Keystrokes

Quick Navigation

• GET Sessions/{sessionId:int}/Keystrokes
• GET Keystrokes/{id:long}
• POST Keystrokes/Search

GET Sessions/{sessionId:int}/Keystrokes

Purpose

Returns a list of keystrokes by session ID.

Required Roles

Password Safe Auditor role, ISA role, or a member of BeyondInsight Administrators group.

URL Parameters

sessionId: ID of recorded RDP/SSH session.

Response Body

Content-Type: application/json

[
    {
        KeystrokeID: long, 
        SessionID: int, 
        TimeMarker: long, 
        Type: byte,
        Data: string
    },
    …
]

Response Codes

200 - Request successful. Keystrokes are in response body.

For more information, please see Common Response Codes.

GET Keystrokes/{id:long}

Purpose

Returns a keystroke by ID.

Required Roles

Password Safe Auditor role, ISA role, or a member of BeyondInsight Administrators group.

URL Parameters

id: ID of a keystroke.

Response Body

Content-Type: application/json

{
    KeystrokeID: long, 
    SessionID: int,
    TimeMarker: long, 
    Type: byte ,
    Data: string
}

Response Codes

200 - Request successful. Keystroke in response body.

For more information, please see Common Response Codes.

POST Keystrokes/Search

Purpose

Search for keystrokes.

Required Roles

Password Safe Auditor role, ISA role, or a member of BeyondInsight Administrators group.

Request Body

Content-Type: application/json

{
    Data: string,
    Type: byte
}

Request Body Details

• Data: (required) Keyword(s) for which to search.
• Type: (default: 0) Type of keystrokes:
  • 0: All
  • 1: StdIn
  • 2: StdOut
  • 4: Window Event
  • 5: User Event

Response Body

Content-Type: application/json

[
    {
        KeystrokeID: long, 
        SessionID: int, 
        TimeMarker: long, 
        Type: byte,
        Data: string
    },
    …
]

Response Codes

200 - Request successful. Keystrokes are in response body.

For more information, please see Common Response Codes.