Skip to main content

CyberArk Endpoint Privilege Manager

Endpoint Privilege Manager helps remove local admin rights while improving user experience and optimizing IT operations.

Overview

The CyberArk Endpoint Privilege Manager (EPM) integration with Cortex (XSOAR and XSIAM) enhances security operations by providing SOC teams with enriched context around security incidents related to identities. EPM helps organizations reduce the risk of endpoint attacks by removing local administrator rights and enforcing least privilege policies. It provides application control and privilege management to prevent malware and ransomware attacks, while enabling end-users to perform their tasks without interruption.

What does this pack do?

This new pack enables you with correlation rules for all detections fetched from EPM to XSIAM, mapping them to MITRE ATT&CK techniques and generate alerts. Additionally, it provides EPM commands for XSOAR and XSIAM, allowing you to build integrations using these connectors. You can execute these commands from the Cortex XSIAM Alerts War Room as part of an automation, or in a playbook.

PUBLISHER

PLATFORMS

Cortex XSIAM

INFO

CertificationRead more
Supported ByCortex
CreatedMay 6, 2024
Last ReleaseNovember 21, 2024
WORKS WITH THE FOLLOWING INTEGRATIONS:
DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.