cancel
Showing results for 
Search instead for 
Did you mean: 
rpd85
Level 9

DLP 9.3 – How to query all details of Agent Override events

With Host DLP 9.3, there is a “DLP Operational Events” menu item in ePO. I have created a filter to display all events where an administrator has generated an agent override key. Clicking on any one of these events shows the “DLP Incident Information” – in this case, the fields include the “duration” of the override and “business reason” for granting it.

What I am trying to do now if figure out a way to run a query or report that can be emailed to a manager that will show how many override keys were generated during a specified period of time (such as within the last week), and all the relevant details of each override – duration, business reason, requesting user name, name of the administrator who granted the override, etc.

So far, I have created a query using the “DLP Events” Result Type with the filter “Event Type Equals Administrative: Agent Override Key Generated”; but I can’t find anything in the available properties or columns that will display the incident details for each override event.

Does anyone know if there is a way to export this kind of info, or can it only be seen by logging into ePO? Our ePO version is 4.6.6.

Thanks in advance!

0 Kudos
4 Replies
epository
Level 10

Re: DLP 9.3 – How to query all details of Agent Override events

Open DLP monitor and create a filter on events ID for Admintratitive: Agent Enters Bypass Mode and/or Agent Override Key Generated or

try using Event ID's 4711 and 11499

Message was edited by: epository on 1/16/14 5:45:37 AM CST
0 Kudos
rpd85
Level 9

Re: DLP 9.3 – How to query all details of Agent Override events

I have already created the filter, but what I am looking to do is create a scheduled query or report that can be emailed to managers on a regular basis, without them having to manually log into ePO.

0 Kudos
vimalnavis
Level 13

Re: DLP 9.3 – How to query all details of Agent Override events

DLP Monitor does not exist for 9.3. Create an ePO Query that meets your requirement. Create a Server Task that runs the query and then Emails it to a group/user(s).

0 Kudos
rpd85
Level 9

Re: DLP 9.3 – How to query all details of Agent Override events

Yes, that is what I am trying to do - create a query that can be emailed. As stated in my original question, the issue is that when I go to create this query, I cannot find anything in the list of available criteria that includes the duration of the override, or the business reason for granting it.

0 Kudos