EPM Analytics (Deprecated)

Deprecation Notice

Starting in version 23.9, the Analytics v2 toggle will no longer be available for new customer instances.

The toggle will remain for existing customer instances until a future release. Existing customers can continue to use both Analytics v1 and v2.

Check Out Analytics v2

With the fully functional next-generation analytics tool available soon, we'd like to get you familiar with the features it has to offer. Here's some of the benefits this new analytics will bring you and your organization:

  • Define what analytics data each of your Endpoint Privilege Management users have access to at the computer group level with; Role based access to analytics data, via the analyze groups role
  • A streamlined path to turn application insights into actionable policy updates that keep your organization protected with Add to policy straight from the Applications tab.
  • Saved views: Create your own favorite views of events and applications which you can return to with ease; see our Favorite Filters section.
  • When we transition away from existing analytics, you'll get greater scalability and performance to match the needs of large, dynamic organizations.

 

In the situation of excess endpoint audit event generation (as determined by the policy configuration), which is deemed likely to have a severe impact on overall performance and availability of the EPM console, BeyondTrust will take measures to ensure ongoing availability and functionality of the EPM console.

The solution will be in the form of a temporary process by which all passive events (Event Type 106) will be sent to Analytics v2 (see https://www.beyondtrust.com/docs/privilege-management/console/pm-cloud/analytics/index.htm) and not to our legacy reporting solution, sometimes referred to as PMR. This means that PMR will not include any passive events, and to view them, a user must enable the Analytics v2 toggle available in the UI where all event types, including passive, will be available.

This ensures that the EPM console remains available for policy editing, so that an updated policy can be made available to endpoints. Should auditing levels decrease to a level where this configuration is no longer required, a customer may request, via BeyondTrust Technical Support, to have passive events resume being sent to the legacy PMR reporting interface.

Should BeyondTrust need to take the action described, a support ticket will be automatically raised on your behalf, and a representative from our Support organization will reach out to make you aware of the situation and to work with you to make any recommended policy changes, if required.

A standard user requires delegated access to the Analytics page. For more information, see Review EPM Roles.

Overview

Analytics provides detailed activity information for computers in your EPM environment. Areas covered include:

  • Summary of data collected
  • Events
  • Discovery
  • Actions
  • Target types
  • Users

Analytics page image

The Analytics UI offers an interactive experience. View high-level data points or drill down to see more detail.

  • Bar charts and graphs provide a big picture view of the data. You can drill down on a particular data point to see more detail.
  • Filters help to refine the scope of data displayed when you want to focus in on certain data points.
  • Links on certain data points that lead to additional event detail.

Event Data Caching

Event data is cached to reduce load times. The data is cached only for the following reports: Events > All, Events > Process Detail, Target Types and Discovery reports.

The expiry of the cache depends on the Time Range filter set for the report:

  • 24 hours is live
  • 7 days expires after 1 hour
  • 30 days or higher expires after 24 hours