"Events" Dashboard in Endpoint Privilege Management

This report shows information about the types of events raised over the specified time period. It also shows the time elapsed since a host raised an event.

Chart Description

Events over the last (time interval)

A column chart showing the number of the different Event Types filtered by the time period.

Clicking the chart opens the Events All report with the Filter by Event Category filter applied.

Event Types

A chart showing the number of events received filtered by the Event Type.

Clicking the chart opens the Events All report with the Event Number filter applied.

By Category

A chart displaying the events received filtered by Category.

Clicking the chart opens the Events All report with the Filter by Event Category filter applied.

Time since last endpoint event

A chart showing the number of endpoints in each time since last event category.
For more information, see the following:

Events All

The following columns are available for the Windows and macOS Events All table:

  • Event Time: The time of the event.
  • Reputation: The reputation of the event, where applicable.
  • Platform: The platform the event came from.
  • Description: The description of the event.
  • User: The user name of the user who triggered the event.
  • Host: The host name where the event was triggered.
  • Workstyle: The Workstyle containing the rule that triggered the event.
  • Event Category: The category of the event.
  • Event Type: The type of event.

Some of these columns allow you to drill down to additional information:

  • i icon: opens the event report listing all the fields for that event.
  • Description: opens the Applications Report.
  • User: opens the User Report.
  • Host: opens the Host Report.
  • Workstyle: opens the Workstyle Report.
For more information on the available quick filters, see the following:

Process Detail

The Process Detail report provides a higher level of detail for Process events than the Events > All table. Other event categories are not shown in this table. You can access the Process Detail report by clicking on Process Detail from the Quick Filter panel in the Events > All report.

The following columns are available for the Windows and macOS Process Details table:

  • Start Time: The start time of the event.
  • Platform: The platform that the event occurred on.
  • Description: The description of the application.
  • Publisher: The publisher of the application.
  • Application Type: The type of application.
  • File Name: The name of the file.
  • Command Line: The command line of the process that triggered the event.
  • Product Name: The product name of the application.
  • Product Version: The product version of the application.
  • Trusted Application: The name of the trusted application.
  • Trusted Application Version: The version of the trusted application.
  • Group Policy Object: The name of the Endpoint Privilege Management policy (Windows only).
  • Workstyle: The name of the Workstyle that the event was triggered from.
  • Message: The message name if the event triggered a message.
  • Action: The action associated with the event.
  • Application Group: The Application Group the application assignment rule belongs to.
  • PID: The process identifier of the process.
  • Parent PID: The parent process identifier.
  • Parent Process File Name: The parent process file name.
  • Shell / Auto: Whether the process was triggered on-demand or automatically (Windows only).
  • UAC Triggered: Whether user account control was triggered (Windows only).
  • Admin Rights Required: Whether or not admin rights were required (Windows only).
  • Authorization Required: Whether or not authorization rights were required (macOS only).
  • User Name: The name of the user who triggered the event.
  • Host Name: The name of the host where the event was triggered.
  • Rule Script File Name: The name of the Rule Script (Power Rule).
  • Rule Script Affected Rule: True when the Rule Script (Power Rule) changed one or more of the Default Endpoint Privilege Management rule, otherwise false.
  • User Reason: The reason given by the user if applicable.
  • COM Display Name: The COM name if applicable (Windows only).
  • Source URL: The URL of the event if applicable (Windows only).
  • BeyondTrust Zone Identifier: The BeyondTrust Zone identifier if present.
  • Uninstall Action: This can be None, Uninstall, Change/Modify, or Repair.
  • Auth Methods: The type of authentication method selected in the Policy Editor. Multiple values can be present and will be comma separated. Possible values: Identity Provider, Password, Challenge Response, Smart Card, and User Request.
  • Idp Authentication User Name: The credential provided when adding an Identity Provider authorization message in the Policy Editor.

Export Events to CSV File

The number of items that can be displayed at one time might be limited by the browser display. Use Export to CSV to enter the number of rows to export to the CSV file.

All event filters will be saved to the file.