Chat now with support
Chat with Support

One Identity Safeguard for Privileged Sessions 6.0.4 - Administration Guide

Preface Introduction The concepts of One Identity Safeguard for Privileged Sessions (SPS) The Welcome Wizard and the first login Basic settings
Supported web browsers and operating systems The structure of the web interface Network settings Configuring date and time System logging, SNMP and e-mail alerts Configuring system monitoring on SPS Data and configuration backups Archiving and cleanup Forwarding data to third-party systems Joining to One Identity Starling
User management and access control Managing One Identity Safeguard for Privileged Sessions (SPS)
Controlling One Identity Safeguard for Privileged Sessions (SPS): reboot, shutdown Managing Safeguard for Privileged Sessions (SPS) clusters Managing a high availability One Identity Safeguard for Privileged Sessions (SPS) cluster Upgrading One Identity Safeguard for Privileged Sessions (SPS) Managing the One Identity Safeguard for Privileged Sessions (SPS) license Accessing the One Identity Safeguard for Privileged Sessions (SPS) console Sealed mode Out-of-band management of One Identity Safeguard for Privileged Sessions (SPS) Managing the certificates used on One Identity Safeguard for Privileged Sessions (SPS)
General connection settings HTTP-specific settings ICA-specific settings RDP-specific settings SSH-specific settings Telnet-specific settings VMware Horizon View connections VNC-specific settings Indexing audit trails Using the Search interface Searching session data on a central node in a cluster Advanced authentication and authorization techniques Reports The One Identity Safeguard for Privileged Sessions (SPS) RPC API The One Identity Safeguard for Privileged Sessions (SPS) REST API One Identity Safeguard for Privileged Sessions (SPS) scenarios Troubleshooting One Identity Safeguard for Privileged Sessions (SPS) Using SPS with SPP Configuring external devices Using SCP with agent-forwarding Security checklist for configuring One Identity Safeguard for Privileged Sessions (SPS) Jumplists for in-product help LDAP user and group resolution in SPS Appendix: Deprecated features Glossary

Replaying audit trails in your browser in Search (classic)

Caution:

You can replay audit trails in your browser, or using the Safeguard Desktop Player application. Note that there are differences between these solutions.

Browser Safeguard Desktop Player
Works without installation -
Works on any operating system Windows, Linux, Mac
Can replay audit trails recorded with SPS 5 F4 and newer
Can replay TN5250 sessions
Can extract files from SCP, SFTP, HTTP and RDP sessions -
Can replay HTTP sessions - Only exports raw files from the command line
Can replay X11 sessions
Can start replay while rendering is in progress -
Can follow 4-eyes connections -
Can replay live streams in follow mode -
Can export to PCAP -
Can display user input
Can display subtitles for video -
Export audit trail as video -
Export screen content text -
Can search in the contents of the audit trails -

For details on the Safeguard Desktop Player application, see Safeguard Desktop Player User Guide.

Caution:

Even though the One Identity Safeguard for Privileged Sessions (SPS) web interface supports Internet Explorer and Microsoft Edge in general, to replay audit trails you need to use Internet Explorer 11, and install the Google WebM Video for Microsoft Internet Explorer plugin. If you cannot install Internet Explorer 11 or another supported browser on your computer, use the the Safeguard Desktop Player application. For details, see "Replaying audit trails in your browser" in the Administration Guide and Safeguard Desktop Player User Guide.

To replay an audit trail in your browser

  1. On the Search page, find the audit trail you want to replay.

    Figure 317: Search — Browse the connections database

  2. (Optional) To replay encrypted audit trails, upload your permanent or temporary keys to the User menu > Private keystore. For more information, see Replaying encrypted audit trails in your browser.

  3. Click to display the details of the connection.

  4. Click to generate a video file from the audit trail that you can replay. Depending on the load of the indexer and the length and type of the audit trail, this can take several minutes (to cancel processing the audit trail, click ). The Video status field shows the progress of the this process.

    When the video is available, changes to .

    Figure 318: Search — Audit trail details

  5. To replay the video, click . The Player window opens.

  6. The Player window has the following controls.

    Figure 319: Replaying audit trails in your browser

    1. : Play, Pause

    2. , : Jump to previous event, Jump to next event

    3. : Adjust replay speed

    4. : Time since the audit trail started / Length of the audit trail. Click on the time to show the date (timestamp) of the audit trail.

    5. : List of keyboard events. Special characters like ENTER, F1, and so on are displayed as buttons. If the upstream traffic is encrypted, upload your permanent or temporary keys to the User menu > Private keystore to display the keyboard events.

    6. : Active mouse button

    7. : Create a screenshot

    8. : Show / hide events. Select the types of events to display. Depending on the protocol used and how the audit trail was processed, SPS can display keyboard events, commands, mouse events, and window titles. Commands and window titles are displayed as subtitles at the top of the screen.

    9. : Fullscreen mode

    10. : Progress bar

    11. : Shows the distribution of events. Blue - commands, green - keyboard events, yellow - mouse events, orange - window title.

    12. : Close the player, and return to the Connection details page.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating