ObserveIT Keylogging

ObserveIT Keylogging

Keylogging solutions track and record every keystroke made by a computer user. ObserveIT Keylogging is used for monitoring, root-cause analysis, data exfiltration, forensic investigation and regulatory auditing. With keylogging, you can detect keystrokes on desktop applications, websites and Windows/Mac shell command tools.

ObserveIT Keylogging solution enables you to detect and generate alerts on:

• Sensitive keywords and commands that Windows/Mac users typed

• Special keys that users pressed

  • PrtScr, Backspace, Insert, Enter, Clear, Return, Delete, End, Esc, Home, Page Up, Page Down, Tab and F1 to F12

• Key combinations that users pressed

  • Alt, Ctrl, Shift and Win with other keys (Windows) and Cmd, Control, Option, and Shift with other keys (Mac).  (A key combination can be up to four keys.)

ObserveIT keylogger is supported on Windows, Mac and Unix-based operating systems. Windows keylogger data is fully captured within the main browsers (Edge, Chrome, and FireFox). Mac key logger data is supported on Safari.

For details, see:

• Windows Key Logger

• Mac Key Logger

• Unix Key Logger

Prerequisite: 

To use ObserveIT's keylogger for Windows or Mac, the "key logging" feature must be enabled in the Recording Policies settings of the ObserveIT Web Console (see Enabling Key Logging in the Configuration Guide). On Unix machines, key logging capabilities are always available.

When enabled in the Server Policies settings of the ObserveIT Web Console, the ObserveIT Agent key logger captures keystrokes on the recorded machine, and sends them to the Application Server, generating keyword-searchable logs.

To prevent users who are authorized to access the database from viewing passwords or other sensitive data, data captured by the ObserveIT keylogger is hashed (using the SHA256 salted hash algorithm). ObserveIT Administrators cannot disable keylogger hashing from the ObserveIT Web Console.

ObserveIT Keylogging Features

You can:

• Set alert triggers by what a user types: Identify when a user types not allowed commands in CLI tools such as Windows CMD, Powershell, Putty, or Terminal (Mac), not allowed phrases in an email, or sensitive words while browsing social media websites. ObserveIT also enables you to generate alerts based on keylogger data which is captured on Mac-based desktops, laptops, or servers, as keyword-searchable logs. See Typed Text.

• Set alert triggers by special and combination keys: Identify when a user presses special keys and key combinations. See Pressed Special/Combination Keys.

• Create report with details of keylogger typed text: Report typed text and the relevant metadata, such as its ULR, Website name, and process name. See Keylogging Report Configuration.

• Create report with details of keylogger special/combination keys: Report special/combinaton keys and the relevant metadata, such as its ULR, Website name, and process name. See Keylogging Report Configuration.

• Search for typed text and special/combination keys. Search for keylogger data. See Types of Data You Can Search For.