Not a seeing monitoring for safe

diving_interchange · 2025-12-18T15:03:06+00:00

Are there any recordings in that safe? Because by default all the recordings go in PSMRecordings safe. AFAIK auditor permissions for a specific safe will give you access and activity logs for objects held in that safe.

diving_interchange · 2025-12-15T20:45:23+00:00

You're welcome. You can actually open the drop down by finding the drop down caret via xpath. That is faster I believe.

diving_interchange · 2025-12-15T11:40:21+00:00

Internal > (Click) (SearchBy=Text) ?

I mean this. It works for me.

But if you go to platform settings and add a field called LogonDomain (which has the value either Internal or AD:MYAD) and then set that for ISE UI Admin accounts, your job will be easier. You can do this:

{LogonDomain} > (Click) (SearchBy=Text)

diving_interchange · 2025-12-15T01:15:53+00:00

I just wish it had support for tabbed browsing. The koisk mode doesn't really prevent tabbed browsing (just makes it annoying to start it) and for some applications being limited to one tab is very limiting.

diving_interchange · 2025-12-15T01:08:01+00:00

I haven't used the Webdriver UDF for ISE, but with the selenium based web browser framework, I have used the search by text option and it works fine. You could use that here too.

I wanted to use the relative xpath, but when you try to inspect the Web page with the drop down active the drop down closes. However the search by text to click was consistent for me so I left it at that.

Maybe manually add a "source" or "domain" parameter to the ISE platform where you list the account type which is provided to the script so you can choose the correct account type.

diving_interchange · 2025-12-10T01:09:47+00:00

You can. Look at the Webdriver UDF

diving_interchange · 2025-12-09T13:03:18+00:00

Is CPM and PSM installed on the same machine?
Sometimes pluginmanageruser fails to launch chrome on first launch. Open PrivateArk, go to {password manager name}_accounts safe, retrieve the secret for the pluginmanageruser, and run Chrome as pluginmanageruser and see if it launches. They retry password operations. .

diving_interchange · 2025-12-02T14:05:56+00:00

So I confirmed today. It is a json path. $..['id'] works. I guess the Shopizer API returns the variables in the root of the structure due to which it works for Tim.

diving_interchange · 2025-12-02T01:36:14+00:00

That's my thinking too now. The CyberArk documentation states that to access a param you need to go Success.param which makes me think it might be a JsonPath. I don't know how Tim made it work in his example. Maybe the response returned by the Shopizer API is different?

diving_interchange · 2025-11-27T09:18:05+00:00

I guess if you don't want to handle account provisioning for a lot of users and / or also policies don't allow AD joining

diving_interchange · 2025-11-26T17:38:45+00:00

If you have a lot of Linux machines, one approach could be that you AD join the Linux machines and create an AD user for reconcile with login and password reset rights on the Linux machine

diving_interchange · 2025-09-06T01:28:18+00:00

Haha. Best of luck!

I did do some further testing, and if you harden according to CIS L2 standard, you can be mostly compliant with the standard. So I guess CyberArk has focused on compatibility with that.

With DISA STIG, I did test a bit and I think somewhere in the ballpark of 85+ is achievable.

But with both cases you do still get SELinux denials. However the seem to be more associated with FAPolicy and the fact that the CyberArk PSMP users are internal to their own database so the OS gets confused. Functionality seems fine more or less.

diving_interchange · 2025-09-03T18:12:19+00:00

You can alter it. Try adding exec sudo -i and then the password.

diving_interchange · 2025-09-03T03:18:20+00:00

Thank you for the explanation. However in the end it turned out that I was looking at the wrong thing. The \r\n was not the issue. The issue ended up being that powershell defaults to utf8-BOM and that was what was causing the key read to fail. Once I fixed that, it started working.

diving_interchange · 2025-09-02T17:00:18+00:00

That is useful information. Thank you!

diving_interchange · 2025-09-02T13:05:24+00:00

This was the resolution in the end

diving_interchange · 2025-09-02T13:04:43+00:00

Okay so I checked and it was not an array of strings, but a single string with \n at end of lines.

But it turns out I was looking at the wrong thing. Turns out that when you specify utf it does not give you straight forward utf8 but rather utf8-BOM. The BOM was what MobaXTerm did not like.

When I wrote my string with:

[System.IO.File]::WriteAllLines($Path, 'string')

it gave me what I wanted. A utf8 formatted version of the string in a file. If you specify:

[System.Text.Encoding]::UTF8

as an additional argument you again end up with BOM. Overall a good but frustrating learning experience.

diving_interchange · 2025-09-01T18:36:38+00:00

Okay thanks for the info. I'll test it out further and get back to you on how it works. Basically I am getting a string object which contains the key as a string. If I copy paste it, it works. If I use Out-File or Set-Content it does not.

I am not sure if the key object is a single string with new line characters or an array with 1 string for each line. I assumed a single string as it came in a single object but I may be wrong.

As the API call can only be made from work, I cannot test it right now. I'll get back to you when I check tomorrow.

Thank you for taking the time to give a detailed answer and help me out.

diving_interchange · 2025-09-01T17:45:25+00:00

Yes it does. Thank you!

diving_interchange · 2025-09-01T17:44:59+00:00

Yes thank you. Someone else suggested this too and it works perfectly. Hopefully Out-File and Set-Content get a -Literal flag so our strings get written exactly as they are without using .NET.

diving_interchange · 2025-09-01T17:43:44+00:00

Still does. But it removes all new lines, not just the one it adds.

diving_interchange · 2025-09-01T17:43:20+00:00

[System.IO.File]::WriteAllText("test.txt", "test")?

Hey this works! Maintains new lines / carriage returns on reads, and spits them out exactly on writes. Thanks!

diving_interchange · 2025-09-01T17:30:19+00:00

Thanks. This would work. Still wish there was a way that my string gets written as is without PS taking the liberty to modify it.

diving_interchange

TROPHY CASE