Findings
Generator
Configuration
Lucidum Reverse
Architecture
Statistics
← All Findings
Vendor:
CyberArk Endpoint Privilege Manager
FIN-787
Weight:
5
4
3
2
1
Confidence:
High
Medium
Low
Edited:
2026-03-27 16:18
Not Verified
What It Detects
Endpoint has a disconnected CyberArk EPM agent and no associated user identity. This combination makes incident response extremely difficult: the agent is not reporting (no real-time visibility), and there is no user attribution to determine who last accessed or may currently be using the system. If this endpoint is compromised, there is no EPM telemetry and no user context to trace activity. The endpoint exists in a forensic blind spot across both protection and identity dimensions.
MITRE ATT&CK Techniques
Comma-separated, e.g. T1078, T1190
Checks
read-only
Field
Operator
Value
Connectors
equals
CyberArk
Status
equals
Disconnected
Source User Name
is_empty
Remediation
×
×
×
×
+ Add item
Why It Matters
+ Add item
Save Changes
Export Lucidum