“Welcome, Balabit customers to One Identity Support Portal click here for for frequently asked questions regarding servicing your supported assets.”

One Identity Safeguard for Privileged Sessions 5.7.0 - Safeguard Desktop Player User Guide

Summary of changes

Version 1.3 - 1.4
Changes in product:
Version 1.2 - 1.3
Changes in product:
  • It is now possible to jump to interesting events within an audit trail using configurable, color-coded indicators on the seeker.

    You can also choose to display subtitles for audit trails. Subtitles list certain user events as they occurred in a session.

    For details, see Replay audit trails.

Version 1.1 - 1.2
Changes in product:
  • It is now possible to replay the audit trails of X11 sessions. For more information, see Replay X11 sessions.

Version 1.0 - 1.1
Changes in product:

Was this topic helpful?

[Select Rating]



Features and limitations

Caution:

You can replay audit trails in your browser, or using the Safeguard Desktop Player application. Note that there are differences between these solutions.

Browser Safeguard Desktop Player
Works without installation -
Works on any operating system Windows, Linux
Can replay audit trails recorded with Safeguard for Privileged Sessions 5 F4 and newer
Can replay TN5250 sessions
Can extract files from SCP, SFTP, and HTTP sessions -
Can replay HTTP sessions - Only exports raw files from the command line
Can replay X11 sessions
Can start replay while rendering is in progress -
Can follow 4-eyes connections -
Can replay live streams in follow mode -
Can export to PCAP -
Can search in the trail content -
Can display user input
Can display subtitles for video -
Export audit trail as video -
Export screen content text -

To replay audit trails in your browser in Search (classic), see "Replaying audit trails in your browser in Search (classic)" in the Administration Guide.

For details on the Safeguard Desktop Player application, see Safeguard Desktop Player User Guide.

Caution:

Starting with Safeguard for Privileged Sessions 5 F4, the way audit trails are encrypted has changed to make the encryption process more secure. Audit trails are now encrypted with AES-128-GCM and hashed with the SHA-512 method. This also means that in order to index and replay audit trails, you need to upgrade both your external indexers and your Safeguard Desktop Player. Earlier versions (and Audit Player) will not be able to handle audit trails (with or without encryption) recorded with Safeguard for Privileged Sessions 5 F4 and later.


Was this topic helpful?

[Select Rating]



First steps

Thank you for installing the Safeguard Desktop Player

Now you can start using the Safeguard Desktop Player application to replay audit trail files that you have downloaded from One Identity Safeguard for Privileged Sessions (Safeguard for Privileged Sessions). The following information will help you get started using the Safeguard Desktop Player. Note that currently this is not a public release, only a technology preview.

Getting started with the Safeguard Desktop Player

  1. Play the audit trail

    Click the thumbnail at the top, on the left, or click in the Channels section of the screen. To play an encrypted audit trail, you need to have the appropriate certificates. For details, see "Replay encrypted audit trails from the command line" in the Safeguard Desktop Player User Guide.

  2. Audit trail data

    The most important data about the audit trail, including usernames (if available) and IP addresses. To display more metadata about a specific channel in the audit trail, click in the list of channels. These details include the parameters available on the Safeguard for Privileged Sessions Search page (for details, see "Searching audit trails: the Safeguard for Privileged Sessions connection database" in the Administration Guide), and other parameters, for example, the size of the desktop or the terminal.

  3. Date of the recording

    Starting date and duration.

  4. Location of the audit trail file

    Click the path to open the folder in your file manager.

  5. Validation results

    When you open an audit trail, the Safeguard Desktop Player checks if you can access both the upstream and downstream traffic from the audit trail (you must have access at least to the downstream traffic to replay the audit trail), and validates the digital signature and the timestamp. The icon means that the trail is not signed or timestamped. For details, see "Validate audit trails" in the Safeguard Desktop Player User Guide.

  6. Terminal encoding and font size

    When you are replaying terminal-based audit trails (for example, SSH or TELNET), you can set the character encoding and the font size of the displayed text. After changing the encoding or the font size, click Re-render trail.

  7. Replay only this channel

    Click .

  8. Export the audit trail into a video file

    The exported files use the WEBM format with the VP8 codec. For details, see "Export the audit trail as video" in the Safeguard Desktop Player User Guide.

  9. Warnings and errors

    Warnings and errors that occurred during opening and processing the audit trail file.

  10. Help

    Open the documentation in your browser.

  1. Play/pause replay

    Start or stop replaying the audit trail. You can also click the video to start or stop replaying.

  2. Jump to previous event

    User events that occurred in the session (such as window titles that appeared on the screen, commands executed, mouse activity, keystrokes) are marked in the seeker. Click this button to jump to the previous event.

  3. Jump to next event

    User events that occurred in the session (such as window titles that appeared on the screen, commands executed, mouse activity, keystrokes) are marked in the seeker. Click this button to jump to the next event.

  4. Current time and timestamp

    Time elapsed since the beginning of the audit trail, and the corresponding date.

  5. End time and timestamp

    Length of the audit trail and the date when the session ended.

  6. Change replay speed
  7. Seek preview

    Click the seeker to jump to a specific location in the audit trail.

  8. Scale video

    When enabled, the replayed audit trail is resized to fit the window. Clear to show the original size. You can also double-click on the video to toggle resizing.

  9. Back to the summary page

    Open the summary page of the audit trail

  10. Configure seeker indicators

    Click to configure the visibility of indicators for user events on the seeker. Seeker indicators show on a single timeline the user events that occurred during a session. Clicking a seeker indicator takes you to the relevant user event in the audit trail. User events are window titles that appeared on the screen, commands executed, mouse activity, keystrokes, and any on-screen change.

  11. Display subtitles

    Click to display subtitles for the video. Subtitles list user events as they occurred in the session. Events that are shown in subtitles are window titles that appeared on the screen, commands executed, mouse activity, and keystrokes.


Was this topic helpful?

[Select Rating]



Validate audit trails

When you open an audit trail, the Safeguard Desktop Player application automatically validates it. You can see the results of this validation above the session details.

  • is displayed if the audit trail is valid.

  • is displayed if the timestamp or the signature is invalid, or the Safeguard Desktop Player could not decrypt the downstream traffic.

  • DOWNSTREAM

    • : The downstream traffic is available and can be replayed.

    • : The downstream traffic is encrypted and you do not have the decryption key. Click Warnings to see the fingerprint of the required certificate, and see to import it.

  • UPSTREAM

    • : The upstream traffic is available and can be replayed.

    • : The upstream traffic is encrypted and you do not have the decryption key. Click Warnings to see the fingerprint of the required certificate, and see to import it.

  • SIGNATURE

    • : The trail is signed and the signature is valid.

    • : The Safeguard Desktop Player could not validate the signature. Click Warnings to see the fingerprint of the required certificate, and see to import it.

    • : The audit trail is not signed.

  • TIMESTAMP

    • : The trail is timestamped and the timestamp is valid.

    • : The Safeguard Desktop Player could not validate the timestamp. Click Warnings to see the fingerprint of the required certificate, and see to import it.

    • : The audit trail is not timestamped.


Was this topic helpful?

[Select Rating]



Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents