Post not yet marked as solved
Post marked as unsolved with 0 replies, 11 views
IN endpoint security events related to user login/logout activity (as well in lock/unlock and remote session attach/detach) there is a graphical session identifier which is a 32 bit integer
typedef struct {
es_string_token_t username;
** es_graphical_session_id_t graphical_session_id;**
} es_event_lw_session_login_t;
Documentation describes it as an opague number
@brief es_graphical_session_id_t is a session identifier identifying a on-console or off-console graphical session.
A graphical session exists and can potentially be attached to via Screen Sharing before a user is logged in.
EndpointSecurity clients should treat the graphical_session_id as an opaque identifier and not assign
special meaning to it beyond correlating events pertaining to the same graphical session. Not to be confused with the audit session ID.
*/
typedef uint32_t es_graphical_session_id_t;
Question: is there a way to get this graphical session identifier outside of endpoint security framework, for ex. from process id or audit token?
Is there an API for that?