Session recordings along with metadata are securely stored in the system. Activity and session information can be viewed in the following ways:
Sessions View: This provides a complete view of session activities with advanced search capabilities.
Risk View: This provides an overview of user activities grouped day-wise and segregated based on their risk scoring.
Activity View: Session activities based on configured asset types, categories and real-time analytics of user sessions.
This section describes how to find session details, search granular activity logs and more:
Understanding session log
Session log provides information about sessions such as username, IP, asset type, activity, date and time. Functions supported for each session activity includes:
Viewing session logs
View command logs
View session details
Tracking user & device source information
User Details: When you click on the username, you can find detailed information of the user including their authentication type, name, department and other information available or sync with the system.
Source Details: This information is based on the way users initiates a session. Users sessions can be managed via browser, Sectona Client, direct proxy or using URI launcher. You can view the source details by clicking on the icon in a session log. Refer to the following table to understand the type of source information captured for respective launcher types.
Asset & account accessed
The log contains detailed asset description including asset type, hostname & IP address, the privileged account used for access along with session login time.
The below table demonstrates how to interpreting session activity analysis graphs in session log wherein mouse events, user actions, live activity analysis might occur to make the graph active which records these activities.
This straight-line graph indicates there was no unusual activity during the session.
These graph lines indicate that several activities have taken place during the session.
This graph indicates that there was a period of activity after which there was an idle time period. Again after that, some activities took place.
Tracking user activity
Session log information along with Activity Analysis makes it easier for viewing and interpreting the type of activity.
Viewing session recording & metadata
You can view video session data by clickingand metadata of the session by clicking the icon.
Searching a session
You can search a particular session in the Session View. To search a session in the Session View you need to click on the Filters button at the top of the page which will provide you with the form shown as follows:
Provide the details of the session in the form and click on thebutton and your searched session if available will appear on the screen.
The name of the entity to be searched
Hostname of the asset to be searched
IP address of the asset to be searched
The name of the account linked to the asset to be searched
The ticket number of the session to be searched
The type of asset to be searched
The Domain of the asset to be searched
The risk score of the session to be entered to be searched
The metadata of the session to be searched
The comment on the session to be searched
Date and time of the session set from
Date and time of the session set till
Exporting a video
You can export a video clicking on the session in a video player mode.
Click on the icon to export the video.
Exported video formats are in .WMV format and can be played in standard video players.
Exporting metadata log
Click on icon in the session view or you can also search the metadata log using the search bar.
Once you get the required information you can export it in any of the formats available formats such as Copy, CSV, Excel or PDF.
Select the format of your choice and the file will be downloaded in your system.