r/CyberARk

🚨 BREAKING news: CyberArk is officially rebranded as IDIRA® by Palo Alto Networks — announced live on stage today!
The future of cybersecurity just got a name. 🔐

#IDIRA #CyberArk #PaloAltoNetworks #IdentitySecurity #Cybersecurity #ZeroTrust #PANW #BreakingNews

My customer needs to retain activity audit logs for up to 8 years in accordance with MCA guidelines.

I would like to understand whether configuring this from Master Policy → Audit → Audit Activity Retention Period is sufficient. Additionally, what storage capacity should be allocated for the Vault server to support this retention period?

Please advise.

Does anyone else feel unsupported by their account manager and/or support?

Our ISPSS tenant was misconfigured and I was seeing another clients tenant. Apparently fixed, but cant remove their Identity Connectors, so I'm thinking it's not as "fixed" as they say. It's not good.

Then there's licence issues for EPM. We just tipped over our count, so I did a massive cull of disconnected endpoints. Now when they come back online they only appear in the "My Computers" view. Not under Endpoints. Being told to wait for sync is tedious and unhelpful. How many hours/days should it take?!

I want to like the product, I really, really do, but when it goes wrong it's so hard to resolve.

I can't be the only one, surely?!

View Poll

Hi everyone,

I’m fairly new to CyberArk, and we recently got a test instance of CyberArk Privilege Cloud. I’m trying to figure out which components I should focus on and get more hands-on experience with first.

So far, I’ve done an end-to-end setup of CPM and Secure Infrastructure Access (SIA), but I’m wondering if it’s worth spending time doing a hands-on PSM installation as well.

I know I can’t learn everything at once, so I’d like to prioritize the areas that will give me the most practical experience. Any suggestions on where I should focus?

The certificates for the Vault, PTA, and PVWA are expiring soon.

For the PVWA, we are already using the certificate provided by the load balancer, so there is no issues there (same certificate currently used by the PSM too).

1. The Vault certificate is going to expire. What would be the impact if we do not renew it? Also, is it really necessary to restart the PrivateArk service on the Vault after replacing the certificate? In addition, can we use the same certificate provided by the load balancer, similar to the certificates used for the PVWA and PSM? Must be  signed by a certificate authority or is it ok to use default self-signed certificate?
2. The PTA is currently not in use, and we would like to understand the impact of not renewing its certificate. Would it also be acceptable to use the same certificate provided by the load balancer? Must be  signed by a certificate authority or is it ok to use default self-signed certificate?
3. Is there any specific documentation available on how to replace certificates for the different CyberArk components, specifically the Vault and PTA?

Thank you

Been doing CyberArk for 10 years, last few doing independent health checks on the side. Sharing the pricing mistakes that actually cost me money, in case it helps anyone here thinking of going independent.

1. Charged hourly the first time. Finished in 9 days what I'd quoted as "around 2 weeks". Made half of what the work was worth. Go fixed-fee.
2. Quoted without scoping. "We have CyberArk, can you review it?" turned into a Vault cluster + 4 CPMs + a PSM farm + Conjur. Now I do a 30 min scoping call before any number leaves my mouth.
3. Bundled remediation into the health check. Once you find 40 issues in a fixed-fee report, guess who fixes them for free. Two engagements, always.
4. Underpriced because "it's just a review". The report is what lands them their next big remediation project. Started at 3k, my floor now is 12k.
5. Did a free "quick look" before quoting. Wasted 4 hours, client ghosted. Paid scoping or nothing.
6. Wrote the report too technical. 60 pages of CPM error codes. CISO didn't read past page 2. Now: 1-page exec summary up front, technical stuff in appendices.
7. Treated the exec readout as "included". That 1h call is where the follow-on work gets sold. Charge for it.
8. No scope-creep clause. "While you're at it..." used to mean free work. Now every SoW has an out-of-scope list and a CR rate.
9. Quoted in the same call. Said a number, it became the ceiling. Now: "I'll send a proposal in 48h." Every time.
10. Didn't follow up after delivery. ~70% of my follow-on work comes from a 30-day check-in email. People don't come back to you on their own.

Wrote all this up properly (frameworks, templates, the actual SoW I use) as a playbook. Not going to drop a link, DM me or check my profile if you want it.

What would you add?

The only source I used to prep for the exam was the PAM CDE Recertification practice exam from examtopics.com.

While we wait for official branding materials let’s speculate what it could be IDIRA Defender vs idirian defender vs paloalto defender vs defender by paloalto or something else (insert your version )

its on my iphone 14max pro and seems sus its not a https link can anyone help ? http://support.apple.com/kb/HT5012 this is the link that comes up when on long oress on the trusted certificates, they are 202602500 and 1013