In the Endpoint Privilege Manager (EPM), events are the backbone of security monitoring, functioning as real-time data records. They capture all privilege-related activities occurring on managed endpoints, from application execution to system changes and data access. These events are crucial for maintaining a security posture, enabling organizations to gain deep insights into user and system behavior.
Each event represents an occurrence within the endpoint privilege management lifecycle, containing metadata about user actions, system interactions, and security decisions. This provides complete visibility into privilege usage patterns and potential security risks.
Events
The following table displays all events available in EPM macOS:
| Event | Description |
|---|---|
| Mac Sudo Allowed | Sudo command executed successfully. |
| Mac Sudo Denied | Sudo command was not executed. |
| Mac Application Allowed | The application was executed according to the active access policy. |
| Mac Application Denied | The access policy restricted the execution attempt. |
| Mac Application Elevation | The application was executed with elevated privileges according to the active access policy. |
| Mac Execution Allowed Graylist | The application present in the graylist was executed successfully. |
| Mac Execution Denied Graylist | The application present in the graylist was not executed. |
| Mac Execution Allowed By Disabled Graylist | The application was executed successfully, and the graylist was disabled. |
| Mac Authorization Right Granted | The application or user received authorization rights. |
| Mac Authorization Right Extended | The application or user had their authorization rights extended. |
| Mac Authorization Right Requested | An application or user requested authorization rights. |
| Mac Authorization Right Denied | An authorization rights request was rejected. |