Analytics

 

In the situation of excess endpoint audit event generation (as determined by the policy configuration), which is deemed likely to have a severe impact on overall performance and availability of the EPM console, BeyondTrust will take measures to ensure ongoing availability and functionality of the EPM console.

An EPM SaaS instance is capable of supporting event ingestion at the rate of approximately 720,000 events per hour, or 17.28m per day. Beyond this, if server performance is degraded, we may refuse events to enforce a maximum event queue size on the instance of 5GB. Those events are queued on each endpoint, up to a maximum of 25,000 queued events. Events generated beyond 25,000 are lost permanently.

To minimize the potential of queued and/or lost events, event generation should be configured in policy to be within the range outlined above. Analytics in the EPM Windows and Mac SaaS console will be able to provide you with event generation insight.

Should BeyondTrust need to take further non-automated action to maintain server availability and stability, a support ticket will be raised on your behalf, and a representative from our Support organization will reach out to make you aware of the situation and to work with you to make any recommended policy changes, if required.

Overview

The following views are available:

  • Events: Shows all activity from Endpoint Privilege Management that you have chosen to log to EPM.
  • Applications: An application is a grouping of events with the same application type. On this tab, see how different applications are used and controlled across all your machines, by all your users in a single row of data.
  • Users: Shows user logon information.

A standard user requires delegated access to this page. For more information, see About user roles and resources.

Applications data

The following application types are shown in the Applications tab. From here you can easily make policy amendments, using our recommended matching criteria for applications.

Applications are aggregated using the most appropriate criteria for each application type as shown below.

Windows application types

Application Type Aggregation Criteria

Executable (exe)
  • Application name
  • Application description
  • Publisher
  • Admin required
COM Class (com)
  • CLSID
  • COM Display Name
  • Publisher
  • Admin required
Installer Package (msi)
  • Application description
  • Upgrade code
  • Publisher
  • Admin Required
Uninstaller (unin/unex)
  • App Description
  • Product Name
  • Publisher
  • Admin Required
Store App (appx)
  • Publisher
  • Admin Required
  • Store App Name
Windows Service (svc)
  • Service Display Name
  • Service Action
  • Publisher
  • Admin Required
Control Panel Applet (cpl)
  • Publisher
  • Admin Required
  • App Description
Management Console (msc)
  • Publisher
  • Admin Required
  • File Path

macOS application types

Application Type Aggregation Criteria
Binary (bin)
  • Publisher
  • Authorization Required
  • File Path
Bundle (bund)
  • Publisher
  • Authorization Required
  • Application Name
  • Application Description
Package (pkg)
System Preference Pane (pref)