Events and Sessions in the Management Console

Axis Security provides admins with visibility regarding user connections to applications and their activities within the applications. These include file downloads, commands and more. The information provided is composed of events and sessions. Events are any action taken by the user in the system, and sessions are a sequence of events. In addition to viewing the information in the Insights Dashboard in the Management Console, the information is streamed to Syslog and Splunk.

Events

An event is an instance of a user's action. Events include connecting, disconnecting, downloading files, performing actions within apps etc. The events provide information about every protocol, including HTTP pages accessed by the user in the application or a command entered by the user in SSH. Logged events also include RDP Events, Web Application Events , SSH Events , Git events, and database events.

Sessions

The session provides the admin with information about all of the user's actions (events) when connecting to an application, according to the order of actions and placed on a timeline. For example, a session includes connecting to an application at 11:00 AM, logging in with credentials, using the application and then disconnecting at 2:30 PM.

Additional information about user sessions includes the device used in the session, the geolocation where the session took place, a timestamp, the length of the session and the enforced policy rule.

Viewing Sessions

  1. Go to Insights -> Users/Applications.
1924
  1. Click on your chosen user or application.
  2. Each item is a session.
  3. Click on the session to view its events.

Viewing Events

  1. Go to Insights > Users/Applications.
  2. Click on your chosen user or application
  3. Click on a session to view its events.
3470