Analytics
In the situation of excess endpoint audit event generation (as determined by the policy configuration), which is deemed likely to have a severe impact on overall performance and availability of the EPM console, BeyondTrust will take measures to ensure ongoing availability and functionality of the EPM console.
An EPM SaaS instance is capable of supporting event ingestion at the rate of approximately 720,000 events per hour, or 17.28m per day. Beyond this, if server performance is degraded, we may refuse events to enforce a maximum event queue size on the instance of 5GB. Those events are queued on each endpoint, up to a maximum of 25,000 queued events. Events generated beyond 25,000 are lost permanently.
To minimize the potential of queued and/or lost events, event generation should be configured in policy to be within the range outlined above. Analytics in the EPM Windows and Mac SaaS console will be able to provide you with event generation insight.
Should BeyondTrust need to take further non-automated action to maintain server availability and stability, a support ticket will be raised on your behalf, and a representative from our Support organization will reach out to make you aware of the situation and to work with you to make any recommended policy changes, if required.
Overview
The following views are available:
- Events: Shows all activity from Endpoint Privilege Management that you have chosen to log to EPM.
- Applications: An application is a grouping of events with the same application type. On this tab, see how different applications are used and controlled across all your machines, by all your users in a single row of data.
- Users: Shows user logon information.
A standard user requires delegated access to this page. For more information, see About user roles and resources.
Applications data
The following application types are shown in the Applications tab. From here you can easily make policy amendments, using our recommended matching criteria for applications.
Applications are aggregated using the most appropriate criteria for each application type as shown below.
Windows application types
Application Type | Aggregation Criteria |
---|---|
Executable (exe) |
|
COM Class (com) |
|
Installer Package (msi) |
|
Uninstaller (unin/unex) |
|
Store App (appx) |
|
Windows Service (svc) |
|
Control Panel Applet (cpl) |
|
Management Console (msc) |
|
macOS application types
Application Type | Aggregation Criteria |
---|---|
Binary (bin) |
|
Bundle (bund) |
|
Package (pkg) | |
System Preference Pane (pref) |