Working with AIDA

AIDA (AI-Driven Audit) automatically reviews privileged SSH and RDP recordings with computer vision and large language model (LLM) analytics. It turns hours of video into a searchable audit trail, pinpointing elevated commands and risky behavior so PAM, security and audit teams can find answers in seconds.

Session Recording Data and Analysis

The Session Recording page lists every captured session, live or completed and shows which ones have already been analyzed by AIDA. Recordings and analysis are based on three synchronized data streams:

  • Visual frame OCR – High resolution screen shots processed with OCR to read on-screen text (commands, output, file paths, SQL queries, etc.)

  • Keystroke log – Time stamped command input with window focused context

  • Process trace – Background processes spawned during the session for full situational awareness.

Analyzed Sessions

See Analyzing a Recording with AIDA for details regarding analyzing a session.

For analyzed sessions, you’ll see AI-generated labels, and a one paragraph summary. A label filter lets you instantly surface sessions containing specific actions (e.g., Privilege Elevation or IAM).

Label (AIDA) Description
Administrative Manage system settings or user roles
Authentication Handle user log in, log out, or credential
Backup & Restore

Back up data or trigger restores

Cloud & Remote Services

Connect to or administer cloud/remote systems

Data Analysis & Visualization

Inspect logs or metrics; generate on-screen reports

Development & Compilation

Build code or privileged scripts

File Operations & Transfer

Copy, move, delete, or sync files

File Directory Management

Create, rename, or protect folders; set permissions

IAM

Provision, modify, or revoke identities and roles

Logging & Auditing

Read or export security logs

Network Ops & Connectivity

Configure networks or monitor traffic

Package Management

Install, update, or remove software packages

Performance Optimization

Tune system or application performance

Privilege Elevation

Gain or monitor elevated privileges (e.g., sudo)

SSH Key Management

Create, rotate, or distribute SSH keys

Security & Encryption

Configure security controls or encryption

Shell & Script Operations

Execute or automate shell scripts

Software Build & CI/CD

Deploy or manage CI/CD pipelines

Storage & Disk Management

Manage disks, volumes, or storage pools

Suspicious

Match known attack patterns or risky behavior

System Info & Monitoring

Gather system-health or status data

System Mgmt & Configuration

Configure services or OS settings

Text Processing & Search

Search or manipulate text/log files

Troubleshooting & Diagnostics

Diagnose and resolve issues

Virtualization & Containers

Manage VMs, containers, or orchestrators

Configuring AIDA Automatic Processing

You can configure AIDA to automatically analyze sessions based on predefined policies.

To create an automated analysis policy:

  1. From the left navigation, select PoliciesCreate policy.

  2. Select AIDA Analysis as the policy type, then click Select template.

    The template provides for the following policy options.

    Subjects

    Defines which sessions to analyze based on the user who initiated the session.

    Targets

    Allows selection of specific computers, servers, or collections to analyze sessions based on the session target

    Conditions (Optional) Sets time-based conditions such as date range, day of the week, or time of day to control when analysis occurs

Once the policy is created, AIDA will automatically analyze any session that matches the defined criteria.

Tracking AIDA Consumption

To track your AIDA usage and remaining hours:

From the left navigation, select MarketplaceSubscriptions.

Select AI-Driven Auditing. The following information is provided:

  • Status: Indicates whether the subscription is active

  • Allocated: Shows how many AIDA hours are allocated and how many have been used

Once the allocated hours are fully consumed, AIDA will stop analyzing new sessions.