Configure event detection policies

You can configure event detection policies through the Session Recording service to log target events in recorded sessions. Do not detect is the system-defined event detection policy. It’s inactive by default. When it’s active, no events are logged.

Note:

An event detection policy applies to all Session Recording servers of a specific site. You can create and activate separate event detection policies for different sites.

Event detection policies

Events that can be detected

Session Recording detects target events and tags those events in recordings for later search and playback. You can search for events of interest from large amounts of recordings and locate those events during playback.

System-defined events

Session Recording can detect and log the following system-defined events that occur during recorded sessions:

  • Insertion of USB mass storage devices

  • Application starts and ends

  • App failures

  • App installs and uninstalls

  • File renaming, creation, deletion, and moving operations within sessions

  • File transfers between session hosts (VDAs) and client devices (including mapped client drives and generic redirected mass storage devices)

  • Web browsing activities

  • Topmost window events

  • Clipboard activities

  • Windows registry modifications

  • User account modifications

  • RDP connections

  • Performance data (data points related to the recorded session)

  • Popup window events

  • Printing activities (preview feature, available with Session Recording version 2407 and later)

For more information about the various events, see the counterpart of the on-premises Session Recording documentation.

Create a custom event detection policy

You can define which events to monitor by creating a custom event detection policy. Each policy can include one or more rules. For each rule, you specify the events to monitor and determine which sessions the rule applies to using the rule scope settings.

Steps

  1. Sign in to Citrix Cloud.
  2. In the upper left menu, select My Services > DaaS.
  3. In the left pane, select Session Recording.
  4. Select Policies from the left navigation of the Session Recording service page.
  5. Select a target site. The Recording policy tab is displayed by default.
  6. Select Event detection policy.
  7. Click Add policy.
  8. Enter a name and description for the new policy, and then click Add rule.

    Adding a rule for an event detection policy

  9. Enter a name and description for the rule.

    Adding a rule for an event detection policy

  10. Choose at least one of the following items to create the rule scope. For more information about the rule scope settings, see Create a custom event response policy.

    • Users and user groups
    • Published applications and desktops
    • Delivery groups and VDA machines
    • IP addresses and IP address ranges
    • Filter
  11. Specify one or more target events to monitor by selecting the check box next to each event type. For exmaple, after you select App start events, you can click Monitored apps to specify target applications to monitor and to avoid an excessive number of events from flooding the recordings.

    Monitored apps

  12. (Optional) Add more rules as needed. Each policy can include one or more rules.

Video about configuring policies

Video about configuring policies

Configure event detection policies