Session Recording & Playback

Graphical and Text Based Session Recordings

What are Session Recordings?

Keeper Session Recordings capture and store activity from sessions launched through Keeper Connections or Remote Browser Isolation (RBI).

These recordings can be graphical, text-based, or both, depending on the session configuration.

  • Graphical Session Recordings: Captures a visual playback of user activity during the session, including screen interactions.

  • Text-Based Session Recordings (Typescript): Logs the text input and output within the session for a streamlined, searchable record. The full, raw text content of terminal sessions, including timing information of user activity during the session

  • Zero-Knowledge Encryption: Sessions are encrypted by the customer's Keeper Gateway using keys only available to designated privileged users, ensuring that zero knowledge is preserved. There is no limit to the number of recordings or session length.

Supported Connection Protocols

The following table shows the available session recordings available for each connection protocol:

Connection Protocol
Available Session Recordings

SSH

Graphical and Text-Based Session Recordings

RDP

Graphical Session Recordings only

MySQL

Graphical and Text-Based Session Recordings

PostgreSQL

Graphical and Text-Based Session Recordings

SQL Server

Graphical and Text-Based Session Recordings

Telnet

Graphical and Text-Based Session Recordings

VNC

Graphical Session Recordings only

Remote Browser Isolation

Graphical Session Recordings only

Remote Browser Isolation (RBI)

For RBI connections, Graphical Session Recordings are available.

Enforcement Policies

Allowing users to view session recordings is managed through PAM Enforcement Policies. The following enforcement policies need to be turned on:

For Connections:

Policy
Definition

Can configure connection settings

Allow users to configure Connection and Session Recordings settings on PAM Machine, PAM Directory, PAM Database and PAM Configuration Record Types

Can view session recordings

Allow users to view Session Recordings

For Remote Browser Isolation

Policy
Definition

Can configure remote browsing

Allow users to configure Remote Browser and Session Recordings settings on PAM Remote Browsing and Configuration Record Types

Can view RBI session recordings

Allow users to view RBI Session Recordings

For more information on PAM enforcement policies, visit this page.

Activating Session Recording

1

Enforcement Policies

From the Admin Console > Roles > Enforcement Policies > Privileged Access Manager tab, ensure that policies to configure settings is enabled at minimum.

Enforcement Policies to configure session recording
2

PAM Configuration

To enable session recordings, the PAM Configuration needs to permit graphical and text session recording. Go to Secrets Manager > PAM Configurations and edit the configuration associated with your resources.

Allow Session Recording from PAM Configuration
3

Record PAM Settings

From the KeeperPAM resource records in the vault, edit the record and then edit PAM Settings. Enable the Graphical and Text Session recording feature as required.

Edit PAM Settings
Edit Session Recording Features

Connections - Session Playback

To view session recording history and watch a recording from a Connection:

  • The user must also have the appropriate "view recording" policy enabled for their role.

  • The user must have at least view-only access to the record, from a Shared Folder or direct share.

To view the recordings:

  • Click on the record overflow menu > Session recordings

View Session Recordings

The Session Recordings screen will display a list of all recorded sessions. Each session includes:

  • User who initiated the session

  • Timestamp of the session

  • Play Button for graphical recordings

  • Duration of the recording

  • For sessions that support text-based recordings (Typescripts), users can download a zip folder of the session recording.

Session Recording History
View Session Recording

Playback Graphical Session Recordings

To playback Graphical Session recordings, click the Play icon next to the session.

Playback Text Session Recordings (Typescript)

For sessions that support text session recordings, download the associated zip file from the list of recordings. The zip file will contain:

  • A .tys file: Contains the raw text data.

  • A .tm file: Contains the timing information.

ext session recordings can only be played back on macOS and Linux systems:

macOS

Recordings can be replayed using script. For example, to replay a typescript called “NAME”, you can run:

script -p NAME

Linux

Typescript recordings can be replayed using scriptreplay. For example, to replay a typescript called “NAME”, you can run:

scriptreplay NAME.timing NAME

Encryption of Session Recordings

KeeperPAM is a zero-knowledge platform where all sessions are end-to-end encrypted between the user's vault and the destination resource. Session recordings are encrypted and managed by the Keeper Gateway, which is installed and operated by the customer. Keeper has no access to or ability to decrypt these recordings.

Only users with the necessary privileges and access to the corresponding Keeper record can view session recordings. When a recording is accessed, the encrypted data is downloaded from the Keeper Cloud and decrypted locally in the user's vault for playback. Each session is encrypted with a unique record key, ensuring least privilege access.

PreviousBrowser AutofillNextSSH Agent

Last updated

Was this helpful?