With Host DLP 9.3, there is a “DLP Operational Events” menu item in ePO. I have created a filter to display all events where an administrator has generated an agent override key. Clicking on any one of these events shows the “DLP Incident Information” – in this case, the fields include the “duration” of the override and “business reason” for granting it.
What I am trying to do now if figure out a way to run a query or report that can be emailed to a manager that will show how many override keys were generated during a specified period of time (such as within the last week), and all the relevant details of each override – duration, business reason, requesting user name, name of the administrator who granted the override, etc.
So far, I have created a query using the “DLP Events” Result Type with the filter “Event Type Equals Administrative: Agent Override Key Generated”; but I can’t find anything in the available properties or columns that will display the incident details for each override event.
Does anyone know if there is a way to export this kind of info, or can it only be seen by logging into ePO? Our ePO version is 4.6.6.
Thanks in advance!
Open DLP monitor and create a filter on events ID for Admintratitive: Agent Enters Bypass Mode and/or Agent Override Key Generated or
try using Event ID's 4711 and 11499
Message was edited by: epository on 1/16/14 5:45:37 AM CST
I have already created the filter, but what I am looking to do is create a scheduled query or report that can be emailed to managers on a regular basis, without them having to manually log into ePO.
DLP Monitor does not exist for 9.3. Create an ePO Query that meets your requirement. Create a Server Task that runs the query and then Emails it to a group/user(s).
Yes, that is what I am trying to do - create a query that can be emailed. As stated in my original question, the issue is that when I go to create this query, I cannot find anything in the list of available criteria that includes the duration of the override, or the business reason for granting it.