Configure recordings and audits (Windows and *NIX)

PSM records privileged sessions and stores them in Privilege Cloud where they can be viewed at any time by authorized users.

These recordings are automatically configured and enabled at the system level. Auditing capabilities can be modified and adjusted per connection component. Recordings and audits can be disabled or customized at the platform level.

Recordings and audit overview

PSM can create the following recording types:

Type

Description

Video recordings

PSM can create video recordings for all supported connection components. By default, all these recordings are enabled.

Text recordings

PSM can create text recordings for all supported connection components. These recordings can be configured in the Privilege Cloud Portal for each connection component.

For PSM-RDP connections, text recordings are only captured in environments where a single language support is configured. For details, see Configure universal keystrokes.

Audit records

PSM can create audit records for each command and event that is executed and for all keystrokes that are typed during privileged sessions for all supported connection components. These can be configured in the PVWA for each connection component.

Live session monitoring

Authorized users can monitor active sessions from their workstation and take part in controlling these sessions. Users can also suspend or terminate active sessions based on their group assignment. See Configure live session monitoring.

Audit and text recording options

Type

Description

Windows events

PSM can record all the Windows titles that were accessed during privileged sessions on Windows connections.

Windows events audit and events text recording is not supported when connecting with local administrators (except for the built-in Administrator user) to systems that are UAC enabled.
If more than one language is enabled, universal keystrokes recording and Windows events recording cannot be configured for the same connection.

Windows events recording is enabled for PSM-RDP connections by default. Before enabling the Windows events text recorder, see Configure audits.

SSH keystrokes

PSM can record all the keystrokes that are typed during privileged sessions on SSH connections.

This configuration also affects SSH text recordings in PSM for SSH. For SSH keystrokes audit in PSM for SSH, see Configure recordings and audits (PSM for SSH).

SQL commands

PSM can record all the commands that are executed during privileged sessions on SQL connections on a server or database.

Universal keystrokes

PSM can record all the keystrokes that are typed during privileged sessions on all supported connections.

If more than one language is configured:

Universal keystroke recording and Windows events recordings cannot be configured for the same connection. Windows events recording is enabled for PSM-RDP connections by default. To enable universal keystrokes recording, first disable Windows events recording and Windows events audits.
Only audits are supported, but text recording is not supported.

Before enabling the Universal keystrokes text recorder, refer to Configure universal keystrokes.

Configure text recording and auditing capabilities in Privilege Cloud Portal

Log on to Privilege Cloud Portal.
Go to Administration > Configuration Options > Options > Connection Components.

Add the following configuration to each connection component where you want to enable the auditing and text recordings feature.

Go to Target settings and right-click on Supported Capabilities.

Click Add capability and add the capability from the following table. Add separate capabilities for each type of audit and text recording.

Audit and text recording capabilities
Type	Capability
Windows events	WindowsEventsTextRecorder WindowsEventsAudit
SSH keystrokes	SSHTextRecorder SSHKeystrokesAudit
SQL commands	SQLTextRecorder SQLLevelAudit
Universal keystrokes	KeystrokesTextRecorder KeystrokesAudit

Click Apply to save your changes.