uberAgent 6.1 Preview: SSH Session Monitoring on macOS
We’re happy to announce yet another new feature, this time for the macOS version of uberAgent UXM: SSH session monitoring.
uberAgent UXM has already been capable of collecting and analyzing data for system and user sessions before 6.1. uberAgent’s session monitoring not only includes general information and metadata about a session, such as the associated user, or the session type. uberAgent UXM also gives you detailed information about the processes involved and lets you analyze the performance data on a per-session basis. On macOS clients, uberAgent now supports the same functionality for SSH connections as well.
uberAgent detects incoming SSH connections to macOS endpoints. Every SSH connection is given a unique identifier. Any processes that are executed within the SSH session are associated with it. This also means that all the data uberAgent already provides for each process can now be analyzed in the context of a specific SSH connection, too. For SSH sessions specifically, uberAgent also collects the client IP address from where the connection was made.
SSH logins are visualized in uberAgent’s Splunk user sessions dashboard, alongside all the other user session types. They are easily identifiable by the session protocol field. Every user login via SSH constitutes a unique session. It doesn’t matter whether it’s a login by an Active Directory user, a local user, or even the root user account – uberAgent monitors them all.
First of all, SSH session monitoring gives you even more detailed insights into how your macOS devices are used. An overview of uberAgent’s session metrics can be found in the documentation. This is the classical user experience perspective.
However, SSH sessions are quite different in nature compared to GUI sessions. Considering that SSH connections are typically used in a remote setup and can go unnoticed by the user in front of the machine, they also carry a security aspect. While SSH is a very useful tool for developers and system administrators, it can also be used by attackers to enter and move around the network. Analyzing the data uberAgent collects can therefore help IT departments detect possible attacks.
As more and more employees are working remotely, the usage of SSH to connect to machines in the office increases. With uberAgent, you know who is connecting from where and what they’re doing.
uberAgent is an innovative Windows and macOS user experience monitoring (UXM) and endpoint security analytics (ESA) product.
uberAgent UXM highlights include detailed information about boot and logon duration, application unresponsiveness detection, network reliability drill-downs, process startup duration, application usage metering, browser performance, web app metrics, and Citrix insights. All these varied aspects of system performance and reliability are smartly brought together in the Experience Score dashboard.
uberAgent ESA excels with a sophisticated activity monitoring engine, the uAQL query language, detection of risky activity, DNS query monitoring, hash calculation, registry monitoring, and Authenticode signature verification. uberAgent ESA comes with Sysmon and Sigma rule converters, a graphical rule editor, and uses a simple yet powerful query language instead of XML.
About vast limits
vast limits GmbH is the company behind uberAgent, the innovative user experience monitoring and endpoint security analytics product. vast limits’ customer list includes organizations from industries like finance, healthcare, professional services, and education, ranging from medium-sized businesses to global enterprises. vast limits’ network of qualified solution partners ensures best-in-class service and support anywhere in the world.