Netwrix Auditor Configuration Tips & Tricks– Windows Server / SharePoint

Back to Basics

Presenter:

Adam StetsonSystems Engineer, Netwrix CorporationAdam.Stetson@netwrix.com+44 (0) 203 588 3023 ext 2907

Agenda

Briefly about Netwrix

Netwrix Auditor Introduction

Netwrix Auditor Conceptual Model

Netwrix Auditor Configuration

Questions and Answers

About Netwrix Corporation

Year of foundation: 2006

Headquarters location: Irvine, California

Global customer base: 6000Recognition: Among the fastest growing software companies in the US with more than 70 industry awards from Redmond Magazine, SC Magazine, WindowsIT Proand others

Customer support: global 24/5 support with 97% customer satisfaction

Netwrix Customers

GA

Financial

Healthcare & Pharmaceutical

Federal, State, Local, Government

Industrial/Technology/Other

Award winning products

All awards: www.netwrix.com/awards

About Netwrix Auditor

Netwrix Auditor

A visibility and governance platform that enables control over

changes, configurations, and access in hybrid cloud IT environments by

providing security analytics to detect anomalies in user behavior and

investigate threat pattern before a data breach occurs.

Netwrix Auditor Applications

Netwrix Auditor for Active Directory

Netwrix Auditor for Windows File Servers

Netwrix Auditor for Windows Server

Netwrix Auditor for VMware

Netwrix Auditor for Exchange

Netwrix Auditor for SQL Server

Netwrix Auditor for SharePoint

Netwrix Auditor for Office 365

Netwrix Auditor for NetApp

Netwrix Auditor for EMC

Netwrix Auditor Applications Scope

Netwrix Auditor for Active Directory

Netwrix Auditor for Office 365

Netwrix Auditor for Windows File Servers

Netwrix Auditor for EMC

Netwrix Auditor for NetApp

Netwrix Auditor for SharePoint

Netwrix Auditor for Windows Server

Netwrix Auditor for Exchange

Netwrix Auditor for VMware

Netwrix Auditor for SQL Server

Active Directory changes; Group Policy changes; State-in-Time information on configurations; real-time alerts; logon auditing; AD change rollback; inactive user tracking and password expiration alerting

Exchange Online administrative changes; changes to mailboxes, mail users, groups, permissions, policies, and management roles; non-owner mailbox access auditing

Changes to files, folders, shares and permissions; successful and failed data access attempts; data usage and data ownership

Changes to files, folders, shares and permissions; successful and failed access attempts; data usage and data ownership

Changes to farm configuration, user content and security; permissions; group membership and security policies; read access auditing

Changes to Exchange server configuration, Exchange databases, mailboxes, mailbox delegation, permissions; non-owner mailbox access auditing

Changes made to vCenter and its servers, folders, clusters, resource pools and hardware configurations of virtual machines

Changes to SQL Server objects and permissions, server instances, roles, databases, tables, stored procedures, etc.

Changes to files, folders, shares and permissions; successful and failed access attempts; file analysis reporting; state-in-time information on configurations

Changes to configuration of Windows-based servers; Event Logs, Syslog, Cisco, IIS, DNS; User activity video recording

Netwrix Auditor Conceptual Model

Схема будет в понедельник!

Configure Domain for Auditing

Windows Server

The Remote Registry and the Windows Management Instrumentation (WMI) service must be

started.

Configure Windows Registry Settings.

Configure Local Audit Policies or Advanced Audit Policies.

The Security event log maximum size must be set to 4 GB. The retention method of the

Security event log must be set to “Overwrite events as needed”. (Optional)

In the audited environment:

Configure Domain for Auditing

SharePoint

The Audit Log Trimming setting must be set to "Yes" and Specify the number of days of audit log data

to retain must be set to 7 days.

The Editing users and permissions option must be enabled in the List, Libraries, and Sites section.

NOTE: Enable Opening or downloading documents, viewing items in lists, or viewing item properties for

read access auditing.

The SPAdminV4 service must be enabled (required for the Netwrix Auditor Agent for SharePoint

installation).

In the audited environment:

Demonstration

Netwrix Auditor

Guide: Netwrix Auditor Installation and Configuration Guide

netwrix.com/download/documents/Netwrix_Auditor_Installation_Configuration_Guide.pdf

Free Trial: setup in your own test environment

netwrix.com/freetrial

Test Drive: virtual POC, try in a Netwrix-hosted test lab

netwrix.com/testdrive

Live One-to-One Demo: product tour with Netwrix expert

netwrix.com/livedemo

Contact Sales to obtain more information

netwrix.com/contactsales

Webinars: join our upcoming webinars or watch the recorded sessions

netwrix.com/webinars

netwrix.com/webinars#featured

Next Steps

Thank You!