netwrix auditor configuration tips & tricks …...netwrix auditor configuration tips &...
Post on 24-Apr-2020
52 Views
Preview:
TRANSCRIPT
Netwrix Auditor Configuration Tips & Tricks– Windows Server / SharePoint
Back to Basics
Presenter:
Adam StetsonSystems Engineer, Netwrix CorporationAdam.Stetson@netwrix.com+44 (0) 203 588 3023 ext 2907
Agenda
Briefly about Netwrix
Netwrix Auditor Introduction
Netwrix Auditor Conceptual Model
Netwrix Auditor Configuration
Questions and Answers
About Netwrix Corporation
Year of foundation: 2006
Headquarters location: Irvine, California
Global customer base: 6000Recognition: Among the fastest growing software companies in the US with more than 70 industry awards from Redmond Magazine, SC Magazine, WindowsIT Proand others
Customer support: global 24/5 support with 97% customer satisfaction
Netwrix Customers
GA
Financial
Healthcare & Pharmaceutical
Federal, State, Local, Government
Industrial/Technology/Other
About Netwrix Auditor
Netwrix Auditor
A visibility and governance platform that enables control over
changes, configurations, and access in hybrid cloud IT environments by
providing security analytics to detect anomalies in user behavior and
investigate threat pattern before a data breach occurs.
Netwrix Auditor Applications
Netwrix Auditor for Active Directory
Netwrix Auditor for Windows File Servers
Netwrix Auditor for Windows Server
Netwrix Auditor for VMware
Netwrix Auditor for Exchange
Netwrix Auditor for SQL Server
Netwrix Auditor for SharePoint
Netwrix Auditor for Office 365
Netwrix Auditor for NetApp
Netwrix Auditor for EMC
Netwrix Auditor Applications Scope
Netwrix Auditor for Active Directory
Netwrix Auditor for Office 365
Netwrix Auditor for Windows File Servers
Netwrix Auditor for EMC
Netwrix Auditor for NetApp
Netwrix Auditor for SharePoint
Netwrix Auditor for Windows Server
Netwrix Auditor for Exchange
Netwrix Auditor for VMware
Netwrix Auditor for SQL Server
Active Directory changes; Group Policy changes; State-in-Time information on configurations; real-time alerts; logon auditing; AD change rollback; inactive user tracking and password expiration alerting
Exchange Online administrative changes; changes to mailboxes, mail users, groups, permissions, policies, and management roles; non-owner mailbox access auditing
Changes to files, folders, shares and permissions; successful and failed data access attempts; data usage and data ownership
Changes to files, folders, shares and permissions; successful and failed access attempts; data usage and data ownership
Changes to farm configuration, user content and security; permissions; group membership and security policies; read access auditing
Changes to Exchange server configuration, Exchange databases, mailboxes, mailbox delegation, permissions; non-owner mailbox access auditing
Changes made to vCenter and its servers, folders, clusters, resource pools and hardware configurations of virtual machines
Changes to SQL Server objects and permissions, server instances, roles, databases, tables, stored procedures, etc.
Changes to files, folders, shares and permissions; successful and failed access attempts; file analysis reporting; state-in-time information on configurations
Changes to configuration of Windows-based servers; Event Logs, Syslog, Cisco, IIS, DNS; User activity video recording
Configure Domain for Auditing
Windows Server
The Remote Registry and the Windows Management Instrumentation (WMI) service must be
started.
Configure Windows Registry Settings.
Configure Local Audit Policies or Advanced Audit Policies.
The Security event log maximum size must be set to 4 GB. The retention method of the
Security event log must be set to “Overwrite events as needed”. (Optional)
In the audited environment:
Configure Domain for Auditing
SharePoint
The Audit Log Trimming setting must be set to "Yes" and Specify the number of days of audit log data
to retain must be set to 7 days.
The Editing users and permissions option must be enabled in the List, Libraries, and Sites section.
NOTE: Enable Opening or downloading documents, viewing items in lists, or viewing item properties for
read access auditing.
The SPAdminV4 service must be enabled (required for the Netwrix Auditor Agent for SharePoint
installation).
In the audited environment:
Guide: Netwrix Auditor Installation and Configuration Guide
netwrix.com/download/documents/Netwrix_Auditor_Installation_Configuration_Guide.pdf
Free Trial: setup in your own test environment
netwrix.com/freetrial
Test Drive: virtual POC, try in a Netwrix-hosted test lab
netwrix.com/testdrive
Live One-to-One Demo: product tour with Netwrix expert
netwrix.com/livedemo
Contact Sales to obtain more information
netwrix.com/contactsales
Webinars: join our upcoming webinars or watch the recorded sessions
netwrix.com/webinars
netwrix.com/webinars#featured
Next Steps
top related