Audits and Reports

Privilege Management for Mac sends events to the local Application event log, depending on the audit and privilege monitoring settings within the Privilege Management for Mac policy.

Additionally, BeyondTrust also provides an enterprise level, scalable reporting solution in Privilege Management Reporting. Privilege Management Reporting includes a rich set of dashboards and reports designed to simplify the centralized management and auditing of Privilege Management for Mac activity throughout the desktop and server estate. Each dashboard provides detailed and summarized information regarding Application, User, Host, and Workstyle usage.

For more information, please contact BeyondTrust.

Events

The following events are logged by Privilege Management for Mac:

Event ID Description
100 Process has started with admin rights added to token.
106 Process has started with no change to the access token (passive mode).
116 Process execution was blocked.
120 Process execution was canceled by the user
130 An application bundle that can be installed into the /Applications folder by a user that is not a member of the Administrator group.
131 An application bundle that can be deleted from the /Applications folder by a user that is not a member of the Administrator group.