Features and Benefits

Oversee and audit the work of system administrators

SCB records all sessions into searchable audit trails, making it easy to find relevant information in forensics or other situations. Audit trails can be browsed online, or followed real-time to monitor the activities of the administrators. All audit trails stored on SCB and the archiving server are accessible from SCB's web interface. The Audit Player application replays the recorded sessions just like a movie – all actions of the administrators can be seen exactly as they appeared on their monitor. Audit trails are indexed by a separate indexing-server. This makes the results searchable on the SCB web GUI. Audit player enables fast forwarding during replays, searching for events (for example, mouse clicks, pressing Enter) and texts seen by the administrator. It is also possible to execute searches on a large number of audit trails to find sessions that contain a specific information or event. SCB can also execute searches and generate reports automatically for new audit trails.

Collect reliable information for forensics situations

SCB is an independent device that operates transparently, and extracts the audit information directly from the communication of the client and the server. This prevents anyone from modifying the audited information – not even the administrator of SCB can tamper the audit trails, which are timestamped, encrypted, and signed.

In addition to recording audit trails of the inspected protocols, embedded protocols (for example, other protocols tunneled in SSH, port-forwarding) and transferred files can be recorded as well. Recorded files from SCP and SFTP connections can be extracted for further analysis. It is even possible to convert the audited traffic into packet capture (pcap) format to analyze it with external tools.

Search and reporting

Connections can be searched form the SCB web interface based on their metadata and their actual content as well. All audit trails are indexed on a separate indexing-server, enabling fast forwarding during replay, searching for events (for example, mouse clicks, pressing the Enter key) and texts seen by the administrator. Reports and automatic searches can be configured as well. To protect the sensitive information included in the communication, the two directions of the traffic (client-server and server-client) can be separated and encrypted with different keys, thus sensitive information like passwords are displayed only when necessary.

In addition, SCB supports creating custom reports, including user-created statistics and charts based on search results, the contents of audit trails, and other customisable content. Reports from custom queries executed on the databases of SCB can be created as well. Custom report examples: SSH-exits, distribution of target hosts or remote user name statistics.

Back to top

Learn more about the product feature areas as below

• New features
• Protocol control and audit
• Advanced authentication and authorization
• Integration
• Managing SCB

Back to top Or Back to the features