Session Details Views

You can view details of a session in Summary view or Timeline view by clicking the arrow to the left of a session you want to display.

Select the view you want

If alerts were generated for a specific file activity event, an alert icon indication (color-coded according to the highest alert severity level) is displayed next to the relevant section. Clicking the icon displays the specific alerts.

Clicking the Video icon launches the Session Player at the point at which the file action occurred.

Summary View

The Summary view shows User Activity and Data Activity.

User Activity

The User Activity summary shows:

A list of the applications or websites that the user accessed during the session according to the full path URL of the windows opened. (Windows/Mac sessions).
Details of the activities performed in the application/website. (Windows/Mac sessions).
Summary of any DBA activity performed in this session. (Windows/Mac sessions).
A list of commands that has been executed during the session. In this mode, the activity is not shown in chronological order. (Unix/Linux sessions).
USB details in (device serial number, model name, vendor name, and label name) and details of the activities performed on the USB device.
A list of emails

Data Activity

The Data Activity summary displays any of the following types of activities as separate sections:

Downloads / Exports from Web Applications / Sites: Shows websites/web applications from which a tracked file was downloaded/exported.
Email Activities: Shows details about sent email and attachments.
Copying tracked files to Cloud Storage Sync Folders: Shows cloud storage sync folders to which a tracked file was exfiltrated and the name of the Website from which the tracked file originated.
Other activities on tracked files: Shows activities that occurred on the tracked files (with number of instances displayed in parenthesis).
Upload of tracked or non-tracked file: Shows files exfiltrated by upload to a website, webmail, social media, etc. Includes files uploaded by supported web browsers. Files are grouped first according to destination in the right column and then by source in the left column.
Activity on files with MIP labels: Shows the label and in parenthesis the number of files with this label. Files are grouped by MIP label. Clicking on a label redirects you to the File Diary showing all file activities on files with this label.

Each of the above sections displays (in parenthesis) the total number of events that occurred for the activity type; for example, Uploads of files to websites/web-applications (3). Clicking the number opens the File Diary automatically filtered to the session ID and activity type, and listing all the event details (for more information, see File Activity View).

If alerts were generated due to file activity events during the session, an alert indication (color-coded according to the highest alert severity level) and the total number of alerts are displayed in parenthesis. Clicking the alert indication/number opens a popup window showing the specific alert(s) and the number of alert instances.

Clicking the View Alerts hyperlink opens the Session Player enabling you to replay a video of the alerts.

Timeline view

The timeline view shows both user activity and file activity in one place, providing useful correlation and context.

For both Windows/Mac and Unix/Linux sessions, this view displays user and file activity in chronological order detailing each action taken in the sequence they were performed.

Clicking the Video icon launches the Session Player at the point at which the activity occurred.

Session Information

The table describes the links available when you expand a session to see the session details.

Link	Description
	Add a comment to the session.
	Print the same data displayed in the Timeline view.
	Downloads an Excel file of the data displayed in the Timeline view.