Endpoint Privilege Management Dashboards in ePO

The Trellix ePO integration includes the following dashboards:

  • BeyondTrust Endpoint Privilege Management: Blocked
  • BeyondTrust Endpoint Privilege Management: Elevated
  • BeyondTrust Endpoint Privilege Management: Executed
  • BeyondTrust Endpoint Privilege Management: Monitoring

To access the dashboards, click on the Dashboards icon and then select one of the Endpoint Privilege Management for Mac dashboards from the Dashboard dropdown menu. These dashboards show Windows and macOS events.

If you want to add, remove, or amend any of the default monitors for any of the dashboards below, you can do so within Trellix ePO Queries and Reports. We recommend that only advanced Trellix ePO administrators do this. Please refer to Trellix ePO documentation for details on managing dashboards, queries, and reports.

BeyondTrust Endpoint Privilege Management: Blocked

The BeyondTrust Endpoint Privilege Management: Blocked dashboard contains all events raised by Endpoint Privilege Management for Mac relating to applications that were blocked by Endpoint Privilege Management for Mac policy.

The BeyondTrust Endpoint Privilege Management: Blocked dashboard includes the following monitors:

  • BeyondTrust Endpoint Privilege Management: Top 10 Blocked Apps
  • BeyondTrust Endpoint Privilege Management: Top 10 Blocked by Publisher
  • BeyondTrust Endpoint Privilege Management: Blocked over Last 7 Days

Each chart element in the monitors can be hovered over to display a count of how many blocked applications make up that element. To view the details of blocked applications for a particular element, click on the element to drill down.

BeyondTrust Endpoint Privilege Management: Elevated

The BeyondTrustEndpoint Privilege Management: Elevated dashboard contains all events raised by Endpoint Privilege Management for Mac relating to applications that were elevated by Endpoint Privilege Management for Mac policy. These events include:

  • Auto-Elevated: Applications elevated by Application Privileges policy
  • User-Elevated: Applications elevated by On-Demand shell elevation policy

The BeyondTrust Endpoint Privilege Management : Elevated dashboard includes the following monitors:

  • BeyondTrust Endpoint Privilege Management: Top 10 Elevated Apps
  • BeyondTrust Endpoint Privilege Management: Top 10 Elevated by Publisher
  • BeyondTrust Endpoint Privilege Management: Elevated over Last 7 Days

Each chart element in the monitors can be hovered over to display a count of how many elevated applications make up that element. To view the details of elevated applications for a particular element, click on the element to drill down.

Endpoint Privilege Management: Executed

The BeyondTrust Endpoint Privilege Management: Executed dashboard contains all events raised by Endpoint Privilege Management for Mac relating to applications that were allowed to execute under Endpoint Privilege Management for Mac control. These events include:

Auto-Elevated: Applications elevated by Application Privileges policy.

User-Elevated: Applications elevated by On-Demand shell elevation policy.

Passive: Applications granted a passive access token.

Drop-Admin: Applications which have had admin rights removed.

Default-Rights: Applications which have had standard user rights enforced.

Custom-Token: Applications granted a custom created access token.

Admin-required: Applications which require admin rights to run (Privilege Monitoring).

The BeyondTrust Endpoint Privilege Management: Executed dashboard includes the following monitors:

  • BeyondTrust Endpoint Privilege Management: Top 10 Executed Apps
  • BeyondTrust Endpoint Privilege Management: Top 10 Executed by Publisher
  • BeyondTrust Endpoint Privilege Management: Executed over Last 7 Days

Each chart element in the monitors can be hovered over to display a count of how many executed applications make up that element. To view the details of executed applications for a particular element, click on the element to drill down.

BeyondTrust Endpoint Privilege Management: Monitoring

The BeyondTrust Endpoint Privilege Management: Monitoring dashboard contains all events raised by Endpoint Privilege Management for Mac, relating to applications detected by Endpoint Privilege Management for Mac, requiring elevated rights to run.

The BeyondTrust Endpoint Privilege Management: Monitoring dashboard includes the following monitors:

  • BeyondTrust Endpoint Privilege Management: Top 10 Apps Requiring Elevated Rights
  • BeyondTrust Endpoint Privilege Management: Top 10 Requiring Elevated Rights by Publisher
  • BeyondTrust Endpoint Privilege Management: Elevated Rights over Last 7 Days

Each chart element in the monitors can be hovered over to display a count of how many monitored applications make up that element. To view the details of monitored applications for a particular element, click on the element to drill down.