Session Recording Policy Builder
Define what to record per protocol—modes, keystrokes, video, queries, and exemptions. Export a JSON policy document for your PAM rollout.
Protocols in scope
Select protocols to include in the generated policy. Configure each enabled protocol below.
SSH Shell
Used to flag or redact sensitive commands in reviews. Syntax depends on your PAM engine.
RDP Desktop
VNC Desktop
Database SQL
Kubernetes K8s
Web App HTTP
gRPC RPC
Pair with service/method allowlists in your gateway for least-privilege capture.
Telnet Terminal
Global settings
Exemption rules
Subjects matching these patterns may be excluded from recording (use with audit approval).
Automate session recording with OnePAM
OnePAM records every session automatically with video-like playback, keystroke logging, and query capture across all protocols.
Frequently Asked Questions
Session recording policies, retention, and how OnePAM stores evidence
What should a session recording policy cover?
A complete policy specifies which protocols and session types are in scope, the depth of capture (full session vs. metadata), retention and storage requirements, encryption, and who may be exempt (break-glass accounts, automation). It should align with legal hold, privacy, and industry frameworks (SOC 2, HIPAA, PCI-DSS) and name who approves exceptions.
Which protocols support full session recording?
Modern PAM platforms typically support full or rich recording for SSH, RDP, VNC, database proxied sessions, Kubernetes exec and API paths, web applications through a reverse proxy, and RPC-style traffic such as gRPC where metadata and payloads can be policy-governed. Telnet and legacy protocols often map to terminal transcript capture. Exact capabilities depend on your gateway and connectors—this builder outputs a structured intent you can map to your product configuration.
How long should session recordings be retained?
Retention should reflect regulatory minimums, contractual obligations, and incident response needs. Many organizations start at 90 days for interactive sessions and extend to 180–365 days for production admin access or regulated data. Shorter retention reduces storage cost but may conflict with audits; longer retention increases privacy and storage considerations. Tier by environment (production vs. non-prod) when possible.
What is the difference between full recording and metadata-only?
Full recording captures enough detail to reconstruct or review the session—terminal I/O, screen video, queries, or request bodies depending on protocol. Metadata-only records who connected, when, to which target, duration, and high-level actions without retaining sensitive content. Metadata-only reduces privacy and storage footprint but limits forensic depth; it is often used for low-risk systems or combined with sampling.
How does OnePAM handle session recording storage?
OnePAM is designed to store session artifacts securely with encryption at rest, optional S3-compatible object storage for scale, and tight integration to access reviews and search. Recordings are tied to identities and resources for audit trails. Use this tool to document your intended policy; in OnePAM, enforcement and storage are applied consistently across protocols from a single control plane.