You can purge threat events from the event log using this server task. Before you use this server task you need to create a query for it to use.
Create the Purge Threat Event Log Query
- Click Queries and Reports and click New Query.
- From the left side, click BeyondTrust Privilege Management and click Next.
- Select List > Table from the left side and click Next.
- Click Next on the Select Columns page.
- On the Filter page click BeyondTrust Event ID.
- Select Greater than or equals and enter 100 for the Value.
- Click the plus symbol (+) and change the filter to and.
- Select Less than or equals and enter 400 for the Value.
- On the same Filter page, click Start Time.
- Select Is not within the last and configure the time period to say how many days/months/years of data you want to keep.
- Click Save and give the query a name, such as ePO Purge Threat Event.
Create the ePO Purge Threat Event Server Task
- Select Menu > Automation > Server Tasks and select New Task.
- Enter an appropriate name (Purge Threat Event Log, for example), leave Schedule status as Enabled, and click Next.
- Select Purge Threat Event Log from the Actions dropdown menu.
- Select from Purge records older than or Purge by query and choose your criteria.
- On the Schedule page set the Schedule type to your preference.
- Select the Start date and End date, if required. By default, No end date is selected.
- Adjust the time that you want the schedule to run. This is the time of the machine running the ePO server. Click Next. You are presented with a summary of the server task.
- Click Save to finish creating the server task.