[cyberark_epm] Initial release of CyberArk EPM

[brijesh-elastic]

Proposed commit message

Create new integration package cyberark_epm.

• Added raw_event, policyaudit_raw_event, aggregated_event, policyaudit_aggregated_event, admin_audit data streams.
• Added data collection logic for all the data stream.
• Added the ingest pipeline for all the data stream.
• Mapped fields according to the ECS schema and added Fields metadata in the appropriate yml files.
• Added dashboard and visualizations.
• Added pipeline test for all the data stream.
• Added system test cases for all the data stream.

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.

How to test this PR locally

• Clone integrations repo.
• Install elastic package locally.
• Start elastic stack using elastic-package.
• Move to integrations/packages/cyberark_epm directory.
• Run the following command to run tests.

elastic-package test

Run pipeline tests for the package
--- Test results for package: cyberark_epm - START ---
╭──────────────┬──────────────────────────────┬───────────┬──────────────────────────────────────────────────────────────────┬────────┬──────────────╮
│ PACKAGE      │ DATA STREAM                  │ TEST TYPE │ TEST NAME                                                        │ RESULT │ TIME ELAPSED │
├──────────────┼──────────────────────────────┼───────────┼──────────────────────────────────────────────────────────────────┼────────┼──────────────┤
│ cyberark_epm │ admin_audit                  │ pipeline  │ (ingest pipeline warnings test-admin-audit.log)                  │ PASS   │ 373.485081ms │
│ cyberark_epm │ admin_audit                  │ pipeline  │ test-admin-audit.log                                             │ PASS   │ 370.141027ms │
│ cyberark_epm │ aggregated_event             │ pipeline  │ (ingest pipeline warnings test-aggregated-event.log)             │ PASS   │ 348.158628ms │
│ cyberark_epm │ aggregated_event             │ pipeline  │ test-aggregated-event.log                                        │ PASS   │ 158.593808ms │
│ cyberark_epm │ policyaudit_aggregated_event │ pipeline  │ (ingest pipeline warnings test-policyaudit-aggregated-event.log) │ PASS   │  367.69165ms │
│ cyberark_epm │ policyaudit_aggregated_event │ pipeline  │ test-policyaudit-aggregated-event.log                            │ PASS   │ 151.219228ms │
│ cyberark_epm │ policyaudit_raw_event        │ pipeline  │ (ingest pipeline warnings test-policyaudit-raw-event.log)        │ PASS   │ 356.983904ms │
│ cyberark_epm │ policyaudit_raw_event        │ pipeline  │ test-policyaudit-raw-event.log                                   │ PASS   │ 289.167912ms │
│ cyberark_epm │ raw_event                    │ pipeline  │ (ingest pipeline warnings test-raw-event.log)                    │ PASS   │ 386.064945ms │
│ cyberark_epm │ raw_event                    │ pipeline  │ test-raw-event.log                                               │ PASS   │ 398.094142ms │
╰──────────────┴──────────────────────────────┴───────────┴──────────────────────────────────────────────────────────────────┴────────┴──────────────╯
--- Test results for package: cyberark_epm - END   ---
Done
--- Test results for package: cyberark_epm - START ---
╭──────────────┬──────────────────────────────┬───────────┬───────────┬────────┬─────────────────╮
│ PACKAGE      │ DATA STREAM                  │ TEST TYPE │ TEST NAME │ RESULT │    TIME ELAPSED │
├──────────────┼──────────────────────────────┼───────────┼───────────┼────────┼─────────────────┤
│ cyberark_epm │ admin_audit                  │ system    │ default   │ PASS   │ 1m14.822078529s │
│ cyberark_epm │ aggregated_event             │ system    │ default   │ PASS   │   39.598617731s │
│ cyberark_epm │ policyaudit_aggregated_event │ system    │ default   │ PASS   │   37.719638227s │
│ cyberark_epm │ policyaudit_raw_event        │ system    │ default   │ PASS   │   39.685396146s │
│ cyberark_epm │ raw_event                    │ system    │ default   │ PASS   │   37.535405773s │
╰──────────────┴──────────────────────────────┴───────────┴───────────┴────────┴─────────────────╯
--- Test results for package: cyberark_epm - END   ---
Done
Run static tests for the package
--- Test results for package: cyberark_epm - START ---
╭──────────────┬──────────────────────────────┬───────────┬──────────────────────────┬────────┬──────────────╮
│ PACKAGE      │ DATA STREAM                  │ TEST TYPE │ TEST NAME                │ RESULT │ TIME ELAPSED │
├──────────────┼──────────────────────────────┼───────────┼──────────────────────────┼────────┼──────────────┤
│ cyberark_epm │ admin_audit                  │ static    │ Verify sample_event.json │ PASS   │ 158.696836ms │
│ cyberark_epm │ aggregated_event             │ static    │ Verify sample_event.json │ PASS   │ 153.751514ms │
│ cyberark_epm │ policyaudit_aggregated_event │ static    │ Verify sample_event.json │ PASS   │ 125.980695ms │
│ cyberark_epm │ policyaudit_raw_event        │ static    │ Verify sample_event.json │ PASS   │ 159.407462ms │
│ cyberark_epm │ raw_event                    │ static    │ Verify sample_event.json │ PASS   │ 158.827029ms │
╰──────────────┴──────────────────────────────┴───────────┴──────────────────────────┴────────┴──────────────╯
--- Test results for package: cyberark_epm - END   ---
Done
--- Test results for package: cyberark_epm - START ---
╭──────────────┬──────────────────────────────┬───────────┬────────────────────────────────────────────────────────────────────────────────┬────────┬──────────────╮
│ PACKAGE      │ DATA STREAM                  │ TEST TYPE │ TEST NAME                                                                      │ RESULT │ TIME ELAPSED │
├──────────────┼──────────────────────────────┼───────────┼────────────────────────────────────────────────────────────────────────────────┼────────┼──────────────┤
│ cyberark_epm │                              │ asset     │ dashboard cyberark_epm-235e1190-62b9-4d30-99d9-f6d640a5065f is loaded          │ PASS   │      1.297µs │
│ cyberark_epm │                              │ asset     │ dashboard cyberark_epm-503ef0b0-fbbb-458c-96a1-e6a5d9f5810a is loaded          │ PASS   │        296ns │
│ cyberark_epm │                              │ asset     │ dashboard cyberark_epm-b015df85-92b5-450a-91d4-4ff8bd9505f4 is loaded          │ PASS   │        286ns │
│ cyberark_epm │                              │ asset     │ search cyberark_epm-289b72be-f568-4132-a4ed-6d8a36c76b0f is loaded             │ PASS   │        352ns │
│ cyberark_epm │                              │ asset     │ search cyberark_epm-d203e565-1dba-4de2-801c-9158f90d4445 is loaded             │ PASS   │        298ns │
│ cyberark_epm │                              │ asset     │ search cyberark_epm-d459827d-4bc4-4ca8-85a2-7466fceff573 is loaded             │ PASS   │        276ns │
│ cyberark_epm │ admin_audit                  │ asset     │ index_template logs-cyberark_epm.admin_audit is loaded                         │ PASS   │        369ns │
│ cyberark_epm │ admin_audit                  │ asset     │ ingest_pipeline logs-cyberark_epm.admin_audit-0.1.0 is loaded                  │ PASS   │        238ns │
│ cyberark_epm │ aggregated_event             │ asset     │ index_template logs-cyberark_epm.aggregated_event is loaded                    │ PASS   │        528ns │
│ cyberark_epm │ aggregated_event             │ asset     │ ingest_pipeline logs-cyberark_epm.aggregated_event-0.1.0 is loaded             │ PASS   │        220ns │
│ cyberark_epm │ policyaudit_aggregated_event │ asset     │ index_template logs-cyberark_epm.policyaudit_aggregated_event is loaded        │ PASS   │        259ns │
│ cyberark_epm │ policyaudit_aggregated_event │ asset     │ ingest_pipeline logs-cyberark_epm.policyaudit_aggregated_event-0.1.0 is loaded │ PASS   │        182ns │
│ cyberark_epm │ policyaudit_raw_event        │ asset     │ index_template logs-cyberark_epm.policyaudit_raw_event is loaded               │ PASS   │        288ns │
│ cyberark_epm │ policyaudit_raw_event        │ asset     │ ingest_pipeline logs-cyberark_epm.policyaudit_raw_event-0.1.0 is loaded        │ PASS   │        155ns │
│ cyberark_epm │ raw_event                    │ asset     │ index_template logs-cyberark_epm.raw_event is loaded                           │ PASS   │        231ns │
│ cyberark_epm │ raw_event                    │ asset     │ ingest_pipeline logs-cyberark_epm.raw_event-0.1.0 is loaded                    │ PASS   │        201ns │
╰──────────────┴──────────────────────────────┴───────────┴────────────────────────────────────────────────────────────────────────────────┴────────┴──────────────╯
--- Test results for package: cyberark_epm - END   ---
Done

Related issues

• Closes [New integration] CyberArk EPM #11795

Screenshots

[elastic-vault-github-plugin-prod]

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

[elasticmachine]

💚 Build Succeeded

• Buildkite Build
• Commit: e987a8b

History

• 💚 Build #19797 succeeded 02b009d

[elastic-sonarqube]

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
93.7% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube