000000",
"protectInstalledFiles": false,
"securityTokenId": "00000000-0000-0000-0000-000000000000",
"patterns": {
"FILE_NAME": {
"compareAs": 0,
"hashAlgorithm": "",
"hash": "",
"content": "test",
"caseSensitive": false,
"isEmpty": false,
"fileSize": 0,
"hashSHA256": "",
"@type": "FileName"
}
},
"applicationType": 3,
"restrictOpenSaveFileDialog": true,
"accountId": "00000000-0000-0000-0000-000000000000",
"id": "Test",
"childProcess": false,
"internalApplicationGroupId": 0
}
],
"UIReplaceUacAdmin": {
"AllowedDialogType": "ElevateOnDemand",
"Id": "00000000-0000-0000-0000-000000000000"
},
"Audit": false,
"IsAppliedToAllComputers": true,
"Name": "test_2501_edit",
"UIAuditVideo": {
"AllowedDialogType": "AuditVideoConfirmation",
"Id": "00000000-0000-0000-0000-000000000000"
},
"IncludeAccounts": {
"Operator": 0,
"UserGroupCollection": [],
"CollectionName": "",
"SelectedAccountCollection": [],
"CollectionId": "00000000-0000-0000-0000-000000000000"
},
"Action": 4,
"ConditionalEnforcement": [],
"AccessControl": null,
"Accounts": [],
"UIAuditVideoInit": {
"AllowedDialogType": "AuditVideoNotify",
"Id": "00000000-0000-0000-0000-000000000000"
},
"ReplaceUacAdmin": true,
"LinkedAgentPolicies": [
{
"DefaultApplicationGroupId": "Test",
"PolicyType": 3,
"Id": "Test"
}
],
"UIReplaceUAC": {
"AllowedDialogType": "ElevateOnDemand",
"Id": "00000000-0000-0000-0000-000000000000"
},
"ExcludeAccounts": {
"Operator": 0,
"UserGroupCollection": [],
"CollectionName": "",
"SelectedAccountCollection": [],
"CollectionId": "00000000-0000-0000-0000-000000000000"
},
"PolicyType": 11,
"Id": "Test",
"IsActive": true
},
"has_error": false,
"error": null
}
Update Ransomware Mode
This method approves or rejects a request for elevated access to a specific application. This creates an elevation policy for the specific user, application, and computer in the request. This policy is active for 24 hours, after which it becomes inactive. It is automatically deleted after 3 months.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Set Id | Jinja Templated text containing ID of a set that the user has permission to view. | Required |
| Ransomware Mode | Select to enable Ransomware Mode. | Required |
Output
JSON containing the following items:
{
"message": "Successfully Updated.",
"has_error": false,
"error": null
}
Temporary Elevation
This method sets the ransomware protection mode.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Set Id | Jinja Templated text containing ID of a set that the user has permission to view. | Required |
| Aggregated By | Jinja Templated text containing aggregatedBy parameter which is an opaque value composed of the checksum (hash) and event type, separated by a comma. Example aggregatedBy EQ "943E0A8C840430E53D8D641CF4CDC1660C75FFE0,ElevationRequest" | Required |
| Elevation | Select elevation category | Required |
| Send Mail | Select whether to send an email to the requestor (Default is False). | Optional |
Output
JSON containing the following items:
{
"SendEmail": true,
"Filter": "aggregatedBy EQ \"16,32\"",
"Elevation": 1
}
Release Notes
v1.0.3- Initial release with the 7 actions:List Policies,Get Policy,Create Policy,Delete Policy,Update Policy,Update Ransomware ModeandTemporary Elevation
Updated 7 months ago