What is Step Recording?

This topic introduces you to the Secure Web Sessions Step Recording security layer.

The solution

Secure Web Sessions can record and monitor screenshots of all actions taken by specific end users within protected web applications. The solution uses a browser extension, installed on the user's endpoint, to monitor and segregate web apps that are accessed through CyberArk Identity Single Sign-On (SSO).

Secure Web Sessions captures only SWS enabled applications, and ignores other tabs opened in the users browser window. End users are notified when a session begins recording, and when it ends. Secure Web Sessions captures all end user actions using a “stepper” approach. Specific actions, like mouse-clicks and “enter” or “tab” keystrokes, trigger a screenshot of the end users’ browser along with relevant metadata.

Screenshots are captured and encrypted at the endpoint by the Secure Web Sessions extension and are then only accessible by authorized Secure Web Sessions administrators and auditors with a customer-controlled encryption key. Encrypted recordings are streamed up to CyberArk SaaS for search and retrieval access by auditor or administrator.

View step recordings

Delegated auditors can search all recorded sessions using free text input, and filter the steps captured within the session by dates and actions for step-by-step breakdown of user activity.

When a step is triggered, the following metadata is included:

  • Triggered event

  • URL

  • Width and height of the tab window

  • Mouse location

  • Focused element, such as text box

  • Screenshot

  • Time

  • Tenant ID

  • Application ID

  • User ID

  • Keywords for user event - for example, button title, named element, page title and inserted text

  • Session ID

  • Tab ID

  • User agent