You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The desktop.recording audit event is the analogous to the session "print" event - it is emitted to session recordings but not to the audit log, and contains the recorded session data.
The event handler was configured to skip SSH/Kube recording events by default, but not desktop events. Desktop recording events are even less useful for forwarding since they are mostly binary data.
Changelog: The event-handler plugin will now skip over Windows desktop session recording events by default.
The desktop.recording audit event is the analogous to the session
"print" event - it is emitted to session recordings but not to
the audit log, and contains the recorded session data.
The event handler was configured to skip SSH/Kube recording events
by default, but not desktop events. Desktop recording events are
even less useful for forwarding since they are mostly binary data.
I suppose this is somewhat breaking and we won't backport it and add a note in v19 changelog?
I'm not sure, I don't have much experience w/ event handler, but maybe a backport wouldn't be a bad thing.. There's lots of desktop recording events and they are large since they contain encoded screen fragments. Pretty useless to have in a SIEM I would think.
I suppose this is somewhat breaking and we won't backport it and add a note in v19 changelog?
I'm not sure, I don't have much experience w/ event handler, but maybe a backport wouldn't be a bad thing.. There's lots of desktop recording events and they are large since they contain encoded screen fragments. Pretty useless to have in a SIEM I would think.
I also think that backporting is not that bad here.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
github-actions
bot
requested review from
bernardjkim,
marcoandredinis,
mmcallister,
ptgott,
r0mant and
tigrato
public-teleport-github-review-bot
bot
removed request for
r0mant,
marcoandredinis,
mmcallister,
bernardjkim and
ptgott
The desktop.recording audit event is the analogous to the session "print" event - it is emitted to session recordings but not to the audit log, and contains the recorded session data.
The event handler was configured to skip SSH/Kube recording events by default, but not desktop events. Desktop recording events are even less useful for forwarding since they are mostly binary data.
Changelog: The event-handler plugin will now skip over Windows desktop session recording events by default.