The Metadata Grid
The Metadata grid is the located on the right-hand side of the Session Viewer, and displays detailed information on monitored user activity in each session record.
The list of all activities recorded is displayed in the grid in the following columns:
• For Windows Clients:
- Activity Time: The time when the activity was recorded.
- Activity Title: The name of the active window that is associated with the recorded activity.
- Application Name: The name of the application opened on the Client computer.
- URL: The top and second-level domain name of the website visited.
- Text Data: The clipboard operation (i.e. copy/paste) and data, or the file monitoring operation (i.e. file upload) and path.
- Alert/USB Rule: The name of the alert or USB rule triggered, where the colored bar displayed on the left of the record containing the alert / USB rule corresponds to the risk level of the alert or of the USB rule, as follows:
- Alerts with the Critical risk level are indicated by a red bar.
- Alerts with the High risk level are indicated by an orange bar.
- Alerts with the Normal risk level are indicated by a blue bar.
• For macOS Clients:
- Activity Time: The time when the activity was recorded.
- Activity Title: The name of the active window that is associated with the recorded activity.
- Application Name: The name of the application opened on the Client computer.
- URL: The top and second-level domain name of the website visited.
- Text Data: The clipboard operation (i.e. copy/paste) and data, or the file monitoring operation (i.e. file upload) and path.
- Alert/USB Rule: The name of the alert triggered, where the colored bar displayed on the left of the record containing the alert corresponds to the risk level of the alert, as follows:
- Alerts with the Critical risk level are indicated by a red bar.
- Alerts with the High risk level are indicated by an orange bar.
- Alerts with the Normal risk level are indicated by a blue bar.
• For Linux Clients (where additional functionality is also available for monitoring, viewing and filtering remote SSH sessions or local terminal sessions):
- Activity Time: The time when the command was executed.
- Activity Title: The name of the active window that is associated with the recorded activity (this column is only displayed for local X Window System sessions).
- Application Name: The name of the application opened on the Client computer (or the command executed for local X Window System sessions).
- Command: The command executed (this column is only displayed for remote SSH sessions).
- Action: The action performed or system function call executed (for local X Window System sessions) or the system function call executed only (for remote SSH sessions), or the word "input" if the User Input Monitoring feature is enabled (for remote SSH sessions and local terminal sessions).
- Parameters: The parameters of the command executed (for remote SSH sessions), or the command and parameters as well as the keystroke inputs entered if the User Input Monitoring feature is enabled (for remote SSH sessions and local terminal sessions).
- Alert: The name of the alert triggered, where the colored bar displayed on the left of the record containing the alert corresponds to the risk level of the alert, as follows.
- Alerts with the Critical risk level are indicated by a red bar.
- Alerts with the High risk level are indicated by an orange bar.
- Alerts with the Normal risk level are indicated by a blue bar.
NOTE: By default, the data is sorted by Activity Time, and the order and size of the columns can be modified (by clicking on the column headers or the boundaries between the column headers respectively, and dragging & dropping them as required).
To select and view the required record of user activity in the session (i.e. the records displayed in the Metadata grid, which is located on the right of the Session Player in the Session Viewer), click on the required record, where the keyboard can also be used to navigate between the records:
• To switch between adjacent records in the session, press the Up Arrow (previous record) and Down Arrow (next record) keys.
NOTE: Alternatively, the buttons in the Session Player can also be used to switch between the (next and previous) records in the Metadata grid. It should also be noted that switching between records, actually means switching between the screen captures in them, and therefore, since each record may contain multiple screen captures, these buttons will not always switch between records every time they are clicked (i.e. in the event that there is more than one screen capture in the record concerned). In a similar way, some records may not contain any screen captures, and will therefore be skipped.
• To switch between adjacent records in the session that contain alert events, press the Left Arrow (previous alert record) and Right Arrow (next alert record) keys.