Discovery Reports in Privilege Management for Windows

This report displays information about applications that have been discovered by the reporting database for the first time. An application is first discovered when an event is received by the Reporting database.

This dashboard displays the following charts:

Chart Information
Applications first reported over the last x months (number)

Grouped by:

  • Admin Rights Detected
  • Admin Rights Not Detected
Types of newly discovered applications

Grouped by:

  • Admin Rights Detected
  • Admin Rights Not Detected
New applications with admin rights detected (top 10 of <number>)

Clicking the View All link takes you to the Discovery > All report with the Admin Rights filter applied.

Clicking an application takes you to the Discovery > All report with the Matched, Application Description, and Publisher filters applied.

New applications with admin rights not detected (top 10 of <number>)

Clicking the View All link takes you to the Discovery > All report with the Admin Rights filter applied.

Clicking an application takes you to the Discovery > All report with the Matched, Application Description, and Publisher filters applied.

New applications with admin rights detected (by type)

Clicking the View All link takes you to the Discovery > All report with the Admin Rights filter applied.

Clicking an application takes you to the Discovery > All report with the Admin Rights and Application Type filters applied.

New applications with admin rights not detected (by type)

Clicking the View All link takes you to the Discovery > All report with the Admin Rights filter applied.

Clicking an application takes you to the Discovery > All report with the Admin Rights and Application Type filters applied.

"Discovery by Path" Report in Privilege Management for Windows

This table displays all distinct applications installed within certain locations that have been discovered during the specified time frame.

For Windows the locations are:

  • System: C:\Windows\
  • Program Files: C:\Program Files\,C:\Program Files (x86)\
  • User Profiles: C:\Users

For macOS the locations are:

  • User Profiles: /Users/%
  • Applications: /Applications/%,/usr/%
  • Operating System Areas: /System/%,/bin/%,/sbin/%

The paths can be altered using the filter panel.

New applications, by path, first reported over the last <time period>

This table groups the applications by path. You can click the plus icon to expand the path to show each individual application. You can view additional information about the application, their type, version, and the number of users using them. You can click the description to see in depth information about the application.

"Discovery by Publisher" Report in Privilege Management for Windows

This table displays the discovered applications grouped by publisher. Where there is more than one application per publisher, the + symbol allows you to expand the entry to examine each application.

The following columns are available for the Windows and macOS Discovery By Publisher table:

  • Publisher: The publisher of the applications
  • Description: The description of a specific application
  • Name: The product name of a specific application
  • Type: The type of application
  • Version: The version number of a specific application
  • # Users: The number of users
  • Median # processes/user: The median number of processes per user
  • # Hosts: The number of hosts
  • # Processes: The number of processes
  • # Applications: The number of applications
  • Date first reported: The date when the application was first entered into the database
  • Date first executed: The first known date that the application was executed

New applications, by publisher, first reported over the last <time period>

This table groups the applications by publisher. You can click the plus icon to expand the path to show each individual application. You can view additional information about the application, their type, version, and the number of users using them. You can click the description to see in depth information about the application.

"Discovery by Type" Report in Privilege Management for Windows

This table displays applications that have been broken down by type. Where there is more than one application per type, the + symbol allows you to expand the entry to examine each application.

The following columns are available for the Windows Discovery By Type table:

  • Type: The type of applications
  • # Users: The number of users
  • Median # processes/user: The median number of processes per user
  • # Hosts: The number of hosts
  • # Processes: The number of processes
  • # Applications: The number of applications
  • Date first reported: The date when the application was first entered into the database
  • Date first executed: The first known date that the application was executed

New applications, by publisher, first reported over the last <time period>

This table groups the applications by type. You can click the plus icon to expand the path to show each individual application. You can view additional information about the application, their type, version, and the number of users using them. You can click the description to see in depth information about the application.

"Discovery Requiring Elevation" Report in Privilege Management for Windows

This table displays applications that have broken down by those requiring elevation. Where there is more than one application per description, the + symbol allows you to expand the entry to examine each application.

The following columns are available for the Windows Discovery By Publisher table:

  • Description: The description of a specific application
  • Publisher: The publisher of the applications
  • Name: The product name of a specific application
  • Type: The type of application
  • Elevate Method: The types of elevation used. Clicking this shows you the type of event(s)
  • Version: The version number of a specific application
  • # Users: The number of users
  • Median # processes/user: The median number of processes per user
  • # Hosts: The number of hosts
  • # Processes: The number of processes
  • Date first reported: The date when the application was first entered into the database
  • Date first executed: The first known date that the application was executed

New applications requiring elevation first reported over the last <time period>

This table groups the applications by type. You can click the plus icon to expand the path to show each individual application. You can view additional information about the application, their type, version, and the number of users using them. You can click the description to see in depth information about the application.

"Discovery from External Sources" Report in Privilege Management for Windows

This table displays all applications that have originated from an external source, such as the internet or an external drive.

You can click on the link in the Description column to see more detailed information on the application, including the actions over the last 30 days split by the type of token, the top 10 users, the top 10 hosts, the run method, and the portion of those discoveries where admin rights were detected.

The following columns are available for the Windows Discovery By Publisher table:

  • Description: The description of a specific application
  • Publisher: The publisher of the applications
  • Name: The product name of a specific application
  • Type: The type of application
  • Source: The source of the application
  • Version: The version number of a specific application
  • # Users: The number of users
  • Median # processes/user: The median number of processes per user
  • # Hosts: The number of hosts
  • # Processes: The number of processes
  • Date first reported: The date when the application was first entered into the database
  • Date first executed: The first known date that the application was executed

New applications from external sources first reported over the last <time period>

This table groups the applications by type. You can click the plus icon to expand the path to show each individual application. You can view additional information about the application, their type, version, and the number of users using them. You can click the description to see in depth information about the application.

"Discovery All" Report in Privilege Management for Windows

This table lists all applications discovered in the time period, grouped by the application description. If multiple versions of the same application exist, they are grouped on the same line. These can be expanded by clicking on the plus (+) symbol in the Version column.

The following columns are available for the Windows Discovery By Publisher table:

  • Description: The description of a specific application
  • Publisher: The publisher of the applications
  • Name: The product name of a specific application
  • Type: The type of application
  • Version: The version number of a specific application
  • # Users: The number of users
  • Median # processes/user: The median number of processes per user
  • # Hosts: The number of hosts
  • # Processes: The number of processes
  • Date first reported: The date when the application was first entered into the database
  • Date first executed: The first known date that the application was executed

You can click on the link in the Description column to see more detailed information on the application, including the actions over the last 30 days split by the type of token, the top 10 users, the top 10 hosts, the run method, and the portion of those discoveries where admin rights was detected.