Log events
and investigate incidents

The solution based on Axidian Privilege records the actions of privileged users for incident investigation



Many companies today digitalize their business processes; this is becoming a global trend. Digital economy, automation and informatization offer important business advantages, including:

  • Operational efficiency
  • Enhanced quality of decision-makingО
  • Smoother expansion into new markets
  • Higher quality of services
  • Etc.

At the same time, the overall effectiveness of your company’s IT infrastructure and corporate IT services depends on the performance of your system administrators and other privileged users. They have higher access rights and can have a direct influence on the proper operation of various information systems and business processes in your company. User privileges are usually assigned in line with the official duties of your employees.

Nevertheless, higher access rights can be a potential source of danger. Even if we disregard possible malicious actions, hacker attacks and clear sabotage, we still need to consider a relatively large number of incidents related to the so-called «human factor».

For example, let’s imagine a situation where an employee has made a series of unintentional errors, which resulted in a server failure. Whether or not the company was able to quickly address the problem, managers still need to establish the cause of this failure.

Standard information security solutions that include user activity monitoring software often either operate at the level of individual workstations or are located on dedicated servers and used for logging and analyzing events related to corporate IT infrastructure.

Yet, when your company requires privileged user monitoring, these solutions might not be your best choice as they have a whole range of inherent limitations. For example, if a server is unavailable, you cannot download relevant logs and send them for further analysis. The resource you want to manage can be hosted on a server with an exotic operating system that does not permit installation of additional monitoring software. A privileged user may be employed at another organization and use either their personal device or a device owned by another organization to access your critical resources. In this case, it may be hard to install privileged user monitoring software on their workstation.

In all these scenarios, proper audit of privileged user activity will not be possible.

If you cannot introduce a full-fledged privileged user activity monitoring system at your company, it may face serious security threats. The best solution would be to use specialized software suites for Privileged Access Management (a.k.a. Privileged User Management, Privileged Identity Management, Privileged Account Management).

By using these software solutions, you can build a system for monitoring the administrative activity at your company.


You can use the PAM system to set up a full-scale administrator monitoring system and, specifically, log desktop administrative activity of privileged users exercising their respective access rights. The PAM system architecture is specially designed to circumvent the monitoring constraints associated with the specifics of privileged user operations.

The Axidian Privilege platform operates in the space between a workstation and a target resource, so the special features of a user’s workstation and your target resource are no longer important. This operational framework allows tracking all types of user activity on almost any type of target resources.

When privileged users connect to your corporate resources via Axidian Privilege, their activity will be logged in different formats:

  • Video records (you can track which windows were opened, which actions were made, as well as check the actual mouse movements)
  • Text logs (commands, initiated processes)
  • File transfers
  • Keystrokes
  • Etc.

All records will be stored in a single Axidian Privilege vault, which is hosted separately from the target resource logs.

Furthermore, the Axidian Privilege platform will allow you to interfere with the administrative session and user activity, both manually and automatically. For example, you can terminate the session should an administrator run a dangerous command.

In case of breakdown of a target resource, you can instantly reconstruct the sequence of events, find the reason behind the failure and the person who was responsible for it. This way you get the incident under control as soon as possible, save your resources, and preserve your reputation.

Intended use

Real-time monitoring

The Axidian Privilege platform enables real-time monitoring of administrative activity. It supports simultaneous scaling and monitoring of multiple administrators.

PAM functionality will allow you to view all active sessions from your admin console. Should a PAM administrator notice any suspicious or precarious activity, he/she can manually terminate the session and suspend access for a given privileged user until the situation is resolved.

Real-time monitoring can be very useful when your users need to have remote access to critical resources and systems. If you use the Axidian Privilege system, you will no longer need to cover the travel expenses of your remote privileged users, so that they can visit your location, and you can oversee their work. Your remote employees can connect to a critical resource at any time whenever this is required, and all their activity will be recorded.

Session log

If you use the Axidian Privilege single centralized vault to keep your privileged session data, you will no longer have any issues with obtaining detailed incident information from a corrupted resource. All privileged user activity for those users who were placed under control will be fixed in the event log.

Another important feature of Axidian Privilege is the two-factor authentication option. On the one hand, 2FA will guarantee an additional level of security for your remote connections, and, on the other hand, it will make it almost impossible for privileged users to play victim in the event of malicious activity from their accounts.

You can get information about all administrator sessions, including access time, duration, username, and target resource. The Axidian Privilege log includes a tool enabling session search by specific criteria.

By using these features, you can not only find the cause of almost any situation, but also use session logs for other purposes: for example, for monitoring working hours and analyzing errors, which can be essential for your new employees.

Video records and text logs

The Axidian Privilege platform can record all privileged user activity as video files and text logs.

Privileged user activity can cause a system failure, impairment in the performance of your target resource, or disruptions in the work of a corporate application. Sometimes, there is no exact match between the declared and factual quality of work done by privileged users. And, in many cases, the factual quality can be worse than you expected.

The Employee Monitoring Products and Services (EMPS) designed to assess the performance of your employees during business hours and record their activity have significant limitations in terms of privileged user monitoring, including the following:

  • Privileged users can disable or remove an EMPS agent from their workstation or server.
  • Target resources may not support installation of additional software (this is especially true for devices).
  • A privileged user can work for another organization (being your contractor) or use a personal device to access the target resource, in which case you will not be able to install an EMPS agent.

If you use Axidian Privilege and have an emergency or need to perform in-depth analysis of privileged user activity, you can download all relevant logs and pass them on to your responsible personnel so that they can make relevant decisions and organizational conclusions.

File transfer control

The PAM system can detect file transfer and create shadow copies of files in the PAM database. This may be essential when a user needs to send or download a specific file or document to/from a server during an administrator session.

In this case, file transfer is normally made via standard administrative protocols. RDP permits remote connection of a logical disk to the target system during a terminal session. For example, you can upload updates on the server or, vice versa, download reports or configuration files from the server.

PAM functionality designed to detect file transfer and create shadow copies of transmitted files can help you understand what kind of information was transmitted and whether or not critical data was involved.

Overriding commands and managing user privileges

The Axidian Privilege platform can monitor the commands entered during an administrator session

In some cases, it is hard to predict which activity may cause a target resource failure or disrupt proper operation of a business service. In other cases, certain activity may have delayed effects and cause system failure or incompatibility in the future. For example, it can be the launch of software or operating system updates on the server.

The PAM system response to detected malicious commands includes two steps:

  • The user session will be terminated to prevent command execution and related failure.
  • A responsible administrator or resource owner will be notified about the event.

The system offers two options for filtering the commands:

  • Forbidden Command List — «anything that is not expressly forbidden is allowed».
  • Permitted Command List — «anything that is not expressly allowed is forbidden».

The second option will allow you to manage privileged user rights by setting a pre-defined list of permitted actions.

User notifications and integration with monitoring systems

The PAM system allows sending notifications about critical or important events to responsible officials, including administrators, top managers, and users. All notifications will be sent to the SMTP server. You can customize the list of events when relevant notifications should be sent.

The Axidian Privilege platform supports integration with the Security Information and Event Management (SIEM) products; the event data will be transmitted via the syslog protocol.

SIEM integration will allow, for example, setting up rules for event processing and correlation. And these rules can help detect connections to critical resources that circumvent the PAM system (when an event gets registered by the resource, but does not get registered by the PAM platform). In case of failure or breakdown of a resource, SIEM will show the list of employees who had access at the time of the failure, even if the resource did not have enough time to send logs to the SIEM system.

Incident investigation

Analytics and source metadata may not be enough when you investigate information security incidents related to privileged user activity. You may require more information to establish the true cause of a system failure, get the incident under control as soon as possible, and take measures to prevent its occurrence in the future. The lack of data may also require a lengthy investigation and reduce its overall quality.

When you have the Axidian Privilege system at your disposal, your investigation will include the following steps:

  • A privileged access incident is detected.
  • A selection of incident-related administrator session records is prepared.
  • Session records are examined and analyzed.
  • The complete sequence of events is reconstructed (including the series of actions that have caused the failure).
  • The identified dangerous sequence of actions is fixed in a corresponding document, or adjustments are made in the user instructions.
  • Relevant measures are taken to restore the operational condition of the resource.
  • Relevant measures are taken against the person responsible for the incident.

By using this functionality, you can significantly reduce your incident response time, which will not only improve the productivity of your personnel, but also save resources for your company.

Ungrounded accusations

After a critical resource failure, you may find yourself in a situation where an innocent employee has to face ungrounded accusations because of indirect incident markers pointing in his/her direction (he/she had access to the resource at the estimated incident time). In this case, your company may lose a specialist with high potential and worsen the working environment in your team.

If you are using the Axidian Privilege system, you will have conclusive evidence to identify the person responsible for the system failure and establish the degree of their malicious intent by analyzing relevant activity logs (video records, text logs, command lists, transmitted files, connection time, protocol/application, etc.).

In this case, honest and trustworthy employees have nothing to fear — even if they were responsible for the incident but did not have malicious intent (anyone can make an error), they can rest assured that they will get an impartial assessment of their actions.

Technical parameters

Activity recording functionality:

  • Video records of sessions (video quality can be adjusted)
  • Text logs of sessions
  • Periodical screenshots of sessions (image quality can be adjusted)
  • Supported protocols: RDP, SSH, published web, and fat clients
  • Shadow file copies

Information contained in the session log:

  • Connection time
  • Privileged user
  • User account
  • Target resource
  • Connection type: protocol, application
  • Connection duration
  • Connection status: active, aborted, expired

Overriding text commands. Options:

  • Forbidden command lists
  • Permitted command lists

Overriding text commands. Supported protocols:

  • SSH

File transfer control. Supported protocols:

  • RDP Remote connection (forwarding) of a logical disk

Notifications and transmission of event data. Protocols:

  • SMTP
  • syslog

Get the budget estimation of your project



Learn how multiple industries enjoy benefits from implementing our products


industry about us

Andy Woo
Regional Director of Pacific Tech

At Pacific Tech, we are continuously evolving and bringing new solutions to our partners and customers in the region. We are delighted to be partnering with Axidian. With Axidian, we found a comprehensive access management solution which perfectly complements the growing population of Singapore work-from-home workers. As a leading cyber security solution provider, this strategic partnership is perfect for our two companies.

read more
KC KuppingerCole Report
Executive view

Axidian’s innovative approach towards designing its whole product portfolio as a highly modular open application platform allows the customers to pick and choose the modules as needed and grow in the future as their business needs expand. Even out of the box, Axidian CertiFlow provides comprehensive yet convenient management capabilities for both administrators and end users.

read more
Michael Bürger
Founder & Sales Partner at EU-HUB Network

Since approximately 5 years now I’m working with Axidian quite successfully. First as my vendor client and next as a trusted innovative software partner. Now we are re-selling Axidian software as a Distributor for the EU and beyond. Often I met Axidian CEOs, CTO, Product Management, Partner Managers and System Engineers, on the the phone and even in person in London and Munich and always my feeling was that this is are smart people, an excellent organized company, straight forward thinking and | don’t have any doubt that together we will be very successful this decade in the 2020s on everything we target.

Leo Querubin
Executive Director for Business Development of Pointwest Technologies Corporation

The products of Axidian, like Axidian Access, a software for strong and multi-factor authentication (MFA), can provide the structural changes that force everyone to follow necessary cybersecurity procedures. Customers get the best of both worlds — the world-class cybersecurity products of Axidian and the experience and expertise of the local cybersecurity landscape of Pointwest.

read more
Volkan Duman
Information Technologies General Manager at vMind

As a result of the long-term laboratory tests and studies that we conducted, we believe that Axidian products should certainly be on the Turkish market. Thanks to our partnership with Axidian, we sought to expand the access control and certificate management market, which is located in a narrow profile in the country, as well as add value by transferring technology to our country. When we compare Axidian products with similar products, we can safely say that they contain much more different features and are more inclusive.

read more
Marko Pust
Director of OSI.SI

We have a long partnership with Axidian for more than 2 years already. I can confidently say that Axidian CertiFlow is one of the best and technologically enhanced products for managing digital certificates and smart cards on the EU market. This product has a number of unique features such as Client Agent and Axidian AirCard Enterprise network-attached smart card that are highly valued by our customers. One of the customers said that Axidian CertiFlow brought automation and visibility to their PKI life.

Heng Lie
Director of Synnex Metrodata Indonesia

I believe that Axidian Access is an excellent solution for many of our clients. It manages access to all information systems of the enterprise and protects companies from internal and external cyber threats. It is a flexible platform combining different authentication scenarios and methods.

Sergey Yeliseyev
X–Infotech Owner, Business Development Director, Government eID solutions

Axidian is the company of professionals in the field of information security. They provide top-level solutions for PKI management and access control to corporate resources. We recommend this company as a reliable partner.