"Events All" Report in Privilege Management for Mac
The following columns are available for the Events > All table:
- Event Time: The time of the event
- Reputation: The reputation of the event, where applicable
- Platform: The platform that the event came from
- Description: The description of the event
- User Name: The user name of the user who triggered the event
- Host Name: The host name where the event was triggered
- Event Type: The type of event
- Workstyle: The Workstyle containing the rule that triggered the event
- Event Category: The category of the event
- Elevation Method: The method of elevation
- Authorization Source: The authorization source for a user's credentials.
You can click some of the column data to review additional information on that event.
If you are using a reputation service such as VirusTotal or McAfee's TIE service, you can update the reputation value collected in the Events > All report.
To update the reputation:
Select the link in the Reputation column, and then click Update Reputation.
The results can vary depending on the reputation service. In the screen capture shown, the application is not known to the TIE service but is to the VirusTotal service. Click the Known link to open the VirusTotal website and view more information.
A valid reputation for an application can help you make an informed decision on how to manage that application in your policy. You can add the application to the policy from the Events > All report using the Add to Policy button.
Add to Policy
Add to Policy allows you to add applications to specific Application Groups in your policy.
If you are using ePO server 5.10, the policy approval workflow is enabled, and you are logged in with a user who doesn't have the permission to approve policies, the Add and Save functionality for Add to Policy is disabled. You can Add and Edit and then click Submit for Review in this instance.
The following application types and event types are not supported in the Events > All report:
- Application Types
- Content application types
- DLL application types
- URL application types
- Uninstaller application types
- Event Types
- Logon types
- Privileged Account Management types
- Host (Privilege Management service) types
To add applications from events to your policy:
- Click the gray check mark in the first column next to the row(s) you want to import applications from and click Add to Policy.
- If you have selected any unsupported application types or event types, these are displayed and grouped by application type or event type.
Application types of Uninstaller are not supported. These cannot be determined by the Events > All report at this stage. If you have selected any Uninstaller application types, you are notified at the end of the process that the applications couldn't be added to your policy.
- Click Continue to acknowledge the application types and event types that won't be added to your policy. A list of your policies and associated Application Groups is displayed. Select the policy and Application Group that you want to add them to.
- Click Add and Save to add them to your policy. You will receive a confirmation when this has been completed. Click Add and Edit to add them to your policy and subsequently open the Policy Catalog. The highlighted lines are the ones you just added to your policy.
The information extracted from the application type or event type is determined by what is available in the event and the most commonly used matching criteria for that application type.
If you receive a message stating your policy is locked, ensure you don't have more than one instance of ePO server open and no other users are accessing the policy.
Export Events to CSV File
The number of items that can be displayed at one time might be limited by the browser display. Use Export to CSV to enter the number of rows to export to the CSV file.
All event filters will be saved to the file.