Manage PTA Server

This topic describes required and recommended server maintenance and all PTA utilities.

PTA server maintenance

The maintenance of the PTA server, including security patches, must be performed by the customer and must follow CyberArk security guidelines. For details, see Security.

The PTA installation package includes only core third-party dependencies, which are only updated by CyberArk. Security patches for OS or other third-party packages, includingPTA prerequisites, must be part of the general maintenance activities performed by the customer.

You can use Yum to keep the PTA server current with the latest software updates.

We recommend that you update the server using a local mirror server and not with the default system update service.

  • As part of the installation, PTA applies some security configurations on the server according to security best practices, like blocking unnecessary traffic by default. To enable system updates, configure the iptables service to allow outgoing traffic to the update server.

  • You should not install or update any of the PTA core third-party dependencies. Changing the version of a core third-party dependency can cause problems in the PTA server:

    • activemq

    • tomcat
    • mongodb
    • mongodb_exporter
    • monit
    • node_exporter
    • prometheus
    • pushgateway
    • java

PTA utilities

PTA provides utilities that can assist you when configuring the system and when changing the configuration.

To run these utilities, at the command line, run the UTILITYDIR alias to open the /opt/tomcat/utility/ folder containing the utilities.


The,, and utilities are found in the /opt/pta/utility/ folder.



Configure authorized hosts

See Configure PTA Server for Authorized Hosts

Configure domain mapping of the FQDN and Netbios names

See Manage domain mapping

Configure the date, time zone, and an NTP Server

See Configure PTA Server date and time

View the Domain Controller List and manage the Cache

See Domain Controllers – View the List and Manage the Cache

Configure email notifications

See Send PTA Alerts to Email

Collect data from PTA

See Collect and Export Data from PTA

Collect and encrypt data from PTA

Add domain coverage for Golden Ticket Detection

See Configure PTA for Golden Ticket Detection

Specify the network configuration

See Configure the PTA Server network

Add Network Sensor coverage

See Configure PTA for Network Sensor or PTA Windows Agent coverage

Count how many objects exist for a specified period

Reload data from the Vault

See Reload Vault Data

Initiate a password reset process

See Reset your Password

Initiate a password reset process for the monitor user

See Reset your Password

Configure the Vault connection

See Configure the Vault and PVWA connection

For each component, set the target log level retrieved as info, debug, or trace. Info is the default level for each component log


By default, every change restarts the affected component. To disable the restart, add -norestart.

Easily use PTA common commands

See Shortcuts for Common Commands

Import PTA data, configuration and settings from the existing PTA machine to a new machine

See Import PTA to a New Machine

Validate and, if necessary, fix Vault permissions and create the relevant accounts

See Vault permissions validation


Configure the bind account to enable privileged users discovery in AWS and Azure

Run the PTA Management Utility

The PTA utility enables you to manage PTA. It is used for the following purposes:

Uploading data to the database
Creating the baselines for different algorithms
Administrating the application