All pages
Powered by GitBook
1 of 1

Session Recording & Playback

Graphical and Text Based Session Recordings

What are Session Recordings?

These recordings can be graphical, text-based, or both, depending on the session configuration.

  • Graphical Session Recordings: Captures a visual playback of user activity during the session, including screen interactions.

  • Text-Based Session Recordings (Typescript): Logs the text input and output within the session for a streamlined, searchable record. The full, raw text content of terminal sessions, including timing information of user activity during the session

  • Zero-Knowledge Encryption: Sessions are encrypted by the customer's Keeper Gateway using keys only available to designated privileged users, ensuring that zero knowledge is preserved. There is no limit to the number of recordings or session length.

Supported Connection Protocols

The following table shows the available session recordings available for each connection protocol:

Remote Browser Isolation (RBI)

For RBI connections, Graphical Session Recordings are available.

Enforcement Policies

For Connections:

For Remote Browser Isolation

Activating Session Recording

1

Enforcement Policies

From the Admin Console > Roles > Enforcement Policies > Privileged Access Manager tab, ensure that policies to configure settings is enabled at minimum.

2

PAM Configuration

3

Record PAM Settings

From the KeeperPAM resource records in the vault, edit the record and then edit PAM Settings. Enable the Graphical and Text Session recording feature as required.

Connections - Session Playback

To view session recording history and watch a recording from a Connection:

  • The user must also have the appropriate "view recording" policy enabled for their role.

  • The user must have at least view-only access to the record, from a Shared Folder or direct share.

To view the recordings:

  • Click on the record overflow menu > Session recordings

The Session Recordings screen will display a list of all recorded sessions. Each session includes:

  • User who initiated the session

  • Timestamp of the session

  • Play Button for graphical recordings

  • Duration of the recording

  • For sessions that support text-based recordings (Typescripts), users can download a zip folder of the session recording.

AI Session Activity

When KeeperAI is activated on a resource, Keeper provides additional searching and analysis of the session activity.

Playback Graphical Session Recordings

To playback Graphical Session recordings, click the Play icon next to the session.

Playback Text Session Recordings (Typescript)

For sessions that support text session recordings, download the associated zip file from the list of recordings. The zip file will contain:

  • A .tys file: Contains the raw text data.

  • A .tm file: Contains the timing information.

ext session recordings can only be played back on macOS and Linux systems:

macOS

Recordings can be replayed using script. For example, to replay a typescript called “NAME”, you can run:

script -p NAME

Linux

Typescript recordings can be replayed using scriptreplay:

scriptreplay timing.tm typescript.tys

Encryption of Session Recordings

KeeperPAM is a zero-knowledge platform where all sessions are end-to-end encrypted between the user's vault and the destination resource. Session recordings are encrypted and managed by the Keeper Gateway, which is installed and operated by the customer. Keeper has no access to or ability to decrypt these recordings.

Only users with the necessary privileges and access to the corresponding Keeper record can view session recordings. When a recording is accessed, the encrypted data is downloaded from the Keeper Cloud and decrypted locally in the user's vault for playback. Each session is encrypted with a unique record key, ensuring least privilege access.