Policy Events
Application control events or Policy Events are created if you choose to have one or more policies send feedback (from the endpoint to the server) each time the policy is triggered.
Under Policy Events Verify Privilege Manager provides access to all information collected and events discovered due to using monitoring policies with the Audit Policy Events switch set to active.
Sending policy events should be for actionable items, for example, a bad event you want to investigate. This feature should be used to catch anomalies in the events, not to monitor all the events from users.
Event Details
Select an event or multiple events. Details are displayed in a panel on the right. The details provided are the application or process name that triggered the event and based on which policy the event was recorded, including a short policy description. You can also see how often this event has occurred.
Policy Event Actions
The buttons in the lower right of the page allow you to apply policy event actions for the policy. The check boxes provided allow you to select multiple events (or all events). Use the FILE check box to select all events, or to deselect the current selections.
Only the Acknowledge All action can be applied to multiple policy event selections.
Create Filter
Use the details view to either create a filter or view the file. If you choose to Create Filter, you can also select to immediately add that filter to an existing policy.
View File
If you choose View File, you can drill into the event details further. Refer to Events Drilldown.
Acknowledge All
If you enabled the Show Acknowledge Events switch, Acknowledge Events is visible. Refer to Privilege Manger Solution for details.
Enable the check boxes for the events to be acknowledged, then click Acknowledge All. Supply a note for the acknowledgment and click Acknowledge. The selected events are removed.
Change Filter Criteria
Click the ellipsis in the top right of the Policy Events list to Change Filter Criteria.