Manage Endpoint Privilege Management Events

You can view Endpoint Privilege Management events on the Endpoint Privilege Management Events page.

This feature is available only when an Endpoint Privilege Management license is detected.

View Events

You can view and download all events for monitored systems and you can select an event to view more details about that specific event.

  1. From the left menu in the BeyondInsight console, click Endpoint Privilege Management.
  2. By default, displayed events are filtered by the Discovery Scanners Smart Group. Select a Smart Group from the Smart Group filter to view events for that Smart Group.
  3. To further filter the displayed events, use the Create Date filter, or Filter by criteria.

Drop down showing options to view details, generate rule, or create exclusionYou can Vei create an Exclusion from an Endpoint Privilege Management Event.

  1. For additional details about an event, click the vertical ellipsis for the event, and then select View Details.

 

  1. A window opens displaying details related to Endpoint Privilege Management, the rule, and the application.
  2. Click the Download All button above the grid to download the events to a CSV file.

Depending on the configuration of your grid and selected columns, not all event details may be visible. To configure display preferences, and see other options for the grid display, please see Change and Set the Console Display and Preferences.

Create Exclusion or Generate Rule from Event

To create an exclusion or generate a rule from an event:

  1. Click the vertical ellipsis for the event.
  2. Select the appropriate exclusion or rule type to generate.

Exclusions can also be created from the Exclusions page. For more information, please see Exclude Endpoint Privilege Management Events.

Endpoint Privilege Management Account Rotation

Client Certificate

Although the current release supports it, this functionality requires an upcoming release of EPM.

The client certificate needed to configure EPM can be downloaded from the Password Safe Cloud web console. BeyondInsight configuration segments can be included in the EPM policy to enable policy management from one console and password policy from Password Safe Cloud.

The integration between Password Safe and Endpoint Privilege Management allows for agent-based local account rotation and privileged account retrieval to run as actions. This integration is enabled for cloud deployments of Password Safe and Privilege Management.

 

Download Client Certificate

To download the client certificate, go to Configuration > System > Client Certificate and click Download Client Certificate.