For privileged sessions it is best practice to audit everything. If you choose to enable auditing in your organization, you can capture detailed information about user activity on Linux, UNIX, and Windows computers and store that activity to improve regulatory compliance and accountability and mitigate security risks. With a documented record of all actions performed it not only can be used in forensic analysis to find exactly the issue and attribute it to a specific user and session. Because these sessions are so critical it is also best practice to keep a video recording of the session that can be reviewed or used as evidence for your most critical assets or in highly regulated industries. With the Audit and Monitoring Service monitoring and session recording can be achieved through either a gateway-based and/or host-based technique. Advanced monitoring capabilities even allow for process launch and file integrity monitoring.