Skip to main content

CyberArk AIM v2

This Integration is part of the CyberArk Central Credential Provider (CCP) Pack.#

The CyberArk Central Credential Provider (CCP) provides a secure safe in which to store your account credentials. Use this integration to retrieve the account credentials in CyberArk CCP. This integration fetches credentials. For more information, see Managing Credentials.

Authentication Options#

The integration uses the Central Credential Provider and supports the following authentication methods:

  • OS User (Windows NTLM Authentication): Set the domain user and password in the credentials field. Make sure your CyberArk Server is configured to support NTLM authentication as documented here. Note that the user option may require specifying full domain\user.
  • Client Certificate Authentication: Enter the Certificate and Private key in the integration instance configuration parameters. Make sure to follow the instructions here to enable the Central Credential Provider to accept client authentication with client certificates.
  • Allowed Machines: Leave all authentication methods empty. Follow CyberArk's instructions here to accept the Cortex XSOAR Server IP for the configured AppID.

Further information is available from CyberArk at:

Configure CyberArkAIM v2 in Cortex#

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for CyberArkCCP.
  3. Click Add instance to create and configure a new integration instance.
ParameterDescriptionRequired
urlServer URL and Port (e.g., https://example.net:1234\)True
app_idAppID as configured in CCPFalse
folderFolder to search in safeTrue
safeSafe to search inTrue
credential_namesCredential names - comma-separated list of credentials names in the safe. Partial names are not supported.False
credentialsUsernameFalse
cert_textCertificate file as textFalse
key_textKey file as textFalse
isFetchCredentialsFetches credentialsFalse
insecureTrust any certificate (not secure)False
proxyUse system proxy settingsFalse

Commands#

You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

cyberark-aim-list-credentials#


Lists all available credentials according to the list of credential names configured.

Base Command#

cyberark-aim-list-credentials

Input#

There are no input arguments for this command.

Context Output#

PathTypeDescription
CyberArkAIM.AccountTypeStringThe type of the account.
CyberArkAIM.AddressStringThe address of the account.
CyberArkAIM.CPMStatusStringThe CMP status of the account.
CyberArkAIM.DomainStringThe domain of the account.
CyberArkAIM.NameStringThe credential name of the account.

Command Example#

!cyberark-aim-list-credentials

Context Example#

{
"CyberArkAIM": {
"AccountCategory": "True",
"AccountDescription": "Built-in account for administering the computer/domain",
"AccountDiscoveryDate": "1573128798",
"AccountEnabled": "True",
"AccountExpirationDate": "0",
"AccountOSGroups": "Administrators",
"AccountType": "Domain",
"Address": "AIM.COM",
"CPMDisabled": "(CPM)Newly discovered dependency",
"CPMStatus": "success",
"CreationMethod": "AutoDetected",
"DeviceType": "Operating System",
"DiscoveryPlatformType": "Windows Domain",
"Domain": "AIM.COM",
"Folder": "Root",
"LastLogonDate": "1572451901",
"LastPasswordSetDate": "1566376303",
"LastSuccessChange": "1575910475",
"LastSuccessReconciliation": "1583521898",
"LastSuccessVerification": "1583256386",
"LastTask": "ReconcileTask",
"LogonDomain": "domain1",
"MachineOSFamily": "Server",
"Name": "name1",
"OSVersion": "Windows Server 2016 Standard",
"OU": "CN=Users,DC=COM",
"PasswordChangeInProcess": "False",
"PasswordNeverExpires": "True",
"PolicyID": "WinDomain",
"RetriesCount": "-1",
"SID": "sid",
"Safe": "Windows Domain Admins",
"SequenceID": "1",
"Tags": "DAdmin",
"UserName": "username1"
}
}

Human Readable Output#

Results#

AccountCategoryAccountDescriptionAccountDiscoveryDateAccountEnabledAccountExpirationDateAccountOSGroupsAccountTypeAddressCPMDisabledCPMStatusCreationMethodDeviceTypeDiscoveryPlatformTypeDomainFolderLastLogonDateLastPasswordSetDateLastSuccessChangeLastSuccessReconciliationLastSuccessVerificationLastTaskLogonDomainMachineOSFamilyNameOSVersionOUPasswordChangeInProcessPasswordNeverExpiresPolicyIDRetriesCountSIDSafeSequenceIDTagsUserName
TrueBuilt-in account for administering the computer/domain1573128798True0AdministratorsDomainAIM.COM(CPM)Newly discovered dependencysuccessAutoDetectedOperating SystemWindows DomainAIM.COMRoot15724519011566376303157591047515835218981583256386ReconcileTaskdomain1Servername1Windows Server 2016 StandardCN=Users,DC=COMFalseTrueWinDomain-1sidWindows Domain Admins1DAdminusername1