Start Standard Recording
After defining a detection policy for alert rules, you can select the standalone action Start Standard Recording. Note that this action can also be selected with the Warning Notification action.
The action to Start Standard Recording is available on Unix Agents only. For details on how to record suspicious user activity in video recording mode on Windows and Mac Agents, see Start Video Recording.
When the conditions of a specific detection policy are met, the security administrator can select to record user activity in standard mode while configuring alert rules on Unix Agents as a standalone action, by clicking the Start Standard Rec. action option.
When recording in Standard mode, in addition to user commands, all terminal output will be recorded for the session.
When selecting to switch to Standard mode recording of user activity data, note the following:
-
This action can be applied only when your current data recording policy is in Commands-only mode (i.e., only session commands are recorded without terminal output).
-
Recording continues until the end of the session.
-
Recording of data is performed only on monitored activity defined in the data recording policy.
For details, see Data Recording Policy.