If PTA is integrated with a supported SIEM solution, which detection becomes available?
If PTA is integrated with a supported SIEM solution, which detection becomes available?
If PTA is integrated with a supported SIEM solution, it enables the detection of unmanaged privileged accounts. SIEM solutions can collect and analyze logs from various sources, including network devices, servers, and applications. This comprehensive visibility allows for the identification of accounts that have elevated privileges but are not managed or monitored, which is crucial for detecting potential security risks arising from such accounts.
https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/13.0/en/Content/PTA/What-Does-PTA-Detect.htm
I believe it is exposed credentials, Unmanaged Privileged accounts is supported through the Vault.
Unmanged privileged accounts is supported for both ( Vault and logs)
SIEM is required for Unmanaged privileged account and Suspected Credential Theft
Unmanaged privileged account : SIEM / Unix / AWS / Azure + Vault Exposed credentials : Network Sensor or PTA Windows Agent https://docs.cyberark.com/PAS/13.0/en/Content/PTA/What-Does-PTA-Detect.htm?searchString=&from=0&sortby=_score&orderBy=desc&pageNo=1&aggregations=%5B%5D&uid=0d99d231-d8b2-11ea-8f5c-0242ac120009&resultsPerPage=10&exactPhrase=&withOneOrMore=&withoutTheWords=&pageSize=10&language=en&state=1&suCaseCreate=false
A riskySPN is in case of AD