Create the Purge Threat Event Log Server Task

You can purge threat events from the event log using this server task. Before you use this server task you need to create a query for it to use.

Create the Purge Threat Event Log Query

  1. Click Queries and Reports and click New Query.
  2. From the left side, click BeyondTrust Endpoint Privilege Management and click Next.
  3. Select List > Table from the left side and click Next.
  4. Click Next on the Select Columns page.
  5. On the Filter page click BeyondTrust Event ID.
  6. Select Greater than or equals and enter 100 for the Value.
  7. Click the plus symbol (+) and change the filter to and.
  8. Select Less than or equals and enter 400 for the Value.
  9. On the same Filter page, click Start Time.

Set the values for the time period for how long you want to retain your data

  1. Select Is not within the last and configure the time period to say how many days/months/years of data you want to keep.

 

  1. Click Save and give the query a name, such as ePO Purge Threat Event.

Create the ePO Purge Threat Event Server Task

Click the Menu button, then select Automation, Server Tasks. Then select New Task

  1. Select Menu > Automation > Server Tasks and select New Task.

 

  1. Enter an appropriate name (Purge Threat Event Log, for example), leave Schedule status as Enabled, and click Next.
  2. Select Purge Threat Event Log from the Actions dropdown menu.

Select Purge Threat Event Log from the Actions drop-down.

  1. Select from Purge records older than or Purge by query and choose your criteria.

 

  1. On the Schedule page set the Schedule type to your preference.
  2. Select the Start date and End date, if required. By default, No end date is selected.
  3. Adjust the time that you want the schedule to run. This is the time of the machine running the ePO server. Click Next. You are presented with a summary of the server task.
  4. Click Save to finish creating the server task.