The Client Sessions List


To view monitored sessions, click the Monitoring Results navigation link on the left, and make sure the Client Sessions tab is selected.

The filters at the top of the page can be used to search the session data, and a Forensic Export can also be performed.


The list of all Client sessions is displayed in the form of grid, which displays the following information in the corresponding columns:

• Play: The play () icon can be clicked to open the session in the Session Viewer.

NOTE: The session can also be played by double-clicking anywhere on the session record.

• Risk Score: The severity level of the session is indicated by the risk score icon displayed, which can be clicked on to view the abnormal user behavior patterns and alert events detected in the session on the Session Risk Score page.

- Sessions with a Critical risk score are indicated by a red () icon.

- Sessions with a High risk score are indicated by a yellow () icon.

- Sessions with a Normal risk score are indicated by a green () icon.

• Alerts: If any alerts events have been detected in the session, a special icon in displayed, where the color of the alert icon corresponds to the highest alert risk level detected in the session.

- Alerts with the Critical risk level are indicated by a red () icon.

- Alerts with the High risk level are indicated by a yellow () icon.

- Alerts with the Normal risk level are indicated by a blue () icon.

• User Name: The name of the user logged in to the Client computer.

NOTE: If secondary user authentication is enabled on the Client, the user name is displayed as: <logged in Windows/Linux user> (<secondary authentication user> or <user’s email>).

• Client Name: The name of the computer on which the Client is installed (with the operating system type of the computer with the Client installed displayed as an icon to the left of the computer name).

• Remote Host Name: The name of the remote computer from which the connection to the Client computer is established.

• Start: The date and time when the session started.

• Finish: The time when the session finished. If the session has the Live status, the icon is displayed.

• Duration: The duration of the finished session. If the session has the Live status, this field is empty.

• IPv4: The IPv4 address of the Client computer.

• Remote Public IPv4: The public IPv4 address of the remote computer from which the connection to the Client computer is established.


To add other columns, click the Columns Display button at the top, and from the Hidden Columns pop-up window that opens, drag and drop the required additional columns into the grid:

• Last Activity: The date and time of the last created screen capture or last Linux command executed.

• IPv6: The IPv6 address of the Client computer.

• Remote IPv4: The local IPv4 address of the remote computer from which the connection to the Client computer is established.

• Remote IPv6: The local IPv6 address of the remote computer from which the connection to the Client computer is established.

• Remote Public IPv6: The public IPv6 address of the remote computer from which the connection to the Client computer is established.

• Domain: The name of the domain to which the Client belongs.

• User's Comments: The user’s comment entered on login to the Client computer, or [for remote Linux X-forwarded sessions:] the text "x-forwarded app:" followed by the application name. 

• Client Description: A custom description of the Client.

• Client Groups: The names of the Client groups to which the Client belongs. If the Client only belongs to the All Clients group, the column is empty.


You can change the order and size of the columns and hide columns.

To change the order of the columns in a grid, drag and drop the header of the corresponding column to where you want it to be in the grid.

To hide columns in a grid, click the Columns Display button at the top, and then drag the header of the corresponding column to the Hidden columns pop-up window that opens.


NOTE: If the user logs in to the Client computer remotely after the Client session has already started using one of the following remote desktop applications, the remote IP address will not be detected: DameWare, Radmin, UltraVNC, or TightVNC.