Configure event detection policies
You can configure event detection policies through the Session Recording service to log target events in recorded sessions. Do not detect is the system-defined event detection policy. It’s inactive by default. When it’s active, no events are logged.
Note:
An event detection policy applies to all Session Recording servers of a specific site. You can create and activate separate event detection policies for different sites.
Events that can be detected
Session Recording detects target events and tags those events in recordings for later search and playback. You can search for events of interest from large amounts of recordings and locate those events during playback.
System-defined events
Session Recording can detect and log the following system-defined events that occur during recorded sessions:
-
Insertion of USB mass storage devices
-
Application starts and ends
-
App failures
-
App installs and uninstalls
-
File renaming, creation, deletion, and moving operations within sessions
-
File transfers between session hosts (VDAs) and client devices (including mapped client drives and generic redirected mass storage devices)
-
Web browsing activities
-
Topmost window events
-
Clipboard activities
-
Windows registry modifications
-
User account modifications
-
RDP connections
-
Performance data (data points related to the recorded session)
-
Popup window events
-
Printing activities
For more information about the various events, see the counterpart of the on-premises Session Recording documentation.
Create a custom event detection policy
You can define which events to monitor by creating a custom event detection policy. Each policy can include one or more rules. For each rule, you specify the events to monitor and determine which sessions the rule applies to using the rule scope settings.
Steps
- Sign in to Citrix Cloud.
- In the upper left menu, select My Services > DaaS.
- In the DaaS tile, scroll down in the left navigation pane and select Session Recording.
- In the Session Recording service view, select Policies from the left navigation.
- Select a target site. The Recording policy tab is displayed by default.
- Select Event detection policy.
- Click Add policy.
-
Enter a name and description for the new policy, and then click Add rule.
-
Enter a name and description for the rule.
-
Choose at least one of the following items to create the rule scope. For more information about the rule scope settings, see Create a custom event response policy.
- Users and user groups
- Published applications and desktops
- Delivery groups and VDA machines
- IP addresses and IP address ranges
- Filter
-
Specify one or more target events to monitor by selecting the check box next to each event type. For exmaple, after you select App start events, you can click Monitored apps to specify target applications to monitor and to avoid an excessive number of events from flooding the recordings.
- (Optional) Add more rules as needed. Each policy can include one or more rules.