[Product Overview] Monitoring Infrastructure Changes with Netwrix Auditor 5.0
The new package for monitoring changes in IT systems contains an extensive set of reports and tools for common platforms.
Monitoring changes in the IT infrastructure is a regular event, which IT professionals refer to differently. On the one hand, continuous monitoring ensures the availability of services and systems, compliance with standards and safe work of employees. On the other hand, there is no duller and more depressing occupation than to look through dozens of magazines, to catch and correlate events.
')
The product Netwrix Auditor 5.0, which appeared in August, makes monitoring changes in infrastructure easy and fun. The product consists of separate modules designed for common IT systems, but the main idea is to provide a comprehensive audit, to provide the maximum amount of knowledge about the events to the IT service in the form of simple and understandable reports.
Netwrix Auditor 5.0 supports common infrastructure elements such as Active Directory, Group Policy, Microsoft SQL, Exchange and SharePoint servers, EMC and NetApp file servers and storage systems, event collection on Windows and Linux machines, and from virtual production infrastructures VMware or Microsoft.
In addition, the package includes various tools that facilitate the life of administrators: a wizard for restoring AD objects, an application for self-resetting passwords by users based on a question-and-answer system, and reports and alerts about expiring or inactive accounts. To control terminal sessions, video recordings of user actions are provided - a tool capable of providing not only a film, but also metadata - the names of applications that the user opened, window titles, processes that were launched, etc. A single tool for solving all problems in the field of auditing.
Installing the product is not difficult; during the installation process, it was necessary to make minimal changes to the configuration of my Windows Server 2012 test server. Netwrix Auditor uses SQL Server Reporting Services (SSRS) to create reports. In addition, you will need to install the .NET version 3.5 libraries and configure the roles and components of the IIS server.
After configuring Windows, you can begin installing the necessary Netwrix Auditor modules (see Figure 1). Please note that each module is licensed with a separate key, but all of them are initially offered for testing within 20 days. If necessary, this period can be extended. During the installation process, you will need to specify an existing instance of SQL server or download the 2012 Express edition.
Netwrix Auditor supports Express edition, but in this case, SSRS is not available, so there is no possibility to customize reports.
Fig.1 Selection of modules during the installation of Netwrix Auditor 5.0
For my infrastructure, I decided to install all Netwrix modules. The installer launched a script that downloads and installs * .MSI files for each module, one by one. The final step was to set up audit objects in the console.
Netwrix Auditor is able to work using agents or in a completely agentless mode. Using agents allows you to reduce the time of collecting data on events several times.
Figure 2. Netwrix Auditor 5.0 Console
IT systems that are selected for auditing are assigned a specific role. All infrastructure subsystems associated with this role can also become audited. For example, when you select Active Directory as an object for auditing, you are asked to monitor changes in Group policies, settings of Microsoft Exchange servers, and also set up alerts for account expiration and inactivity. All these subsystems are associated with Active Directory or are an extension of the directory.
It is worth more to talk about the control changes in Active Directory. This system is the core of the Microsoft infrastructure. Using the built-in Windows tools to control changes in AD takes a lot of time and can be difficult for administrators. Netwrix Auditor 5.0 provides alerts on changes to critical AD parameters and clear reports, so IT staff can get an idea of ​​all the events that have occurred.
Imagine that in your organization there is a recruitment of personnel for new projects, several new employees are added every week. You hire IT administrators whose task is to help add users to AD, adapt employees, install and configure workstations. Since there are a lot of tasks and problems in this period - the attraction of additional administrators seems to be a justified measure, but we should not forget that you give them access to one of the key systems of the organization - Active Directory.
Netwrix Auditor will allow you to monitor all AD changes - who, what objects and when changed, added or deleted. The same goes for SQL Server and Microsoft Exchange services, in many organizations these systems matter most. Change control allows you to ensure the availability of services, maintains order and, as a result, maintains your peace of mind.
So, in order to start using the Netwrix Auditor module for AD, you need to follow a few simple steps:
Fig. 3. Configure alerts in Netwrix Auditor 5.0
Change control in other IT systems can also be configured using simple steps: select a different type of audit object in the Object Selector Wizard. After that, you will be offered the appropriate settings.
Netwrix Auditor uses SQL Server Reporting Services (SSRS) to create reports, which is present starting with SQL Server Standard edition. In the process of testing, I realized that the use of SQL Server Express edition does not allow receiving reports, despite the fact that audit data will be collected. For information on changes in this case, I recommend using subscriptions, but a better step would be to install the SQL Server edition of Standard and use it to work with Netwrix Auditor.
Considerations for Windows Server 2012 and the .NET Framework 3.5
Please note that the Microsoft .NET Framework 3.5 libraries are not installed by default with Windows Server 2012, you can use the PowerShell command to do this.
You will need to insert or mount a disk with the Windows Server 2012 distribution. Then you need to launch the PowerShell command prompt window as an administrator and execute the command:
Install-WindowsFeature Net-framework-core –source d: \ sources \ sxs
Monitoring of users' actions on computers can be carried out using the video recording module, which is also present in the Netwrix Auditor package.
For example, if there are machines in your infrastructure that are used by contractors or are in public places, it is possible to record everything that happens on such computers.
In conclusion, I would like to note that the control of changes is a rather difficult task, especially if it is performed in “manual mode”. Netwrix Auditor can save you time, take on many details and trifles that must be taken into account and remembered when performing an audit of IT systems.
Redmond magazine ratings
Overall rating: 9.2
More about the product functionality
Download trial version
- Original review
- Posted by: Derek Schauland
Monitoring changes in the IT infrastructure is a regular event, which IT professionals refer to differently. On the one hand, continuous monitoring ensures the availability of services and systems, compliance with standards and safe work of employees. On the other hand, there is no duller and more depressing occupation than to look through dozens of magazines, to catch and correlate events.
')
The product Netwrix Auditor 5.0, which appeared in August, makes monitoring changes in infrastructure easy and fun. The product consists of separate modules designed for common IT systems, but the main idea is to provide a comprehensive audit, to provide the maximum amount of knowledge about the events to the IT service in the form of simple and understandable reports.
Netwrix Auditor 5.0 supports common infrastructure elements such as Active Directory, Group Policy, Microsoft SQL, Exchange and SharePoint servers, EMC and NetApp file servers and storage systems, event collection on Windows and Linux machines, and from virtual production infrastructures VMware or Microsoft.
In addition, the package includes various tools that facilitate the life of administrators: a wizard for restoring AD objects, an application for self-resetting passwords by users based on a question-and-answer system, and reports and alerts about expiring or inactive accounts. To control terminal sessions, video recordings of user actions are provided - a tool capable of providing not only a film, but also metadata - the names of applications that the user opened, window titles, processes that were launched, etc. A single tool for solving all problems in the field of auditing.
Installation and Setup
Installing the product is not difficult; during the installation process, it was necessary to make minimal changes to the configuration of my Windows Server 2012 test server. Netwrix Auditor uses SQL Server Reporting Services (SSRS) to create reports. In addition, you will need to install the .NET version 3.5 libraries and configure the roles and components of the IIS server.
After configuring Windows, you can begin installing the necessary Netwrix Auditor modules (see Figure 1). Please note that each module is licensed with a separate key, but all of them are initially offered for testing within 20 days. If necessary, this period can be extended. During the installation process, you will need to specify an existing instance of SQL server or download the 2012 Express edition.
Netwrix Auditor supports Express edition, but in this case, SSRS is not available, so there is no possibility to customize reports.
Fig.1 Selection of modules during the installation of Netwrix Auditor 5.0
For my infrastructure, I decided to install all Netwrix modules. The installer launched a script that downloads and installs * .MSI files for each module, one by one. The final step was to set up audit objects in the console.
Netwrix Auditor is able to work using agents or in a completely agentless mode. Using agents allows you to reduce the time of collecting data on events several times.
Figure 2. Netwrix Auditor 5.0 Console
IT systems that are selected for auditing are assigned a specific role. All infrastructure subsystems associated with this role can also become audited. For example, when you select Active Directory as an object for auditing, you are asked to monitor changes in Group policies, settings of Microsoft Exchange servers, and also set up alerts for account expiration and inactivity. All these subsystems are associated with Active Directory or are an extension of the directory.
Change Management in Active Directory
It is worth more to talk about the control changes in Active Directory. This system is the core of the Microsoft infrastructure. Using the built-in Windows tools to control changes in AD takes a lot of time and can be difficult for administrators. Netwrix Auditor 5.0 provides alerts on changes to critical AD parameters and clear reports, so IT staff can get an idea of ​​all the events that have occurred.
Imagine that in your organization there is a recruitment of personnel for new projects, several new employees are added every week. You hire IT administrators whose task is to help add users to AD, adapt employees, install and configure workstations. Since there are a lot of tasks and problems in this period - the attraction of additional administrators seems to be a justified measure, but we should not forget that you give them access to one of the key systems of the organization - Active Directory.
Netwrix Auditor will allow you to monitor all AD changes - who, what objects and when changed, added or deleted. The same goes for SQL Server and Microsoft Exchange services, in many organizations these systems matter most. Change control allows you to ensure the availability of services, maintains order and, as a result, maintains your peace of mind.
So, in order to start using the Netwrix Auditor module for AD, you need to follow a few simple steps:
- Open Netwrix Auditor Console
- Select Audited Objects [Managed Objects] in the navigation pane.
- Select the domain as the audited object and click the Next button.
- Select or specify an account from which the data will be collected. This account will be used by default and can be redefined for any audit object.
- Specify the mail settings required for notifications and reports:
- Mail server
- SMTP port number
- Sender's address
- Login and password
- SSL certificate (if necessary) - Specify the domain name and the account on behalf of which data will be collected in this domain and click the Next button.
- Select the IT systems to be audited, such as Active Directory, group policies, file and SQL servers
- If SSRS is present in your infrastructure, you can enable and configure change reports based on audit sessions held.
- Configure the “state in time” reports — these reports use AD snapshots as data, so you can see what changes have occurred over a period of time.
- Select data collection method and agent usage mode
- Enable automatic configuration of audit objects.
- Select additional options:
- “Originating workstation” - allows you to track from which workstation changes were made
- “Group membership” - collects data about the groups in which users make changes to AD - Specify the mailing address for delivering reports with a summary of changes and click Next.
- Turn on real-time alerts, select the required alerts (see Figure 3) and click the Next button.
- Confirm the setting of audit objects by clicking Finish
Fig. 3. Configure alerts in Netwrix Auditor 5.0
Change control in other IT systems can also be configured using simple steps: select a different type of audit object in the Object Selector Wizard. After that, you will be offered the appropriate settings.
Reports and alerts
Netwrix Auditor uses SQL Server Reporting Services (SSRS) to create reports, which is present starting with SQL Server Standard edition. In the process of testing, I realized that the use of SQL Server Express edition does not allow receiving reports, despite the fact that audit data will be collected. For information on changes in this case, I recommend using subscriptions, but a better step would be to install the SQL Server edition of Standard and use it to work with Netwrix Auditor.
Considerations for Windows Server 2012 and the .NET Framework 3.5
Please note that the Microsoft .NET Framework 3.5 libraries are not installed by default with Windows Server 2012, you can use the PowerShell command to do this.
You will need to insert or mount a disk with the Windows Server 2012 distribution. Then you need to launch the PowerShell command prompt window as an administrator and execute the command:
Install-WindowsFeature Net-framework-core –source d: \ sources \ sxs
Monitoring of users' actions on computers can be carried out using the video recording module, which is also present in the Netwrix Auditor package.
For example, if there are machines in your infrastructure that are used by contractors or are in public places, it is possible to record everything that happens on such computers.
In conclusion, I would like to note that the control of changes is a rather difficult task, especially if it is performed in “manual mode”. Netwrix Auditor can save you time, take on many details and trifles that must be taken into account and remembered when performing an audit of IT systems.
Redmond magazine ratings
- Installation and configuration: 10.0
- Functionality: 10.0
- Ease of use: 8.0
- System Administration: 8.0
- Documentation: 10.0
Overall rating: 9.2
More about the product functionality
Download trial version
Source: https://habr.com/ru/post/203108/
All Articles