Session monitoring

This topic describes how system admin and auditors can view privilleged session events and their details. The Session monitoring page in the Audit service enables you to monitoring details about all the activities and commands your end users are running on their target machines.

This information is helpful for internal purposes to identify suspicious user activities, and to perform forensic investigations.

Session information is also needed for record of proof/accountability, and to demonstrate compliance with external certification programs or regulations.

The following details are listed for each session:

Item

Description

Session id

A unique session id.

Timestamp

Time that the activity was written.

Event

The activity that was performed by the user, service, or application.

Command

The keystrokes entered by the user during a SSH user session.

Username

The user connected to the target.

Target

The machine the user connects to through the business service.

You can filter activities for the last day, week, or month, and you can also search by session using free text.

To drill through and view additional details for an event, double click the row. The following additional information is displayed.

General details

Item

Description

Session id

A unique session id.

Timestamp

Time that the activity was written.

Event

The activity that was performed by the user, service, or application.

Username

The user connected to the target.

Target

The machine the user connects to through the business service.

Specific event details

For each event type, the session monitoring page provides in depth data about the event.