Findings
Generator
Configuration
Lucidum Reverse
Architecture
Statistics
← All Findings
Vendor:
CyberArk Endpoint Privilege Manager
FIN-763
Weight:
5
4
3
2
1
Confidence:
High
Medium
Low
Edited:
2026-03-27 16:10
Not Verified
What It Detects
Identifies CyberArk EPM-managed endpoints where no user identity (Source User Name) has been reported. Without a mapped user identity, EPM cannot enforce user-based privilege policies, track who is requesting elevation, or correlate endpoint activity to a specific user. This creates a blind spot in least-privilege enforcement and accountability.
MITRE ATT&CK Techniques
Comma-separated, e.g. T1078, T1190
Checks
read-only
Field
Operator
Value
Connectors
equals
CyberArk
Source User Name
is_empty
Remediation
×
×
×
×
+ Add item
Why It Matters
×
×
×
+ Add item
Save Changes
Export Lucidum