Privilege Management and ePO Events and Reporting

There are two types of reporting for Privilege Management for Windows in ePO:

  • McAfee ePO Reporting, threat events only.
  • Privilege Management Reporting, threat and report events.

Threat events are McAfee specific and are the default reporting option. Threat events are used by the Dashboards and Queries and Reports pages.

Report events contain additional information to threat events and can be viewed in the BeyondTrust Reporting page as well as the Queries and Reports pages.

BeyondTrust Privilege Management Reporting is an optional reporting suite that is integrated into ePO. If you are not using BeyondTrust Privilege Management Reporting you do not need to complete the steps in this section. BeyondTrust Reporting reports on report events.

BeyondTrust Privilege Management Reporting is available in two places in the ePO Server interface:

  • Queries and Reports page
    • The Queries and Reports page can display report events provided that you have configured a Database Server registered server.
  • BeyondTrust Reporting page
    • The BeyondTrust Privilege Management Reporting page requires the Privilege Management database to be installed. In addition, you need to configure both the BeyondTrust Staging and BeyondTrust Reporting registered servers. You can use this page to access detailed dashboards and drill-through reports.

To use BeyondTrust Privilege Management Reporting, events are inserted into the Privilege Management database from the ePO database. You can also insert applications directly into your Application Groups in your Privilege Management for Windows policy using BeyondTrust Privilege Management Reporting.

BeyondTrust Privilege Management Reporting integrates with Intel Security Threat Intelligence Exchange (TIE), so it has additional support for application reputation using Data Exchange Layer (DXL) and VirusTotal.

Times on reports are shown using the time zone of the ePO server. All events are stored in the database in UTC.

McAfee ePO Reports

No additional configuration is required to use McAfee ePO Reporting.

ePO Reporting is available by default and allows you to build complex queries to analyze your data. ePO Reporting uses threat events on the Queries and Dashboards page and the Dashboards page.

ePO Reporting can also report on report events in the Queries and Dashboards page if BeyondTrust Reporting is configured.

There are four Dashboards and twelve default Queries and Reports available by default for BeyondTrust Privilege Management for Windows. You can configure dashboards, charts, and tabular reports on the Dashboards and Queries and Reports pages. These can incorporate data from other ePO server products in ePO.

All the events are stored in the ePO database.