Application analytics
What are applications?
Applications, as defined by EPM for Windows and Mac, include the following:
Windows application types
| Application Type | Aggregation Criteria |
|---|---|
| Executable (exe) |
|
| COM Class (com) |
|
| Installer Package (msi) |
|
| Uninstaller (unin/unex) |
|
| Store App (appx) |
|
| Windows Service (svc) |
|
| Control Panel Applet (cpl) |
|
| Management Console (msc) |
|
macOS application types
| Application Type | Aggregation Criteria |
|---|---|
| Binary (bin) |
|
| Bundle (bund) Package (pkg) System Preference Pane (pref) |
|
The Applications page
- Analytics tabs: Access the Dashboard, Events, Applications, and Users pages.
- Filters: Select a filter to refine your results. Click Clear Filters to remove all filters from your results.
Available filters
- Time Period
- Computer groups
- Operating system
- Application type
- Admin required
- App description
- App name
- Application group name
- Downloaded status
- Drive type
- Elevation method
- Elevation action
- Message name
- On demand
- Policy name
- Publisher
- Workstyle name
- Save View and Load View: Save your filter preferences and load the view later for quick access to your most frequently-used preferences.
- Columns: Details for each event.
Available columns
- Application name
- Versions
- Admin Required
- Processes
- Users
- Computers
- Date Discovered
- Last Event
- Operating System
- Group Name(s)
- Application Type
- Publisher
- Event Action
- Application Group Name
- Message Name
- Elevation Method
- On Demand
- Drive Type
- Workstyle Name
- Policy Name
Add an application to a policy
You can only add an application to an unlocked policy.
- Sign into app.beyondtrust.io.
The BeyondTrust Home page displays. - From the top left of the page, click
> Endpoint Privilege Management for Windows and Mac > Analytics. The Analytics page displays. - Click Applications.
The Applications page displays. - Locate the application you want to add to a policy.
- In the application row, click
.
The Application panel displays. - Select an unlocked policy and available application group from the drop-down list.
- Click Add and Edit Policy.
The Policy Editor opens and the Applications Group page displays. - Edit the application settings.
- Click Save Changes.
The policy saves.
View an application's details
Best practicesUse the application details to:
- View how often an application runs in your estate and the associated behavior at the end user level (for example, how often an event action occurred for an application over a given time period).
- View the number of users running an application, the reason given if one is required, all associated events, and metadata (such as versions run, application type, etc.).
- View event details specific to the application.
- Sign into app.beyondtrust.io.
The BeyondTrust Home page displays. - From the top left of the page, click > Endpoint Privilege Management for Windows and Mac > Analytics. The Analytics page displays.
- Click Applications.
The Applications page displays. - Locate the application you want to view.
- Click the Application Description.
The Application Details page displays is where you can review at-a-glance user and event activity. If there is more than one version of an application, expand the Application Description and click the link for a specific version to view the associated activity. - Optionally, click the User Activity or Events tabs to display additional details for each logged user or event activity.
Export to CSV
Click the Download icon to export all analytics data results in the currently filtered result set. When downloading from the Applications page:
- Includes up to 10,000 rows.
- Exports only child rows which includes all application versions.
- Downloads only the current page. For example, if 25 items are selected on the page, you only see the child rows for the items on the current page).
- Exports all columns.
Save and load views
Recommended views
The recommended views provide a selection of the most useful predetermined views. Use the views to review collected data and make informed decisions around policy editing.
- Sign into app.beyondtrust.io.
The BeyondTrust Home page displays. - From the top left of the page, click > Endpoint Privilege Management for Windows and Mac > Analytics. The Analytics page displays.
- Click Applications.
The Applications page displays. - Click Load View, and then click the Recommended Views tab.
Recommended views for applications load with the default filters.
| Name | Description |
|---|---|
| Discovered: Active Applications | To help build the Passive Allow and the Add Admin definitions. This view is used for implementation as it displays all the events captured by the (Default) rules. The report name in legacy reporting: Target Types |
| Discovered: by Publisher | To view discovered applications aggregated by Publisher, to decide if you want to treat all applications from that publisher the same way in policy and take that action. The report name in legacy reporting: Discovery by Publisher |
| Discovered: by Requiring Admin Rights | To see the applications that require admin rights and how they are granted, so you can track down genuine admins and what they are running. The report name in legacy reporting: Discovery Requiring Elevation |
| Discovered: from External Sources | Discover applications run from riskier places, to ensure the applications are not allowed admin rights. The report name in legacy reporting: Discovery from External Sources |
| Discovered: New and Uncategorized | Find the new and uncategorized applications running in your estate. Take action to add the applications to a category (add to a more specific application group). The report name in legacy reporting: Discovery All |
Updated about 2 months ago
