Findings
Generator
Configuration
Lucidum Reverse
Architecture
Statistics
← All Findings
Vendor:
CyberArk Endpoint Privilege Manager
FIN-786
Weight:
5
4
3
2
1
Confidence:
High
Medium
Low
Edited:
2026-03-27 16:18
Not Verified
What It Detects
Endpoint has not reported to CyberArk EPM in over 90 days but still maintains active management group membership. This phantom group member inflates policy coverage metrics, consumes group license allocations, and may mask real coverage gaps. If the endpoint is decommissioned but not removed from groups, its stale group membership creates false confidence in EPM deployment breadth. If the endpoint returns to the network, it may receive outdated policies from its group assignment.
MITRE ATT&CK Techniques
Comma-separated, e.g. T1078, T1190
Checks
read-only
Field
Operator
Value
Connectors
equals
CyberArk
Last Time Seen
older_than_days
90
Asset Groups
not_empty
Remediation
×
×
×
×
+ Add item
Why It Matters
+ Add item
Save Changes
Export Lucidum