Session Event Recording
PAM Remote Sessions with Video, Keystroke and Clipboard Recording.
When a user connects to a privileged system using a secure session in PAM it is also recording the user’s keystrokes as well as any clipboard text copies that are made into the session (video can optionally be recorded too).
Keystroke and clipboard event recording is captured regardless of the video recording, so you can be sure that all sessions will have a searchable event report that can be used for investigations.
Any user that has the PAM permission to review Session History and Video recordings will also have access to the Keystroke and Clipboard events as well.
Locating and reviewing a session’s Session Events
- Login with a user account that has sufficient permissions and either open a record that you wish to review and open the All Sessions section located in Management > Sessions.
- From within the Record view, click the Session tab.
- Locate the Session that you would like to review, open its menu option under the Recording column and select Events.
The Session Events view will open displaying all keystroke and clipboard text that were entered during this session.
If the session is completed and it was recorded, you can use the Jump to Recording option located in the Action menu to automatically open the in-browser video player and jump to this event.
Recording enforcement for Personal Vaults
The System Administrator is able to require session and session events recording for all assets created in User's Personal Vaults.
The option enables control over the devices in isolated data-centers, air gap networks or Virtual Private Clouds even for the users using personal accounts with privileged access.
Two global parameters are located in the Administration > Settings > Parameters > Sessions category: Personal Vault Session Recording and Personal Vault Event Recordings.
When set to Enforced these parameters overwrite the default records permission scheme to enforce sessions or session events recordings.