Working with AIDA
AIDA (AI-Driven Audit) automatically reviews privileged SSH and RDP recordings with computer vision and large language model (LLM) analytics. It turns hours of video into a searchable audit trail, pinpointing elevated commands and risky behavior so PAM, security and audit teams can find answers in seconds.
Session Recording Data and Analysis
The Session Recording page lists every captured session, live or completed and shows which ones have already been analyzed by AIDA. Recordings and analysis are based on three synchronized data streams:
-
Visual frame OCR – High resolution screen shots processed with OCR to read on-screen text (commands, output, file paths, SQL queries, etc.)
-
Keystroke log – Time stamped command input with window focused context
-
Process trace – Background processes spawned during the session for full situational awareness.
Analyzed Sessions
See Analyzing a Recording with AIDA for details regarding analyzing a session.
For analyzed sessions, you’ll see AI-generated labels, and a one paragraph summary. A label filter lets you instantly surface sessions containing specific actions (e.g., Privilege Elevation or IAM).
Label (AIDA) | Description |
---|---|
Administrative | Manage system settings or user roles |
Authentication | Handle user log in, log out, or credential |
Backup & Restore |
Back up data or trigger restores |
Cloud & Remote Services |
Connect to or administer cloud/remote systems |
Data Analysis & Visualization |
Inspect logs or metrics; generate on-screen reports |
Development & Compilation |
Build code or privileged scripts |
File Operations & Transfer |
Copy, move, delete, or sync files |
File Directory Management |
Create, rename, or protect folders; set permissions |
IAM |
Provision, modify, or revoke identities and roles |
Logging & Auditing |
Read or export security logs |
Network Ops & Connectivity |
Configure networks or monitor traffic |
Package Management |
Install, update, or remove software packages |
Performance Optimization |
Tune system or application performance |
Privilege Elevation |
Gain or monitor elevated privileges (e.g., sudo) |
SSH Key Management |
Create, rotate, or distribute SSH keys |
Security & Encryption |
Configure security controls or encryption |
Shell & Script Operations |
Execute or automate shell scripts |
Software Build & CI/CD |
Deploy or manage CI/CD pipelines |
Storage & Disk Management |
Manage disks, volumes, or storage pools |
Suspicious |
Match known attack patterns or risky behavior |
System Info & Monitoring |
Gather system-health or status data |
System Mgmt & Configuration |
Configure services or OS settings |
Text Processing & Search |
Search or manipulate text/log files |
Troubleshooting & Diagnostics |
Diagnose and resolve issues |
Virtualization & Containers |
Manage VMs, containers, or orchestrators |
Configuring AIDA Automatic Processing
You can configure AIDA to automatically analyze sessions based on predefined policies.
To create an automated analysis policy:
-
From the left navigation, select Policies → Create policy.
-
Select AIDA Analysis as the policy type, then click Select template.
The template provides for the following policy options.
Subjects Defines which sessions to analyze based on the user who initiated the session.
Targets Allows selection of specific computers, servers, or collections to analyze sessions based on the session target
Conditions (Optional) Sets time-based conditions such as date range, day of the week, or time of day to control when analysis occurs
Once the policy is created, AIDA will automatically analyze any session that matches the defined criteria.
Tracking AIDA Consumption
To track your AIDA usage and remaining hours:
From the left navigation, select Marketplace → Subscriptions.
Select AI-Driven Auditing. The following information is provided:
-
Status: Indicates whether the subscription is active
-
Allocated: Shows how many AIDA hours are allocated and how many have been used
Once the allocated hours are fully consumed, AIDA will stop analyzing new sessions.