Audits and Reports
Privilege Management for Mac sends events to the local Application event log, depending on the audit and privilege monitoring settings within the Privilege Management for Mac policy.
Additionally, BeyondTrust also provides an enterprise level, scalable reporting solution in Privilege Management Reporting. Privilege Management Reporting includes a rich set of dashboards and reports designed to simplify the centralized management and auditing of Privilege Management for Mac activity throughout the desktop and server estate. Each dashboard provides detailed and summarized information regarding Application, User, Host, and Workstyle usage.
For more information, please contact BeyondTrust.
The following events are logged by Privilege Management for Mac:
|100||Process has started with admin rights added to token.|
|106||Process has started with no change to the access token (passive mode).|
|116||Process execution was blocked.|
|120||Process execution was canceled by the user|
|130||An application bundle that can be installed into the /Applications folder by a user that is not a member of the Administrator group.|
|131||An application bundle that can be deleted from the /Applications folder by a user that is not a member of the Administrator group.|