One Identity Safeguard for Privileged Sessions 7.1.1 - Safeguard Desktop Player User Guide

This section shortly describes the main functions and the UI elements of the Safeguard Desktop Player.

Figure 8: Safeguard Desktop Player > Details page

1. Audit trail play button

   Click the thumbnail at the top, on the left, or click in the Channels section of the screen. To play an encrypted audit trail, you need to have the appropriate certificates. For details, see "Replaying encrypted audit trails" in the Safeguard Desktop Player User Guide.

2. Audit trail data

   The most important data about the audit trail, including usernames (if available) and IP addresses. To display more metadata about a specific channel in the audit trail, click in the list of channels. These details include the parameters available on the SPS Search page (for details, see "Using the Search interface" in the Administration Guide), and other parameters, for example, the size of the desktop or the terminal.

3. Date of the recording

   Starting date and duration.

4. Location of the audit trail file

   Click the path to open the folder in your file manager.

5. Validation results

   When you open an audit trail, the Safeguard Desktop Player checks if you can access both the upstream and downstream traffic from the audit trail (you must have access at least to the downstream traffic to replay the audit trail), and validates the digital signature and the timestamp. The icon means that the trail is not signed or timestamped. For details, see "Validating audit trails" in the Safeguard Desktop Player User Guide.

6. Terminal Encodings

   When you are replaying terminal-based audit trails, for example, SSH or TELNET, you can set the character encoding of the displayed text. After changing the encoding, click Re-render trail.

7. Channels

   To select a channel, click .

8. Export

   The Export button exports the audit trail to a video file. The exported files use the WEBM format with the VP8 codec. For details, see "Exporting the audit trail as video" in the Safeguard Desktop Player User Guide.

9. Warnings

   Warnings and errors that occurred during opening and processing the audit trail file. If there are warnings or errors, the Warnings UI element is displayed under the Search field.

   Figure 9: Warnings

   

10. Settings

    You have the following settings options:

    • Import the required certificate to replay an encrypted audit trail. For more information, see Replaying encrypted audit trails.

    • Open Preferences, which you can use to set the application language, select a keyboard layout, select how you want to display the window title events on the seeker and in subtitles, and so on. For more information, see Preferences for the Safeguard Desktop Player.

    • Open the documentation in your browser.

11. Search

    You can search in the trail content of the current audit trail, for example, in commands that the user executed in the session, or to find a specific text that was displayed on the screen. Available only for terminal sessions. For details, see Searching in the content of the current audit file.

This section provides information on the options that you can use in the Search window.

Search

You can search in the trail content of the current audit trail, for example, in commands that the user executed in the session, or to find a specific text that was displayed on the screen. Available only for terminal sessions. For details, see Searching in the content of the current audit file.

1. Play/pause, replay

   Start or pause replaying the audit trail. You can also click the video to start or pause replaying.

2. Jump to previous event

   Click this button to jump to the previous user event. User events that occurred in the session (such as window titles that appeared on the screen, commands executed, mouse activity, keystrokes) are marked in the seeker.

3. Jump to next event

   Click this button to jump to the next event. User events that occurred in the session (such as window titles that appeared on the screen, commands executed, mouse activity, keystrokes) are marked in the seeker.

4. Current time and timestamp

   Time elapsed since the beginning of the audit trail, and the corresponding date.

5. End time and timestamp

   Length of the audit trail and the date when the session ended.

6. Change replay speed

7. Seek preview

   Click the seeker to jump to a specific location in the audit trail.

8. Scale video

   When enabled, the replayed audit trail is resized to fit the window. Clear to show the original size. You can also double-click on the video to toggle resizing.

9. Back to the summary page

   Open the summary page of the audit trail

10. Configure seeker indicators

    Click to configure the visibility of indicators for user events on the seeker. Seeker indicators show on a single timeline the user events that occurred during a session. Clicking a seeker indicator takes you to the relevant user event in the audit trail. User events are window titles that appeared on the screen, commands executed, mouse activity, keystrokes, and any on-screen change.

11. Display subtitles

    Click to display subtitles for the video. Subtitles list user events as they occurred in the session. Events that are shown in subtitles are window titles that appeared on the screen, commands executed, mouse activity, and keystrokes.

12. Search in trail content

    Search in the contents of the current audit trail, for example, in commands that the user executed in the session, or to find a specific text that was displayed on the screen. This option is available only for terminal sessions. For details, see Searching in the content of the current audit file.