Session Indexing

This release (v1.3+) introduces a plugin to index sessions of users and an API to search through it contents. This plugin allows more power in auditing and discover how users are interacting with internal services.

Let's say as an administrator that you want to search for the keyword migrate in the output of a session.

migrate in:output

You can also search for content inside the input of a session, which allows looking for what a user provided as input.

migrate in:input

The query syntax allows building complex queries to suit your needs, like filtering sessions by qualifiers. The example below search for the keyword migrate in the input attribute where the duration took more that 15 seconds and started 1 hour ago.

migrate in:input duration:>15 started:-1h

For security administrators, it's possible to search for the leakage of credentials indicating bad use or possible bugs in scripts. The example search for the wildcard akia* which is the first words for the aws access key id.

akia* in:output

This only scratches the surfice of the index plugin, take a look at our documentation to see how to quick start with it.