Viewing Sessions
When you view the Session review page for the first time, it lists each session you have access to (the Delinea Platform and other native sessions).
-
Click on the hyperlinked Start Date field to view the associated recordings on the Session Recordings page.
-
Click on any field that is not a hyperlink to display the Details page for that session. Details include Properties, and if analyzed, a Summary (narrative of video events).
Recordings listed in the Session Review table that are sourced from Secret Server On-Premises systems are not supported for viewing or analysis. Playback is only supported when requested from the same network as the secret-server On-Premises installation.
The values displayed in the columns are sortable and configurable. Click the column headers to sort; click the Displayed Columns icon (
) to control which columns of data are displayed.
| Parameter | Description |
|---|---|
| Activity |
Any activity detected in the session. Categories include: Anomaly - activity that deviates from the norm Keystroke - client keystroke activity Process - application executions on the endpoint |
| Start Date |
The time and date when the remote session was initiated. |
| Session ID | The unique numeric identifier assigned to each session by the Delinea Platform for tracking. |
| Status |
Session recordings go through the following lifecycle: Live: This is an active session. You can view a live stream of the remote session in near real time. Recorded: When the session encoding is successfully completed, the final recording is available to review. Finished: The session was completed, but session recording was not enabled for viewing. Failed: Any session that has not completed recording or encoding. Analyzed: The video was transcribed and analyzed by Delinea AI to detect risk. Use the All Statuses dropdown list to limit the display of recording to a particular status. |
| Source | The service from which the remote session was launched. |
|
User |
The username of the user who launched the remote session. |
|
Launcher |
The various methods or triggers used to initiate session recordings. |
|
Secret |
The vaulted secret used to launch the remote session. A user can drill down into the secret directly to view additional details about the secret, assuming the user has the required permissions. Click an available SECRET link to view its secret key information on Secret Server. |
|
Secret ID |
The unique identifier for the secret. |
| Asset |
The asset recorded, such as a server name or an IP address. The asset represents the target machine that the user remotely accessed using the Remote Access Server in the Delinea Platform. |
| Duration |
This is the total time recorded for the session. |
| Label (AIDA only) | Labels are only available with AIDA (AI-Driven Auditing). AIDA tags each command identified in the session with one or more high-level labels so you can filter and pivot data quickly. |
| Label (AIDA) | Description |
|---|---|
| Administrative | Manage system settings or user roles |
| Authentication | Handle user log in, log out, or credential |
| Backup & Restore |
Back up data or trigger restores |
|
Cloud & Remote Services |
Connect to or administer cloud/remote systems |
|
Data Analysis & Visualization |
Inspect logs or metrics; generate on-screen reports |
|
Development & Compilation |
Build code or privileged scripts |
|
File Operations & Transfer |
Copy, move, delete, or sync files |
|
File Directory Management |
Create, rename, or protect folders; set permissions |
|
IAM |
Provision, modify, or revoke identities and roles |
|
Logging & Auditing |
Read or export security logs |
|
Network Ops & Connectivity |
Configure networks or monitor traffic |
|
Package Management |
Install, update, or remove software packages |
|
Performance Optimization |
Tune system or application performance |
|
Privilege Elevation |
Gain or monitor elevated privileges (e.g., sudo) |
|
SSH Key Management |
Create, rotate, or distribute SSH keys |
|
Security & Encryption |
Configure security controls or encryption |
|
Shell & Script Operations |
Execute or automate shell scripts |
|
Software Build & CI/CD |
Deploy or manage CI/CD pipelines |
|
Storage & Disk Management |
Manage disks, volumes, or storage pools |
|
Suspicious |
Match known attack patterns or risky behavior |
|
System Info & Monitoring |
Gather system-health or status data |
|
System Mgmt & Configuration |
Configure services or OS settings |
|
Text Processing & Search |
Search or manipulate text/log files |
|
Troubleshooting & Diagnostics |
Diagnose and resolve issues |
|
Virtualization & Containers |
Manage VMs, containers, or orchestrators |
Searching and Filtering Sessions
The Session review table allows you to focus on specific recordings using the following search and filter features.
Status cards
Status cards display statistics, in percentage of total sessions. Click any card at the top of the table to quickly filter the table for that status.
Search
Use the Search field to search content in any of the columns.
Filter
Select Add filter to choose additional filter criteria. When you pick a filter field from the dropdown list, a card appears at the top of the table, with a dropdown list of options.
You can filter by status, specific data, or any combination of displayed columns. Limit the results to a specific date range using the Date filter.
For more information, see Filtering in List Pages.
