Keystrokes
Quick Navigation
GET Sessions/{sessionId:int}/Keystrokes
Purpose
Returns a list of keystrokes by session ID.
Required Roles
Password Safe Auditor role, ISA role, or a member of BeyondInsight Administrators group.
URL Parameters
sessionId: ID of recorded RDP/SSH session.
Response Body
Content-Type: application/json
[ { KeystrokeID: long, SessionID: int, TimeMarker: long, Type: byte, Data: string }, … ]
Response Codes
200 - Request successful. Keystrokes are in response body.
For more information, please see Common Response Codes.
GET Keystrokes/{id:long}
Purpose
Returns a keystroke by ID.
Required Roles
Password Safe Auditor role, ISA role, or a member of BeyondInsight Administrators group.
URL Parameters
id: ID of a keystroke.
Response Body
Content-Type: application/json
{ KeystrokeID: long, SessionID: int, TimeMarker: long, Type: byte , Data: string }
Response Codes
200 - Request successful. Keystroke in response body.
For more information, please see Common Response Codes.
POST Keystrokes/Search
Purpose
Search for keystrokes.
Required Roles
Password Safe Auditor role, ISA role, or a member of BeyondInsight Administrators group.
Request Body
Content-Type: application/json
{ Data: string, Type: byte }
Request Body Details
- Data: (required) Keyword(s) for which to search.
- Type: (default: 0) Type of keystrokes:
- 0: All
- 1: StdIn
- 2: StdOut
- 4: Window Event
- 5: User Event
Response Body
Content-Type: application/json
[ { KeystrokeID: long, SessionID: int, TimeMarker: long, Type: byte, Data: string }, … ]
Response Codes
200 - Request successful. Keystrokes are in response body.
For more information, please see Common Response Codes.