Session recordings, along with metadata, are securely stored in the system. The system allows playing and exporting session video logs from the default storage path (.\ApplicationData\VideoLogs\), custom storage path, and archival storage path. Activity and session information can be viewed in the following ways:
Sessions View: This provides a complete view of session activities with advanced search capabilities.
Risk View: This provides an overview of user activities grouped day-wise and segregated based on their risk scoring.
Activity View: Session activities based on configured asset types, categories, and real-time analytics of user sessions.
This section describes how to find session details, search granular activity logs, and more:
Understanding session log
The session log provides information about sessions, such as username, IP, asset type, activity, date, and time. Functions supported for each session activity include:
Viewing session logs
View command logs
View session details
Tracking user & device source information
User Details: When you click on the username, you can find detailed information about the user, including their authentication type, name, department, and other information available or sync with the system.
Source Details: This information is based on how users initiate a session. Users' sessions can be managed via a browser, Sectona Client, a direct proxy, or a URI launcher. You can view the source details by clicking on the icon in a session log. Refer to the following table to understand the type of source information captured for respective launcher types.
- System Node Information: The system will capture the application node IP address, hostname, system node ID, and other details related to user sessions.
Asset & account accessed
The log contains detailed asset descriptions, including asset type, hostname & IP address, the privileged account used for access, and session login time.
The below table demonstrates how to interpret session activity analysis graphs in the session log wherein mouse events, user actions, and live activity analysis might occur to make the graph active which records these activities.
This straight-line graph indicates no unusual activity during the session.
These graph lines indicate that several activities have taken place during the session.
This graph indicates a period of activity after which there was an idle period. Again after that, some activities took place.
Tracking user activity
Session log information and Activity Analysis make it easier to view and interpret the type of activity.
Viewing session recording & metadata
You can view video session data by clicking the 'video log' icon.
Viewing session metadata
You can view the session metadata by clicking the 'command log' icon.
The system will create the metadata log for the size of files uploaded or downloaded during the system, along with their path.
Note: The system will log the file size only for access types, such as SFTP, SFTP to SFTP, FTP, FTP to FTP, SFTP Over Browser, SFTP To SFTP Over Browser, FTP Over Browser, FTP to FTP Over Browser, and RDP Over Browser (v4).
Viewing session history log
You can view the session history log by clicking the 'session history log' icon.
|Session history log
The session history log provides all the information related to the session, including jump server details and browser session drive details.
Searching a session
You can search for a particular session in the Session View. To search for a session in the Session View, you need to click on the Filters button at the top of the page, which will provide you with the form shown as follows:
Provide the session details in the form and click on the 'refresh' button, and your searched session, if available, will appear on the screen.
The name of the entity to be searched
Hostname of the asset to be searched
IP address of the asset to be searched
The name of the account linked to the asset to be searched
The ticket number of the session to be searched
|The type of access type to be searched
|The type of session to be searched. Types are: Not Reviewed, Reviewed, Re-review
The type of asset to be searched
The Domain of the asset to be searched
The risk score of the session to be entered to be searched
The metadata of the session to be searched
The comment on the session to be searched
Login Time Between
Date and time of the session set from the start till end
Exporting a video
You can export a video by clicking on the session in video player mode.
Click on the icon to export the video.
Exported video formats are in .WMV format and can be played in standard video players.
Exporting metadata log
Click on the icon in the session view or search the metadata log using the search bar.
Once you get the required information, you can export it in any format, such as Copy, CSV, Excel, or PDF.
Select the format of your choice, and the file will be downloaded into your system.