Session monitor app

Regular users, with appropriate permissions, use the Session monitor app to request and download recorded sessions of activity requiring privileged credentials. They may be able to access recorded data related to their own or another users’ activity.

To configure Bravura Privilege web management options:

Click Manage the system > Modules > Session monitor .
Configure the options for:
Click Update to submit the changes.

Session monitor options plugin

You can use a plugin to activate session monitoring based on the requester, privileged account, or system, and override policy settings. The input into the plugin can include the:

Requester’s profile ID
Requester’s group memberships
Requester’s profile attributes
Requested account
Managed system
Managed system’s attributes

If enabled, the plugin is called when a user checks out privileged access or a product administrator accesses a password directly. This applies only to disclosure methods that support session monitoring. The output of the plugin contains session monitoring settings that override managed system policy settings.

You enable this plugin by typing the name of the program or script in the SMON OPTIONS PLUGIN field on the Manage the system > Modules > Session monitor page.

Some data is not input by default. You must manually enable specific registry settings to allow the plugin to receive this information.

Warning

Ensure that you are comfortable and knowledgeable in the mechanics of the registry before you attempt to change any configuration settings. Contact support@bravurasecurity.com if in doubt.

There is a sample plugin script, plugin-smon-options.psl, located in the samples\ directory. You can copy the script to the \<instance>\plugin\ directory and modify it to suit your environment.

SMON OPTIONS PLUGIN registry settings

To enable additional SMON OPTIONS PLUGIN input, set these entries in the following key:

HKLM\SOFTWARE\Bravura Security\Bravura Security Fabric\<instance>\idarch

Groups
Entry name plugin_smon_options_groups
Value 0—1
Data type DWORD
Default 0
Profile attributes
Entry name plugin_smon_options_profile_attrs
Value 0—1
Data type DWORD
Default 0
Discovered system attributes
Entry name plugin_smon_options_found_comp_attrs
Value 0—1
Data type DWORD
Default 0
Discovered system multi-value attributes
Entry name plugin_smon_options_found_comp_mv_attrs
Value 0—1
Data type DWORD
Default 0

Write a custom session monitor options plugin

Requirements

See Writing plugins for general requirements.

Execution points

When configured, the plugin is called for each applicable access disclosure plugin when a user checks out privileged access or a product administrator accesses a password directly.

Input

The plugin will receive the following input:

# KVGROUP-V1.0
  "" "" = {
    "ead_computer_attributes" "" = {
      "mv_attributes" "" = {
        "<attribute key>" = "<attribute value>" # 0 or more
      } # if plugin_smon_options_found_comp_mv_attrs is set
      "sv_attributes" "" = {
        "<attribute key>" = "<attribute value>" # 0 or more
      } # if plugin_smon_options_found_comp_attrs registry entry is set
        # See Subsection 31.5.1.
    }
    "groups" "" = {
       "<targetid>" = "<groupid>"
    } # if plugin_smon_options_groups registry entry is set
    "managedaccount" "" = {
      "accountid" = "<Managed Account>"
      "msp" = "<Managed System Policy>"
      "resourceid" = "<Managed System>"
    }
    "plugin" "" = {
      "accessdisclosure" = "<ActiveX control name>"
    }
    "request" "" = {
      "requestID" = "<Request ID>" # if applicable
    }
    "smonvars" "" = {
      "<smon variable name>" = "<value>" # 1 or more
    }
    "viewer" "user" = {
      "id" = "<Profile ID>"
      "attribute" "<Profile attribute key>" = {
        "value" "" = {
          "value" = "<Profile value>" # 0 or more
        }
      } # if plugin_smon_options_profile_attrs registry entry is set
    }
  }

Output

The plugin returns:

"" "" = {
    "retval" = "<#>" # 0 on success; Otherwise, failure
    "<smon variable name>" = "<value>" # Optional; 0 or more
         }

Recorded session file storage

The session monitoring batch processing utility, smonprocessmeta, runs periodically while a session monitoring session is active to process harvested data and insert the data into the database in a series of batch operations. The smonsavemeta program creates session data packages when requested.

Table 1. Manage the System > Modules > Session monitor settings to control recorded session file storage

Option	Description
SMON DAMAGED EVENT STORAGE ENABLED	If enabled, damaged events are stored on the file system. If disabled, they are dropped. This is useful, for example, if you are debugging problems with session recording. It is recommended that you disable this for normal functioning.
SMON DAMAGED EVENT STORAGE PATH	Directory to store damaged events for recorded sessions (default <install path>\smon\damaged).
SMON HCP TARGET ID	Specify the target system ID of the Hitachi Content Platform object storage system to archive session monitoring data.
SMON PACKAGE STORAGE PATH	Directory to store packages of recorded sessions (default <install path>\smon\package).
SMON SCREENSHOT STORAGE PATH	Directory to store screenshot data for recorded sessions (default <install path>\smon\screenshot).
SMON TEMP STORAGE PATH	Directory to store temporary files while generating recorded session packages (default <install path>\smon\temp).
SMON TEXT STORAGE PATH	Directory to store text data waiting to be processed for recorded sessions (default <install path>\smon\text).
SMON WEBCAM STORAGE PATH	Directory to store webcam images for recorded sessions (default <install path>\smon\webcam).

Recorded session search controls

The Session monitor app uses a powerful search engine to search recorded UI, clipboard, and keystroke data. You control the following options for the search engine in the Manage the system > Modules > Session monitor menu:

Table 2. Modules > Session monitor search engine settings

Option	Description
SMON SEARCH ENGINE CHARACTERS TO IGNORE	Characters that the SMON module search engine will ignore.
SMON SEARCH ENGINE WORD DELIMITERS	Characters that the SMON module search engine will treat as word delimiters.
SMON SEARCH ENGINE WORD MIN LENGTH	The minimum length of words that will be indexed and searchable by the SMON search engine.

These settings define what is considered a ’word’ and loaded into the database. The settings are used in the following order:

SMON SEARCH ENGINE WORD DELIMITERS split the stream of information into blocks of characters.
The characters in SMON SEARCH ENGINE CHARACTERS TO IGNORE are removed.
If the number of characters in the block is greater than or equal to SMON SEARCH ENGINE WORD MIN LENGTH , then the block is loaded to be search.

If these settings above are changed, only new sessions will be affected. Existing loaded words must be used to search for matching sessions.

These settings are also applied to the Session matching contents field on the Search all recorded data page.

The following are examples of how the settings would be applied:

Recorded/Search	Stored/Searched words
555-555-4445	5555554445
cmd.exe	CMDEXE
http://bravurasecurity.com	HTTP BRAVURASECURITY COM

Recorded session video processing

Bravura Security Fabric runs the smonavi or another video generation program to create video files for recorded session packages. Screenshots are aggregated into hour-long video segments.

The following Manage the system > Modules > Session monitor options control video creation:

Option	Description
SMON VIDEO CREATE CODEC CODE	Four character code that indicates what codec is used for video generation. The default is Microsoft Video 1 Codec (msvc). Note: Use the default for testing only. Replace it with a codec that provides better quality video. To see what other codecs you have available, run the `smonavi` utility with the `-l` argument.
SMON VIDEO CREATE COMMAND LINE	Command line used to launch a program to create video from screenshots captured during a recorded session. The default command is: smonavi.exe -r %fps% -i %pattern%_*.png -f %path% -c %codec%
SMON VIDEO CREATE FILE EXT	File extension to be used for created videos. By default, AVI video files are created. Note: The `smonavi` utility can only generate AVI video files. You must specify a third party program in SMON VIDEO CREATE COMMAND LINE to generate other video file types, such as WMV, MP4, and MOV.

Option

Description

SMON VIDEO CREATE CODEC CODE

Four character code that indicates what codec is used for video generation. The default is Microsoft Video 1 Codec (msvc).

Note: Use the default for testing only. Replace it with a codec that provides better quality video. To see what other codecs you have available, run the smonavi utility with the -l argument.

SMON VIDEO CREATE COMMAND LINE

Command line used to launch a program to create video from screenshots captured during a recorded session. The default command is:

smonavi.exe -r %fps% -i %pattern%_*.png -f %path% -c %codec%

SMON VIDEO CREATE FILE EXT

File extension to be used for created videos. By default, AVI video files are created.

Note: The smonavi utility can only generate AVI video files. You must specify a third party program in SMON VIDEO CREATE COMMAND LINE to generate other video file types, such as WMV, MP4, and MOV.

The default command defined by the SMON VIDEO CREATE COMMAND LINE is:

smonavi.exe -r %fps% -i %pattern%_*.png -f %path% -c %codec%

Where:

%fps is the frames per second at which the session was recorded.
%pattern is the start of the file names that will be consistent for all images in a single video.
This allows smonavi to determine which images came from what display when multiple displays are used.
%path is a location in the directory specified by SMON TEMP STORAGE PATH in the Manage the system > Modules > Recorded session management (SMON) menu.
%codec% is replaced by the value of SMON VIDEO CREATE CODEC CODE in the Manage the system > Modules > Recorded session management (SMON) menu.
The msvc codec is recommended for testing only. To see what other codecs you have available, run the smonavi utility with the -l argument.

Alternatively you can specify a third party program; for example:

ffmpeg.exe -r %fps% -i %pattern%_%09d.png %path%

If you specify another program, you can match the argument variables with the utilities expected command line. For example, the following two programs require different input values for the images to be used to make the video:

ffmpeg: %pattern%_%09d.png
The _%09.png is a special text string that ffmpeg wants appended on the end of the input files so it can locate input files.
smonavi: %pattern%_*.png
smonavi uses a * to indicate that it wants all files that start with %pattern% and ends with _*.png at the end.

See also

smonavi usage information

Recorded session events

The following Session monitor app events can launch interface programs and can be accessed from Manage the system > Maintenance > System variables or Manage the system > Modules> Session monitor:

Table 3. Session monitor app (SMON) events that launch interface programs

Option	Description
SMON ADMIN SESS TERM	An administrator terminates the session recording
SMON ADMIN SESS TERM REQ	An administrator terminates the session recording request.
SMON EVT PARSE ERR	A damaged or unparsable event is received.
SMON PKG DOWNLOAD	A recorded session package is downloading.
SMON PKG FAILED	An error occurs in generating the recorded session package.
SMON PKG REQ	Starting the recorded session package request.
SMON PKG SUCCESS	A recorded session package is successfully generated.
SMON SEARCH	Starting the recorded session search.
SMON SESSION END	A session recording ends.
SMON SESSION START	A session recording starts.

In this section: