Monitor sessions
This feature is a security measure that allows administrators to monitor SEA user activities.
Active sessions monitoring
The Active Sessions tab provides real-time visibility into the sessions that are currently active. This tab allows administrators to monitor user activities, session details, and geographic context for enhanced security oversight.
The active sessions include these details:
| Field Name | Description |
|---|---|
| Asset | The name or identifier of the system or resource being accessed. |
| Access Method | The protocol or tool used to access the asset (SSH, RDP, VNC, and Telnet). |
| User | The username or identity associated with the session. |
| Session Start | The timestamp indicating when the session began. |
| Schedule Duration | The allotted time for the session as per the schedule or policy. |
| Country | The geographic origin of the session based on user location. |
| Monitor | Indicates whether session monitoring is enabled or active. |
| Security | Security status of the session, such as encrypted or flagged. |
Launch a remote session from the Active Sessions tab
Once a remote session is created and configured with and asset(s) and users, you are then able to launch the session.
- Navigate to the Active Sessions tab.
- Select the Active Session from the list and in the Monitor column, click Join Session.
Join an active user session
Joining a session allows a user (for example, an OT Manager) to supervise supported session types and view what happens during the session. For example, when an external technician delivers remote support for an asset, an OT person can control the technician's actions and terminate the active session at any moment. The monitoring functionality can also be used for training purposes.
Note: This feature only allows the following access methods: SSH, VNC, RDP, and Telnet.
To join a session:
- From the Access Management screen, click Active Sessions.
- Choose the Session you want to monitor.
- Click Join Session. That session opens. You can monitor all the actions in the session through session screen.
Note: You can only monitor a session, you cannot interact with it in any way except to terminate the session by clicking Terminate in the Active Sessions screen.
Session history details
The Session History tab provides a comprehensive log of all previously initiated user sessions. It allows administrators to audit and analyze historical access activity across assets. This view is critical for tracking usage, investigating incidents, and ensuring compliance.
Session history is especially helpful for:
- Verifying user activity.
- Monitoring unusual or unauthorized access patterns.
- Exporting logs for audits or security reviews.
Each row in the session table represents a distinct session and includes the following details:
| Field Name | Description |
|---|---|
| Session Start | The date and time when the session began. |
| Duration | Total length of the session. |
| Asset | The name or ID of the accessed asset. |
| Access Method | The access method used to access the asset (e.g., SSH, SEA_PLUS). |
| User | The user who initiated the session (email address). |
| Country | The location where the session was initiated. |
| Total Bytes | The amount of data transferred during the session. |
| Terminated | Indicates whether the session was forcibly terminated (Yes or No). |
| Recorded | Shows whether the session was recorded. |
| Actions | Provides additional options such as viewing more session details. |
Note: Sessions with zero duration and data may indicate failed or instant-termination access attempts.
You can filter the session history by any of the columns. You can also choose the columns you want to display in the table by configuring the Column Settings.
Export (download) SEA session history in CSV format
As an SEA Admin, you can download SEA sessions using the Download Session History. This feature allows you to select a date range and download any active session in that range as a .csv file. You can filter the download by specific parameters such as: Session Start, Session End, Access Method, User, and Total Bytes. You can also filter downloads to only recorded sessions by clicking the Show Recorded Sessions checkbox.
To download SEA session history:
- From the Secure Equipment Access panel, choose Access Management > Session History.
- Select the date range for the sessions using the calendar pop-up windows.
Note: The time and date the sessions are exported is in UTC.
- (Optional) Click the Only Show Recorded Sessions checkbox to limit the download to only recorded sessions.
Note: The session data is exported based on the sort order of the table column selected.
- Click Download Session History a prompt opens showing that the download was successful.
- The .csv file is listed in your Downloads directory with the date it was downloaded.
Terminate a session
When you are monitoring a session and you note that there appears to be an action that can damage the system, you can click the Terminate option in the Security column.
When you click Terminate, a Terminate Session prompt opens notifying you that, "Terminating the current session will end the session for the User that initiated it, preventing further action." You can either:
- Cancel: To cancel the terminate action and let the session continue.
- Terminate: Confirms the terminate command and the session is terminated.
A Session Timed Out notice opens in the user's session preventing the user from taking any other actions. The active session is no longer visible from the Admin's Active Sessions screen. Open the Session History screen by choosing the Session History tab and the terminated session is listed showing all the pertinent information and Yes in the Terminated column.
