Reports
Access: Report on Session Activity
Reports
Access
Access Reports
Administrators and privileged users can generate broad, comprehensive reports and also apply specific filtering to customize reported information based on clear-cut needs.
Report Type
Generate activity reports according to three separate report types: Session, Summary, and Session Forensics (if enabled).
Session Report
View all access sessions that match the criteria you specify in report filters. Session reports include basic session information along with links to session details, chat transcripts, and video recordings of screen sharing, Protocol Tunnel Jumps, and command shells.
Session reports detail a record of the full chat transcript, the number of files transferred (and details on failed file transfers), and specific actions that took place during the session. Windows events that present obvious visual changes within a session are captured as events in the session details. This primarily includes changes to the foreground window, with the executable name and its window title.
Specific command information relevant to Run As commands, including credentials, is also provided, but this reporting can be disabled in Security: Manage Security Settings.
Other session information includes the session duration, local and remote IP addresses, and remote system information (if enabled). Reports can be viewed online or downloaded to your local system.
If session recording is enabled, view a video playback of individual sessions, including captions of who was in control of the mouse and keyboard at any given point during the session. If Protocol Tunnel Jump recording is enabled, view video recordings of the user's entire desktop. If command prompt recording is enabled, view recordings and/or text transcripts of all command shells run during the session. All recordings are stored on the B Series Appliance in raw format and are converted to compressed format when viewed or downloaded.
Summary Report
Summary reports provide an overview of session activity over time, categorized by user. Statistics include the total number of sessions run, the average number of sessions per weekday, and the average duration of sessions.
Session Forensics Report
Access sessions forensics reports allow you to search for session events across all access sessions, as well as find sessions containing the given text or phrase provided in the filter. This searches chat messages, command shell commands, file transfers, file system modifications, registry modifications, and foreground window titles.
Filters
Apply filtering options as needed to derive more customized reports from the basic report types. Enable one or more filters as you wish, but only sessions that match all filters selected will be shown.
Session ID or Sequence Number
This unique identifier requires that you specify the ID (LSID) or sequence number for the single session you seek. This is often helpful if you have an external ticketing system or CRM integration. You cannot combine this filter with others.
Date Range
Select a start date for which to pull reporting data. Then select either the number of days for which to pull your report or an end date.
Endpoint
Filter sessions by computer name, public IP, or private IP.
Jump Group
Filter sessions by Jump Items belonging to a certain Jump Group. If selected, the following options are available:
- Find all sessions started from Jump Items belonging to a specific Jump Group.
- Find all sessions started from personal Jump Items for a specific user.
- Find all sessions in your personal Jump Group.
User
Select a user from the Search for a user box to filter sessions where a specific user participated. Check Match only if the selected user is the primary user for the session to find sessions only where the user was the primary user.
Vendor Group
Find all sessions in which any users of a vendor group participated. A search box allows you to search for a specific vendor group.
External Key
Filter to report sessions that used the same specific external key.
Include only completed sessions
Filter to include only sessions that have been completed. This excludes sessions that are still running.
Team Activity Report
Date Range
Select a start date for which to pull reporting data. Then select either the number of days for which to pull your report or an end date.
Filters
Select either Team or User to view all activity that matches the provided criteria. Team and User activity reports include information about users as they log in or out of the access console, chat messages sent between team members, user-to-user screen sharing actions as logged in chat, and files shared and downloaded.
All items listed within Privileged Remote Access reports are ordered from newest to oldest, with the exception of session forensics reports.
