Endpoint Privilege Management and ePO Events and Reporting

There are two types of reporting available:

• Trellix ePO reporting, threat events only
• Endpoint Privilege Management reporting. Starting in version 23.10, you can deploy the BeyondTrust Endpoint Privilege Management App to run reports on your ePO Endpoint Privilege Management environment.

Trellix ePO Reports

No additional configuration is required to use Trellix ePO Reporting.

ePO Reporting is available by default and allows you to build complex queries to analyze your data. ePO Reporting uses threat events on the Queries and Dashboards page and the Dashboards page.

ePO Reporting can also report on report events in the Queries and Dashboards page if BeyondTrust Reporting is configured.

There are four Dashboards and twelve default Queries and Reports available by default for BeyondTrust Endpoint Privilege Management for Windows. You can configure dashboards, charts, and tabular reports on the Dashboards and Queries and Reports pages. These can incorporate data from other ePO server products in ePO.

All the events are stored in the ePO database.