Breadcrumbs

View Session Recordings

Session recordings, along with metadata, are securely stored in the system. The system allows playing and exporting session video logs from the default storage path (.\ApplicationData\VideoLogs\), custom storage path, and archival storage path. Activity and session information can be viewed in the following ways:

  • Sessions View: This provides a complete view of session activities with advanced search capabilities.

  • Risk View: This provides an overview of user activities grouped day-wise and segregated based on their risk scoring.

  • Activity View: Session activities based on configured asset types, categories, and real-time analytics of user sessions.

This section describes how to find session details, search granular activity logs, and more:

Understanding session log

The session log provides information about sessions, such as username, IP, asset type, activity, date, and time. Functions supported for each session activity include:

  • Viewing session logs

  • View command logs

  • View session details

Tracking user & device source information

  • User Details: When you click on the username, you can find detailed information about the user, including their authentication type, name, department, and other information available or sync with the system.

  • Source Details: This information is based on how users initiate a session. Users' sessions can be managed via a browser, Sectona Client, a direct proxy, or a URI launcher. You can view the source details by clicking on the icon in a session log. Refer to the following table to understand the type of source information captured for respective launcher types.

  • System Node Information: The system will capture the application node IP address, hostname, system node ID, and other details related to user sessions. 

Launcher type

Source Information

Browser

  • Session Type

  • IP

  • Login User

  • Host Name

Direct Proxy

IP

Sectona Client

  • Session Type

  • IP

  • Login User

  • Host Name

  • MAC Address

  • Motherboard

  • Operating System

Launcher

Asset & account accessed

The log contains detailed asset descriptions, including asset type, hostname & IP address, the privileged account used for access, and session login time. 

The below table demonstrates how to interpret session activity analysis graphs in the session log wherein mouse events, user actions, and live activity analysis might occur to display a graph that records these activities.

Graph type

Description
image2018-4-13_18-33-31.png

This straight-line graph indicates no unusual activity during the session.
image2018-4-13_18-34-11.png

These graph lines indicate that several activities have taken place during the session.
image2018-4-13_18-34-59.png

This graph indicates a period of activity after which there was an idle period. Again after that, some activities took place.

Tracking user activity

Session log information and Activity Analysis make it easier to view and interpret the type of activity.

Viewing session recording & metadata

You can view video session data by clicking the Video Log icon Video Log.png

Viewing session metadata

You can view the session metadata by clicking the Action icon 2023-06-13T16_52_20.png

. The system will create the metadata log for the size of files uploaded or downloaded during the system, along with their path.

Note: The system will log the file size only for access types, such as SFTP, SFTP to SFTP, FTP, FTP to FTP, SFTP Over Browser, SFTP To SFTP Over Browser, FTP Over Browser, FTP to FTP Over Browser, and RDP Over Browser (v4).

Viewing session history log

You can view the session history log by clicking the icon. The session history log provides all the information related to the session, including jump server details and browser session drive details.

Searching a session

You can search for a particular session in the Session View. To search for a session in the Session View, you need to click on the Filters button at the top of the page, which will provide you with the form shown as follows:

Provide the session details in the form and click on the Show button, and your searched session, if available, will appear on the screen.

Parameter

Description

User

The name of the entity

Hostname

Hostname of the asset 

IP Address

IP address of the asset

Account Name

The name of the account linked to the asset

Ticket No.

The ticket number of the session

Access Type

The type of access mode configured

Session Review

The type of session: Not Reviewed, Reviewed, Re-review

Asset Type

The type of asset

Domain

The Domain of the asset

Risk Score

The risk score of the session

Metadata

The metadata of the session

Comment

The comment on the session

Login Time Between

Date and time of the session set from the start till end

Exporting a video 

  • You can export a video by clicking on the session in video player mode.

  • Click on the icon to export the video.

  • Exported video formats are in .WMV format and can be played in standard video players.

Exporting metadata log

  • Click on the icon in the session view or search the metadata log using the search bar.

  • Once you get the required information, you can export it in any format, such as Copy, CSV, Excel, or PDF.

  • Select the format of your choice, and the file will be downloaded into your system.