Hear first-hand experiences from Bain Capital’s VP and CISO, Mark Sutton, in our on-demand webinar “Lessons Learned Building Bain Capital’s Insider Threat Program.” Watch Now
Record RDP, Terminal Server and Console Sessions
At a Glance
With session recording, ObserveIT records all user activity from the moment a user logs into a Windows machine, whether via RDP, Terminal Server or direct console login.
- Full video recording and playback of all on-screen user activity, in all applications and system areas
- Keyword-searchable activity logs of every user action
- Jump directly from activity log entries or search results to relevant portions of the session video
- Customizable real-time alerts regarding any sensitive, unusual, suspicious or malicious user activity provide proactive warnings to security personnel
- Customizable recording policies ensure compliance and protect user privacy
- Privileged user identification, identity theft detection, SIEM integration, ticketing system Integration and more
Capturing Every User Action
ObserveIT captures all activity taking place in the user session.
- Visual Screen Activity: Everything on the screen is visually recorded, including user input and screen output.
- UI Interaction: Mouse movement, selection of UI elements (drop-downs, checkboxes, etc.), text entry, menu and context menu selections and anything else that takes place visually in the session.
- Advanced keylogger: ObserveIT generates textual activity logs of every user action, allowing fast activity review plus searching for specific activities using keywords matching:
- names of programs run
- titles of windows opened
- names of files accessed
- URLs accessed
- names of buttons and checkboxes clicked
- text typed/edited/pasted
- system commands executed
You can see the details of all Windows sessions, sorted and grouped according to user, server or based on any full-text search of the metadata ObserveIT has captured.
In many cases, this report list is already enough information for your auditing and troubleshooting needs.
To see a full visual replay of the user session, simply click on the Replay icon.
- Replay Window: The replay window shows exactly what took place on-screen
- Command Summary List: Quick navigation list showing each command the user typed
- DVD-like navigation: Navigate quickly through any session, using fast-forward/rewind or by jumping between each user command (similar to DVD chapter).
- Start replay mid-session: You can launch the replay at the exact location that you need. (ex. If user spent 2 hours in a session, and you see a suspicious command at the 90 minute mark in the Audit List, launch the replay at that exact time.)
User activity alerts are powerful and flexible rules which specify the circumstances in which a user’s action will cause an alert to be generated. The rich user behavior analytics generated by ObserveIT allow alerts to be based on both login events and on specific user actions that occur during a session. Alerts are highlighted during session video playback, generate emails and are highlighted in relevant locations throughout the ObserveIT console.
By making important user activity events visible in real time, it is possible to quickly and effectively respond to any deliberate or inadvertent threats to IT security, system integrity, regulatory compliance or company policies.