CyberArk Log Parser major update for user related Meta's

Summary

Historically, certain fields in CyberArk logs have been parsed inversely, causing confusion regarding the user's actions related to source and destination information.

The latest update to the CyberArk parser now accurately maps the following fields to the correct source and destination users.

Affected Versions

12.2 or above.

Impact

Rules, and Reports based on user.dst and user.src meta’s may be affected due to this update.

Workaround

If you prefer not to implement this new change immediately, NetWitness recommends you retain a copy of the parser within your Log Decoder. NetWitness suggests using this copy as a custom parser alongside our live CyberArk parser, which has been updated with the latest changes.