Event Reports in Privilege Management Console

This report shows information about the different types of events that have been raised over the specified time period. It also shows the time elapsed since a host raised an event.

Chart Description

Events over the last <time period>

A column chart showing the number of the different event types, broken down by the time period.

Clicking the chart takes you to the Events > All report with the Event Category, Range Start Time, and Range End Time filters applied.

Event Types

A chart showing how many events have been received, broken down by the event type.

Clicking the chart takes you to the Events > All report with the Event Number filter applied.

By Category

A chart breaking down the events received, split by category.

Clicking the chart takes you to the Events > All report with the Event Category filter applied.

Time since last endpoint event

A chart showing the number of endpoints in each time group since the last event category.

Clicking the chart takes you to more detailed information about the host.

Event Types

Privilege Management for Mac sends events to the local Application event log, depending on the audit and privilege monitoring settings within the Privilege Management for Mac policy.

The following events are logged by Privilege Management for Mac:

Event ID Description
100 Process has started with admin rights added to token.
106 Process has started with no change to the access token (passive mode).
116 Process execution was blocked.
120 Process execution was canceled by the user.
130 An application bundle was installed.
131 An application bundle was deleted.

Each process event contains the following information:

  • Command line for the process
  • Process ID for the process (if applicable)
  • Parent process ID of the process
  • Workstyle that applied
  • Application Group that contained the process
  • End user reason (if applicable)
  • Custom access token (if applicable)
  • File hash
  • Certificate (if applicable)