Endpoint Privilege Management and ePO Events and Reporting
There are two types of reporting available:
- Trellix ePO reporting, threat events only
- Endpoint Privilege Management reporting. Starting in version 23.10, you can deploy the BeyondTrust Endpoint Privilege Management App to run reports on your ePO Endpoint Privilege Management environment.
Trellix ePO Reports
No additional configuration is required to use Trellix ePO Reporting.
ePO Reporting is available by default and allows you to build complex queries to analyze your data. ePO Reporting uses threat events on the Queries and Dashboards page and the Dashboards page.
ePO Reporting can also report on report events in the Queries and Dashboards page if BeyondTrust Reporting is configured.
There are four Dashboards and twelve default Queries and Reports available by default for BeyondTrust Endpoint Privilege Management
All the events are stored in the ePO database.