Integrate CyberArk Credential Provider with Google SecOps

This document explains how to integrate CyberArk Credential Provider with Google Security Operations (Google SecOps).

Integration version: 1.0

Before you begin

To configure this integration, you must install the CyberArk Credential Provider on a Linux host.

Before you configure the CyberArk Credential Provider integration for Google SecOps, complete the following prerequisites:

  • Install the CyberArk Credential Provider on a Linux host.

  • If you're using a Docker container for the Google SecOps remote agent:

    • Configure the Docker container.

    • Generate an SSH key to securely communicate with the host.

Integration parameters

The CyberArk Credential Provider integration requires the following parameters:

                                                                                 
ParameterDescription
Path to clipasswordsdk

Required.

The full path to the CLI Application Password SDK.

The default value is /opt/CARKaim/sdk/clipasswordsdk.

Username for Credential Provider for Linux

Required.

The username for the remote agent to authenticate when deployed in a Docker container.

The default value is secopssuser.

Docker Gateway IP Address

Required.

The IP address of the Docker gateway.

The default value is 172.17.0.1.

RSA Public Key

Required.

The public key of the host machine, used to verify the server's identity and secure the connection.

SSH Private Key Path

Optional.

The full path to the SSH private key.

This is the recommended method for authentication, and if chosen, this parameter is required.

Password for Credential Provider for Linux

Optional.

The password for the remote agent to authenticate when deployed in a Docker container.

For instructions about how to configure an integration in Google SecOps, see Configure integrations.

You can make changes at a later stage, if needed. After you configure an integration instance, you can use it in playbooks. For more information about how to configure and support multiple instances, see Supporting multiple instances.

Actions

For more information about actions, see Respond to pending actions from Your Workdesk and Perform a manual action.

Ping

Use the Ping action to test the connectivity to Credential Provider.

This action doesn't run on Google SecOps entities.

Action inputs

None.

Action outputs

The Ping action provides the following outputs:

                                                                                                                                                       
Action output typeAvailability
Case wall attachmentNot available
Case wall linkNot available
Case wall tableNot available
Enrichment tableNot available
JSON resultNot available
Output messagesAvailable
Script resultAvailable
Output messages

The Ping action can return the following output messages:

                                                                   
Output messageMessage description

Successfully connected to the CyberArk Credential Provider with the provided connection parameters!

The action succeeded.
Failed to connect to the CyberArk Credential Provider! Error is ERROR_REASON

The action failed.

Check the connection to the server, input parameters, or credentials.
Script result

The following table lists the value for the script result output when using the Ping action:

                                               
Script result nameValue
is_successTrue or False

Get Application Password Value

Use the Get Application Password Value action to retrieve the application password value from CyberArk Credential Provider.

This action doesn't run on Google SecOps entities.

Action inputs

The Get Application Password Value action requires the following parameters:

                                                                     
ParameterDescription
Application

Required.

The application ID from which to retrieve the password value.

Safe Name

Required.

The name of the Safe from which to retrieve the password.

Folder Name

Required.

The name of the folder from which to retrieve the password.

Object Name

Required.

The name of the object from which to retrieve the password.

Output

Required.

A comma-separated list of output fields to specify the data to retrieve.

The default value is Password.

Action outputs

The Get Application Password Value action provides the following outputs:

                                                                                                                                                       
Action output typeAvailability
Case wall attachmentNot available
Case wall linkNot available
Case wall tableNot available
Enrichment tableNot available
JSON resultAvailable
Output messagesAvailable
Script resultAvailable
JSON result

The following example shows the JSON result output received when using the Get Application Password Value action:

{
    "result": "YYYY"
}
Output messages

The Get Application Password Value action can return the following output messages:

                                                                   
Output messageMessage description
Successfully fetched password value for the application ID APPLICATION_ID.

The password value for the application ID APPLICATION_ID was not found in the CyberArk Credential Provider.

The action succeeded.

Error executing action "Get Application Password Value": ERROR_REASON.

The action failed.

Check the connection to the server, input parameters, or credentials.
Script result

The following table lists the value for the script result output when using the Get Application Password Value action:

                                               
Script result nameValue
is_successTrue or False

Run CLI Application Password SDK Command

Use the Run CLI Application Password SDK Command action to run a command directly on the CyberArk Credential Provider using the CLI Application Password SDK parameter.

This action doesn't run on Google SecOps entities.

Action inputs

The Run CLI Application Password SDK Command action requires the following parameters:

                       
ParameterDescription
clipasswdsdk Command

Required.

The command for the CLI Application Password SDK to run.

Example: APPID=Application-Password-SDK user=admin safe=safe folder=folder object=object

Action outputs

The Run CLI Application Password SDK Command action provides the following outputs:

                                                                                                                                                         
Action output typeAvailability
Case wall attachmentNot available
Case wall linkNot available
Case wall tableNot available
Enrichment tableNot available
JSON resultAvailable
Output messagesAvailable
Script resultAvailable
JSON result

The following example shows the JSON result output received when using the Run CLI Application Password SDK Command action:

{
   "output_value": "COMMAND_OUTPUT"
}
Output messages

The Run CLI Application Password SDK Command action can return the following output messages:

                                                             
Output messageMessage description

Successfully executed the following CLI Application Password SDK command: COMMAND.

The action succeeded.
Error executing the following command: COMMAND.      

Error executing action "Run CLI Application Password SDK Command". Reason: ERROR_REASON.

The action failed.

Check the command syntax, the connection to the server, or credentials.
Script result

The following table lists the value for the script result output when using the Run CLI Application Password SDK Command action:

                                               
Script result nameValue
is_successTrue or False

Need more help? Get answers from Community members and Google SecOps professionals.