DocumentationAPI ReferenceRelease Notes
Documentation
Start typing to search…

Application analytics | EPM-WM Pathfinder

What are applications?

Applications, as defined by EPM for Windows and Mac, include the following:

Windows application types

Application TypeAggregation Criteria
Executable (exe)
  • Application name
  • Application description
  • Publisher
  • Admin required
COM Class (com)
  • CLSID
  • COM Display Name
  • Publisher
  • Admin required
Installer Package (msi)
  • Application description
  • Upgrade code
  • Publisher
  • Admin Required
Uninstaller (unin/unex)
  • App Description
  • Product Name
  • Publisher
  • Admin Required
Store App (appx)
  • Publisher
  • Admin Required
  • Store App Name
Windows Service (svc)
  • Service Display Name
  • Service Action
  • Publisher
  • Admin Required
Control Panel Applet (cpl)
  • Publisher
  • Admin Required
  • App Description
Management Console (msc)
  • Publisher
  • Admin Required
  • File Path

macOS application types

Application TypeAggregation Criteria
Binary (bin)
  • Publisher
  • Authorization Required
  • File Path
Bundle (bund)
Package (pkg)
System Preference Pane (pref)
  • Publisher
  • Authorization Required
  • Application Name
  • Application Description

The Applications page

The Analytics page in Endpoint Privilege Management for Windows and Mac analytics
  1. Analytics tabs: Access the Dashboard, Events, Applications, and Users pages.
  2. Filters: Select a filter to refine your results. Click Clear Filters to remove all filters from your results.
    Available filters
    • Time Period
    • Computer groups
    • Operating system
    • Application type
    • Admin required
    • App description
    • App name
    • Application group name
    • Downloaded status
    • Drive type
    • Elevation method
    • Elevation action
    • Message name
    • On demand
    • Policy name
    • Publisher
    • Publisher Exists
    • Workstyle name
  3. Save View and Load View: Save your filter preferences and load the view later for quick access to your most frequently-used preferences.
  5. Columns: Details for each event.
    Available columns
    • Application name
    • Versions
    • Admin Required
    • Processes
    • Users
    • Computers
    • Date Discovered
    • Last Event
    • Operating System
    • Group Name(s)
    • Application Type
    • Publisher
    • Event Action
    • Application Group Name
    • Message Name
    • Elevation Method
    • On Demand
    • Drive Type
    • Workstyle Name
    • Policy Name

Add an application to a policy

ℹ️

You can only add an application to an unlocked policy.

  1. Sign into app.beyondtrust.io.
    The BeyondTrust Home page displays.
  2. From the top left of the page, click > Endpoint Privilege Management for Windows and Mac > Analytics. The Analytics page displays.
  3. Click Applications.
    The Applications page displays.
  4. Locate the application you want to add to a policy.
  5. In the application row, click .
    The Application panel displays.
  6. Select an unlocked policy and available application group from the drop-down list.
  7. Click Add and Edit Policy.
    The Policy Editor opens and the Applications Group page displays.
  8. Edit the application settings.
  9. Click Save Changes.
    The policy saves.

View an application's details

👍

Best practices

Use the application details to:

  • View how often an application runs in your estate and the associated behavior at the end user level (for example, how often an event action occurred for an application over a given time period).
  • View the number of users running an application, the reason given if one is required, all associated events, and metadata (such as versions run, application type, etc.).
  • View event details specific to the application.
  1. Sign into app.beyondtrust.io.
    The BeyondTrust Home page displays.
  2. From the top left of the page, click > Endpoint Privilege Management for Windows and Mac > Analytics. The Analytics page displays.
  3. Click Applications.
    The Applications page displays.
  4. Locate the application you want to view.
  5. Click the Application Description.
    The Application Details page displays is where you can review at-a-glance user and event activity. If there is more than one version of an application, expand the Application Description and click the link for a specific version to view the associated activity.
  6. Optionally, click the User Activity or Events tabs to display additional details for each logged user or event activity.

Export to CSV

  1. Sign into app.beyondtrust.io.
    The BeyondTrust Home page displays.
  2. From the top left of the page, click > Endpoint Privilege Management for Windows and Mac > Analytics. The Analytics page displays.
  3. Click Applications.
    The Applications page displays.
  4. Clickto export all analytics data results in the currently filtered result set. The CSV download can include up to 5 million records with detailed information on account privileges.
  5. When saving an export file for applications:
    1. Select the maximum number of records to download.
    2. Select the columns to include. Select In View to include only the columns currently selected in your view. Select All Available to include all columns even those not currently displayed.
    3. Enter a file name.
    4. Click Prepare Download.
  6. Click the Notifications icon when the file is ready to download.

Save and load views

Recommended views

The recommended views provide a selection of the most useful predetermined views. Use the views to review collected data and make informed decisions around policy editing.

  1. Sign into app.beyondtrust.io.
    The BeyondTrust Home page displays.
  2. From the top left of the page, click > Endpoint Privilege Management for Windows and Mac > Analytics. The Analytics page displays.
  3. Click Applications.
    The Applications page displays.
  4. Click Load View, and then click the Recommended Views tab.

Recommended views for applications load with the default filters.

NameDescription
Discovered: Active ApplicationsTo help build the Passive Allow and the Add Admin definitions. This view is used for implementation as it displays all the events captured by the (Default) rules.
The report name in legacy reporting: Target Types
Discovered: by PublisherTo view discovered applications aggregated by Publisher, to decide if you want to treat all applications from that publisher the same way in policy and take that action.
The report name in legacy reporting: Discovery by Publisher
Discovered: by Requiring Admin RightsTo see the applications that require admin rights and how they are granted, so you can track down genuine admins and what they are running.
The report name in legacy reporting: Discovery Requiring Elevation
Discovered: from External SourcesDiscover applications run from riskier places, to ensure the applications are not allowed admin rights.
The report name in legacy reporting: Discovery from External Sources
Discovered: New and UncategorizedFind the new and uncategorized applications running in your estate. Take action to add the applications to a category (add to a more specific application group).
The report name in legacy reporting: Discovery All

Updated about 2 months ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.