Assess threats

This topic describes the Threat Intelligence module, which allows you to use CyberArk's own risk analysis service or third-party services to check whether specific applications constitute a threat to your system's security.


This is only applicable for Windows endpoints.


CyberArk Application Risk Analysis Service (ARA) automatically uncovers sophisticated APTs (Advanced Persistent Threats), zero-day attacks, and targeted threats.


CyberArk ARA is enabled by default.

Integrated third-party applications

The following third-party applications are used in conjunction with EPM to detect potential security threats:




Checks the Application checksum by using the large (> 3GB) database of the US Department of Homeland Security’s National Software Reference Library (NSRL).


This is enabled by default.

Palo Alto WildFire

Palo Alto’s mechanism for identifying and protecting enterprises from unknown malware.

Check Point ThreatCloud Emulation Service

Analyzes files in a sandbox environment, removes any exploitable elements such as macros and embedded objects, and produces a report about the file contents including details of potential malicious behavior.


A free service that uses more than 50 antivirus engines on the VirusTotal web service to analyze suspicious files and URLs. Using VirusTotal facilitates the quick detection of viruses, worms, Trojans, and various kinds of malware.

Click VirusTotal to open a full report in

Check an application for a potential security threat

You can check applications for potential security threats in the Events Management, Application Catalog, and Policy Audit.

  1. In the row of the application to manage, click the More actions (...) button and select Threat Intelligence.

  2. Select the threat intelligence service to run for the selected application. Depending on the application you selected, either a pop-up appears and displays the results or EPM opens a full report in a browser for a third party site.

  3. Click Check again if you want to see if there have been any updates since you last performed a check.

  4. Click Full Report to view a detailed report of any detected threats.


As a means of verification, you can perform an additional check using a different third-party threat intelligence application.