3rd December 2022

What is Thycotic Secret Server? Session Recording and Monitoring with Thycotic Secret Server

Thycotic Secret Server is simply a “Password Vault“. Today, privileged accounts and passwords have become invaluable targets for hackers. Thycotic Secret Server is a privileged account management solution specially designed for IT administrators and IT security professionals. It helps them take responsibility for and control all processes related to password management throughout the organization. IT administrators can use Thycotic Secret Server to continuously monitor, document and securely manage all privileged accounts and administrator access. It allows privileged accounts to connect to your environment by using launcher structures such as RDP, Putty, SQL Launcher through your Secret Server passwords. With the “Session Recording” feature, you can record the session of users connecting to your environment. Recording and Monitoring Sessions with Thycotic Secret Server With Thycotic Secret Server, you can record and monitor what privileged accounts do after connecting to your environment. Now let’s examine these features in detail.

Enabling the “Session Recording” Feature

Knowing that a user has logged into your system using credentials is not sufficient in terms of security. For this reason, a complete record of user activity is required to know what the user is doing on your system and what changes they have made. With the “Session Recording” feature of the Thycotic Secret Server, you can record the activity of the user from the first moment he connects to the system until the end of the session. Activating the “Session Recording” feature is quite simple. You can “Enable” the feature by coming to the “Session Recording” section under the “Configuration” tab with the user with admin authority.

"Admin -> Configuration -> Session Recording -> Edit > Enable"
Session Recording
Session Recording

 

LEARN MORE  What is Fuxploider and How to Use it?

Activating Session Recording

After the Session Recording feature is activated, the session is recorded only when the session is started with the passwords we set. E.g; We can say that the session record is taken over the password used by a person connecting to our system, but the session record is not active on the password of a user with admin authority. With this feature, we can only monitor the users we want to monitor. This gives us a significant advantage in terms of time and server usage as video recordings occupy a certain space on the disk. To activate the session recording feature on certain passwords, we can go to the edit section of the password and activate or deactivate it. Since only users authorized by us can use the “Edit” feature; Even if any user does not want to log in, they cannot turn off this feature on the password. You can follow the steps below to activate session recording on a specific password.

"Security -> Security -> Session Recording Enabled -> Yes"
Activating Session Recording
Activating Session Recording

 

Session Monitoring with “Session Monitoring” Feature

Thanks to the “Session Monitoring” feature of the Thycotic Secret Server, when a session is started, you can monitor the session live in real-time. You can log out the user when there is an unexpected change. You can send a message to the user during the session. You can watch the session not only live but also the recorded session recordings later. With this feature, you can monitor what users connected to your system are doing on your system. By being aware of the changes, you will prevent any security weakness. For example, you can add a user ‘backdoor’ back account. You can make an unauthorized change to your system. Tracking the user and the change he made provides complete information of user activity. With the “Session Monitoring” feature, you can search and filter between recorded sessions and find the session you want and watch it. Session recording opens in the advanced web player. It gives us the activity heatmap, list of running processes, keystrokes, and metadata about the session itself. To watch the session live or to watch the session recording, you need to go to the “Admin -> Session Monitoring” tab.

LEARN MORE  Capturing the Domain with PASS THE HASH Attack
Admin -> Session Monitoring
Admin -> Session Monitoring

 

After coming to Session Monitoring, all we have to do is find the session recording we want to watch. “Thycotic Secret Server” offers a wide filtering feature here. You can find the session log by filtering by user-based, password-based, date, launcher type and live or dead.

session log
session log

 

After the filter and search, we have determined, it is sufficient to open the session record that we want to watch. You can watch the session recording on the advanced web player.

watch the session recording
watch the session recording

 

Connection Manager

Thycotic Connection Manager” is a tool to monitor and manage multiple RDP and SSH sessions from a single centre. You can download Connection Manager and integrate it with Secret Server. You can monitor and manage multiple sessions simultaneously in a single interface. You can also start a session using Connection Manager. You can get an end-to-end record of privileged user access. You can gain visibility over hundreds of different links in a single location. From a single interface, you can access the required credentials from the Secret Server vault, on-premises or in the cloud. You can simultaneously monitor simultaneous remote sessions in real-time.

Connection Manager
Connection Manager

 

Leave a Reply

Your email address will not be published. Required fields are marked *