Using Audit Analyzer to replay a session
If you selected both Centrify Privilege Elevation Service and Centrify Auditing and Monitoring Service features, the Centrify agent for Windows has been capturing your activity as you logged on and off and switched between roles. You can replay those recorded sessions to see detailed information about what you did during the evaluation. Before you can replay the sessions captured, however, you use Audit Analyzer to locate the sessions you are interested in using a set of predefined queries. For example, there are predefined queries for sessions that started Today and This Month and sessions where the Windows Command Prompt or Windows MMC tools were used.
To select and replay a session:
- Open Centrify Audit Analyzer to view captured sessions grouped by predefined queries.
- Select a predefined query, such as Today or Active Sessions, in the left pane to display a list of sessions in the right pane.
Note that the date queries show sessions that started during the specified time interval. If a session started three days ago and is still active, it is listed under This Week and Active Sessions, but not under Today or Yesterday.
Double-click a session to retrieve the session from the database and open the session replay window.
The session replay window displays information similar to the following:
The replay progress is shown in the play bar along the bottom of the window. If you double-click an event, you can watch the recording of just that event.