CyberArk Enterprise Password Vault (CyberArk Vault) is a third-party application, which enables you to centrally manage credentials for the various systems that are installed in your environment. BMC Discovery provides an integration with CyberArk Vault to obtain credentials that are required to perform scans.
The integration eliminates the need for performing duplicate tasks of using an external import or export mechanism to obtain the credentials that are stored in CyberArk Vault. The CyberArk Vault also enables you to employ the password management policies required for your organization.
CyberArk uses the term Vault to refer to the CyberArk server component, which holds information securely (All "Safes" reside in the Vault). This should not be confused with the BMC Discovery Vault.
See this video (4:40) for a demonstration of the integration between BMC Discovery and the CyberArk Vault.
The CyberArk AIM writes a number of log files, depending on the AIM provider version.
A fresh install of AIM provider versions 10.4 and earlier use the following log files:
A fresh install of the AIM provider version 10.5 and later only use the following log file:
If you upgrade the AIM provider from 10.4 and earlier to 10.5 and later, the AIM provider only writes messages to the
CreateEnv.log file. It does not delete the existing
Casos.Error.log files. To view the
CreateEnv.log from the command line, you must be logged in as the
Busy BMC Discovery systems take many credentials from the CyberArk Vault and as a result create many log file entries. In such systems, the default CyberArk log retention policies may allow the logs, which are stored on the BMC Discovery appliance, to become very large and fill up available disk space. You can prevent this happening by changing the following log retention settings to a shorter time than the default, for example, change them to seven days:
You can change these settings in the CyberArk Vault. See the CyberArk documentation for details on how to do this.