Audits and Reports
Endpoint Privilege Management for Mac sends events to the local Application event log, depending on the audit and privilege monitoring settings within the Endpoint Privilege Management for Mac policy.
Additionally, BeyondTrust also provides an enterprise level, scalable reporting solution in Endpoint Privilege Management Reporting. Endpoint Privilege Management Reporting includes a rich set of dashboards and reports designed to simplify the centralized management and auditing of Endpoint Privilege Management for Mac activity throughout the desktop and server estate. Each dashboard provides detailed and summarized information regarding Application, User, Host, and Workstyle usage.
For more information, please contact BeyondTrust.
Events
The following events are logged by Endpoint Privilege Management for Mac:
| Event ID | Description |
|---|---|
| 100 | Process has started with admin rights added to token. |
| 106 | Process has started with no change to the access token (passive mode). |
| 116 | Process execution was blocked. |
| 120 | Process execution was canceled by the user |
| 130 | An application bundle that can be installed into the /Applications folder by a user that is not a member of the Administrator group. |
| 131 | An application bundle that can be deleted from the /Applications folder by a user that is not a member of the Administrator group. |
