CyberArk Core Privileged Access Security Solution & InsightIDR

CyberArk Core Privileged Access Security Solution & InsightIDR Integration Brief

Protect, Detect, and Mitigate Threats Targeting Your Privileged Users

With the CyberArk Core Privileged Access Security Solution and Rapid7 InsightIDR

Integration Benefits

  • Bring together all of your data—including privileged access actions—for easy compliance and audit.
  • Investigate risky behavior with the combined context of the CyberArk Core Privileged Access Security Solution and Rapid7 User Behavior Analytics.
  • Create custom alerts and dashboard highlighting privileged access in Enterprise Password Vault.

Whether it be spearphishing or credential theft, preventing every cyber attack is simply impossible. Detecting an attack is nearly as challenging, but early detection is essential to any organization’s security.

"The time from the attacker’s first action in an event chain to the initial compromise is typically measured in minutes. Conversely, the time to discovery is more likely to be months.” - 2019 Verizon Data Breach Investigations Report.

Rapid7’s cloud SIEM, InsightIDR, along with the CyberArk Core Privileged Access Security Solution, provides visibility, protection, and automated workflows to help any organization detect and take action against attacks on its users and administrators. The combined solutions also make life easier for the Security Operations Center: Critical alerts and behavior are prioritized by risk and leverage data across your modern network: on-premises, remote workers, SaaS, and IaaS.

How It Works

Rapid7 InsightIDR is deployed as SaaS and centralizes data from your network, endpoints, cloud hosting, and cloud applications. Security analytics and case management helps your team detect and respond to common and targeted threats.

The CyberArk Core Privileged Access Security Solution provides continuous insight into privileged activities occurring across the network. Any generated alerts and logs can feed into InsightIDR for search, reporting, and other custom use-cases that are specific to your business needs. If an admin or employee user account is determined to be compromised, the user account can be disabled or reset from within InsightIDR investigations. Additionally, if a privileged activity generates a risk score above a certain threshold, CyberArk can mitigate risk by automatically - onboarding unmanaged accounts, rotating credentials, or terminating or suspending potentially malicious sessions.

Figure 1: CyberArk data on privileged access presented as visual dashboard cards in InsightIDR. |

Overview of the Integration Process

Step 1: Configure CyberArk Vault and threat analytics engine to send events and alerts to Rapid7 InsightIDR.
Step 2: From InsightIDR, set up a new custom event source for the incoming CyberArk data.
Step 3: Verify that CyberArk data is flowing into InsightIDR in Data Collection and Log Search.
Step 4: Use InsightIDR to search, visualize, and report on privileged account activities.

Note: Rapid7 Professional Services can be engaged to help set up this integration.

CyberArk audit logs and alerts can be forwarded to InsightIDR for a centralized detection and investigation experience. InsightIDR automatically structures this data and makes it easy to search, visualize, and build custom alerts for your organization’s privileged access activity.

What You Need

  • Rapid7 InsightIDR Cloud SIEM
  • CyberArk Enterprise Password Vault (EPV) 9.95+
  • CyberArk Privileged Threat Analytics (PTA) 3.6+

Integration Overview

Download this integration overview

Download Now

Free 30-Day Trial

Take this integration for a spin and experience the full functionality of InsightIDR for 30 days.

Explore InsightIDR

Need help with an integration?

Please contact Rapid7 for support or assistance at +1.866.380.8113, or view all of our support options.

Get Support

Try InsightIDR!

Try InsightIDR

No credit card required. All fields are mandatory.



    Sorry your request cannot be completed at this time. Please reach out to sales at +1-866-7RAPID7 or at sales@rapid7.com.
    View system requirements.