Skip to content

Commit 2b37085

Browse files
authored
Merge pull request #99 from netwrix/sree/NAM7.1-sidebar
Completed all changes for Activity Monitor v7.1
2 parents a435cb3 + dfd7d04 commit 2b37085

File tree

129 files changed

+5300
-970
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

129 files changed

+5300
-970
lines changed

docs/activitymonitor/7.1/admin/agents/activedirectory.md

Lines changed: 20 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,10 @@ every domain controller, including the read only domain controllers. However, it
1313
deploy the agents in batches. Follow the steps to deploy the AD agents to the domain controllers in
1414
the target domain.
1515

16-
**NOTE:** These steps are specific to deploying AD agents for monitoring Active Directory.
16+
:::note
17+
These steps are specific to deploying AD agents for monitoring Active Directory.
18+
:::
19+
1720

1821
**Step 1 –** On the Agents tab, click Add agent to open the Add New Agent(s) window.
1922

@@ -22,8 +25,11 @@ the target domain.
2225
**Step 2 –** Click on the Install agents on Active Directory domain controllers link to deploy
2326
activity agents to multiple domain controllers.
2427

25-
**NOTE:** The Activity Monitor will validate the entered Host Name or IP Address entered in the
28+
:::note
29+
The Activity Monitor will validate the entered Host Name or IP Address entered in the
2630
**Server Name** text box.
31+
:::
32+
2733

2834
![Specify Agent Port](/img/product_docs/activitymonitor/7.1/install/agent/portdefault.webp)
2935

@@ -33,7 +39,10 @@ activity agents to multiple domain controllers.
3339

3440
**Step 4 –** Select the agent installation path.
3541

36-
**_RECOMMENDED:_** Use the default installation path.
42+
:::info
43+
Use the default installation path.
44+
:::
45+
3746

3847
![Active Directory Connection page with blank text boxes](/img/product_docs/activitymonitor/7.1/admin/agents/add/adconnectionblank.webp)
3948

@@ -44,8 +53,11 @@ is a member of BUILTIN\Administrators group on the domain. Then, click **Connect
4453

4554
When the connection is successful, the Next button is enabled. Click Next to continue.
4655

47-
**NOTE:** An Administrator’s credentials are required to test the connection to the server. This is
56+
:::note
57+
An Administrator’s credentials are required to test the connection to the server. This is
4858
the only way to enable the Next button.
59+
:::
60+
4961

5062
![Domains to Monitor page](/img/product_docs/activitymonitor/7.1/admin/agents/add/domainstomonitorpage.webp)
5163

@@ -58,8 +70,11 @@ default. Check/uncheck the boxes as desired to identify the domains to monitor,
5870
display in a list, checked by default. Check/uncheck the boxes as desired to identify the domain
5971
controllers where the AD agent is to be deployed.
6072

61-
**NOTE:** Agents can be gradually deployed, but the AD agent needs to be installed on all domain
73+
:::note
74+
Agents can be gradually deployed, but the AD agent needs to be installed on all domain
6275
controllers to monitor all activity of the domain.
76+
:::
77+
6378

6479
![Test Connection to Domain Controller](/img/product_docs/activitymonitor/7.1/admin/agents/add/dcsdeployagentconnection.webp)
6580

docs/activitymonitor/7.1/admin/agents/linux.md

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ sidebar_position: 30
66

77
# Linux Agent Deployment
88

9-
Understanding Linux File Activity Monitoring
9+
**Understanding Linux File Activity Monitoring**
1010

1111
The Activity Monitor can be configured to monitor the following:
1212

@@ -81,10 +81,13 @@ Netwrix Activity Monitor requires to generate ECDSA Key with a blank passphrase
8181
cat ~/.ssh/id_ecdsa.pub >> ~/.ssh/authorized_keys
8282
```
8383

84-
**NOTE:** It is required to add public key to authorized keys for Activity Monitor. By default, a
84+
:::note
85+
It is required to add public key to authorized keys for Activity Monitor. By default, a
8586
private key is generated at ~/.ssh/id_ecdsa location along with the public key (.pub file). A user
8687
can use a different file location. Copy the following command into a command prompt to generate a
8788
private key for Activity Monitorto use:
89+
:::
90+
8891

8992
```
9093
cat ~/.ssh/id_ecdsa

docs/activitymonitor/7.1/admin/agents/multiple.md

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -12,8 +12,11 @@ servers. See the
1212
[Activity Agent Server Requirements](/docs/activitymonitor/7.1/requirements/activityagent/activityagent.md) topic
1313
for additional information.
1414

15-
**NOTE:** These steps are specific to deploying activity agents for monitoring supported target
15+
:::note
16+
These steps are specific to deploying activity agents for monitoring supported target
1617
environments.
18+
:::
19+
1720

1821
**Step 1 –** On the Agents tab, click Add agent to open the Add New Agent(s) window.
1922

@@ -98,7 +101,7 @@ The options for connecting with a Public Key are:
98101
To connect with a Client Certificate, select the Client Certificate (for already installed agents)
99102
option. Copy the following command into a command prompt:
100103

101-
activity-monitor-agentd --create-client-certificate --client-name [NAME]
104+
**activity-monitor-agentd --create-client-certificate --client-name [NAME]**
102105

103106
Using an existing Client Certificate installs a new agent without using SSH.
104107

docs/activitymonitor/7.1/admin/agents/overview.md

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -52,8 +52,11 @@ The table of servers hosting activity agents provides the following information:
5252
- Server Name – Name or IP Address of the server hosting an activity agent
5353
- Status – Status of the deployed activity agent(s)
5454

55-
**NOTE:** If the AD agent has been deployed, a status of “outdated” could apply to either the
55+
:::note
56+
If the AD agent has been deployed, a status of “outdated” could apply to either the
5657
activity agent or the AD agent installed on the domain controller.
58+
:::
59+
5760

5861
- Version – Version of the deployed activity agent
5962
- AD Module – Version of the deployed AD agent
@@ -68,8 +71,11 @@ The **Agent messages** box displays any error or warning messages from the selec
6871
These messages are related to deployment/installation, communication between the console and the
6972
activity/AD agent, and upgrade of an activity/AD agent.
7073

71-
**NOTE:** Activity agents from Activity Monitor v3.1+ can now be controlled by Activity Monitor
74+
:::note
75+
Activity agents from Activity Monitor v3.1+ can now be controlled by Activity Monitor
7276
v4.0+ Console.
77+
:::
78+
7379

7480
For additional information on how to deploy agents manually, see the
7581
[Agent Information](/docs/activitymonitor/7.1/install/agents/agents.md) topic.

docs/activitymonitor/7.1/admin/agents/properties/activedirectory.md

Lines changed: 12 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -19,17 +19,23 @@ The Agent Settings allow users to control the AD agent’s properties:
1919
- Safe Mode – If selected, the AD agent checks LSASS versions upon start up. Any change in LSASS
2020
since the previous start prevents the monitoring modules from loading.
2121

22-
**NOTE:** This is a safety measure that disables monitoring if the environment changes as in
22+
:::note
23+
This is a safety measure that disables monitoring if the environment changes as in
2324
rare cases the instrumentation may cause LSASS crashes. Should the version change occur, a
2425
warning will be shown next to the agent on the Agents page. The **Start pending modules** button
2526
allows you to force the agent to enable monitoring.
27+
:::
28+
2629

2730
- Enable DNS Host Name Resolution – If selected, the AD agent looks up the missing data (a NetBIOS
2831
name, a Fully Qualified Domain Name, or an IP Address) that is missing fromthe event
2932

30-
**NOTE:** This provides more uniform data, but may have a performance impact on the machine
33+
:::note
34+
This provides more uniform data, but may have a performance impact on the machine
3135
where the AD agent is deployed, especially if that machine does not handle the name resolution
3236
locally.
37+
:::
38+
3339

3440
Click **OK** to commit the modifications. Click **Cancel** to discard the modifications. The Agent
3541
Properties window closes.
@@ -51,9 +57,12 @@ See the following sections for additional information:
5157
To transfer Active Directory Activity Monitoring from the Activity Monitor to Threat Prevention,
5258
deploy Threat Prevention Agents to targeted domain controllers.
5359

54-
**NOTE:** If Threat Prevention installed SI Agents on domain controllers before the Activity Monitor
60+
:::note
61+
If Threat Prevention installed SI Agents on domain controllers before the Activity Monitor
5562
AD agents were deployed, then skip to the next set of instructions to configure Active Directory
5663
Monitoring through Threat Prevention.
64+
:::
65+
5766

5867
If Threat Prevention data is not used by other Netwrix products, uninstall the activity agent from
5968
the domain controllers if you do not plan to receive Active Directory activity in Activity Monitor

docs/activitymonitor/7.1/admin/agents/properties/additionalproperties.md

Lines changed: 12 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -22,8 +22,11 @@ The Additional Properties tab for the Activity Agent has the following configura
2222
- Same Level as the Console (uses the global level selected in the console)
2323
- Trace (the most verbose) many collection points and can slow down
2424

25-
**CAUTION:** Selecting the **Trace** option can slow down collection due to the large amount
25+
:::warning
26+
Selecting the **Trace** option can slow down collection due to the large amount
2627
of data points
28+
:::
29+
2730

2831
- Debug
2932
- Info (recommended)
@@ -43,8 +46,11 @@ data (ETW) can be useful for problems related to the following:
4346
When this is needed, enable the **Collect extended debugging data (ETW) from the Windows driver when
4447
the Trace level is activated** option to diagnose these problems.
4548

46-
**CAUTION:** Selecting this option collects a large amount of data. Therefore, it is important to
49+
:::warning
50+
Selecting this option collects a large amount of data. Therefore, it is important to
4751
enable it only for short periods of time. Otherwise, the trace file may overflow with data.
52+
:::
53+
4854

4955
In general for troubleshooting, start with trace logs. If the root cause of the problem might be a
5056
low-level functionality the driver, then the ETW logs must be enabled.
@@ -65,8 +71,11 @@ The Additional Properties tab for the Linux Agent has the following configuratio
6571
- Same Level as the Console (uses the global level selected in the console)
6672
- Trace (the most verbose) many collection points and can slow down
6773

68-
**CAUTION:** Selecting the **Trace** option can slow down collection due to the large amount
74+
:::warning
75+
Selecting the **Trace** option can slow down collection due to the large amount
6976
of data points
77+
:::
78+
7079

7180
- Debug
7281
- Info (recommended)

docs/activitymonitor/7.1/admin/agents/properties/archiving.md

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -46,5 +46,8 @@ The options below the **Configure** button are:
4646
Click **OK** to commit the modifications. Click **Cancel** to discard the modifications. The Agent
4747
Properties window closes.
4848

49-
**NOTE:** Linux agents move activity logs to a set local path. Remote storage can be mounted to use
49+
:::note
50+
Linux agents move activity logs to a set local path. Remote storage can be mounted to use
5051
this path for archiving.
52+
53+
:::

docs/activitymonitor/7.1/admin/agents/properties/connection.md

Lines changed: 15 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,10 @@ installation and communication. The tab varies based on the type of agent select
1414
The server name can be modified in the text box. Modifying the name value does not move the activity
1515
agent to a new server. The credentials can be updated or modified as well.
1616

17-
_Remember,_ **Test** the credentials before clicking OK to ensure a successful connection.
17+
:::tip
18+
Remember, **Test** the credentials before clicking OK to ensure a successful connection.
19+
:::
20+
1821

1922
![Connection Tab for Agent Properties](/img/product_docs/activitymonitor/7.1/admin/agents/properties/connectiontab.webp)
2023

@@ -28,15 +31,15 @@ Credential fields:
2831
- User name – Account provisioned for use by the agent
2932
- Password – Password for the supplied User name
3033

31-
Permissions
34+
**Permissions**
3235

3336
This account must be:
3437

3538
- Membership in the local Administrators group
3639

3740
If the user name is not specified, the currently logged in user's account will be used.
3841

39-
Less Privileged Permissions Option
42+
**Less Privileged Permissions Option**
4043

4144
By default, the agent accepts commands only from members of the local Administrators group. You can
4245
allow less privileged accounts to manage the agent with the **Management Group** option. Keep in
@@ -75,7 +78,10 @@ Properties window closes.
7578
The server name can be modified in the text box. Modifying the name value does not move the Linux
7679
agent to a new server. The credentials can be updated or modified as well.
7780

78-
_Remember,_ **Test** the credentials before clicking OK to ensure a successful connection.
81+
:::tip
82+
Remember, **Test** the credentials before clicking OK to ensure a successful connection.
83+
:::
84+
7985

8086
![linuxconnectiontab](/img/product_docs/activitymonitor/7.1/admin/agents/properties/linuxconnectiontab.webp)
8187

@@ -89,7 +95,7 @@ Credential fields:
8995
- User name – Account provisioned for use by the agent
9096
- Password – Password for the supplied User name
9197

92-
Permissions
98+
**Permissions**
9399

94100
This account must be:
95101

@@ -100,8 +106,11 @@ The **Trace level** option configures the level for the agent log it includes th
100106
- Same Level as the Console (uses the global level selected in the console)
101107
- Trace (the most verbose) many collection points and can slow down
102108

103-
**CAUTION:** Selecting the **Trace** option can slow down collection due to the large amount of
109+
:::warning
110+
Selecting the **Trace** option can slow down collection due to the large amount of
104111
data points
112+
:::
113+
105114

106115
- Debug
107116
- Info (recommended)

docs/activitymonitor/7.1/admin/agents/properties/dellceeoptions.md

Lines changed: 22 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -15,8 +15,11 @@ activity from several CEEs at the same time. Among them can be a local Windows C
1515
and Linux CEEs. Windows versions of CEEs can use both RPC and HTTP protocols. Linux versions can
1616
only support HTTP protocols.
1717

18-
**NOTE:** Dell CEE can be installed on the same host as the activity agent, or on a different host.
18+
:::note
19+
Dell CEE can be installed on the same host as the activity agent, or on a different host.
1920
If it is installed on the same host, the activity agent can configure it automatically.
21+
:::
22+
2023

2124
![EMC CEE Options Tab](/img/product_docs/activitymonitor/7.1/admin/agents/properties/emcceeoptionstab.webp)
2225

@@ -49,7 +52,10 @@ The options are:
4952
- IPv4 or IPv6 allowlist – Specify IP addresses of CEE instance that are allowed to connect
5053
to the agent via the HTTP protocol. Leave blank to accept connections from any host.
5154

52-
**NOTE:** For Remote Windows CEE or Linux CEE, Manual Configuration is needed.
55+
:::note
56+
For Remote Windows CEE or Linux CEE, Manual Configuration is needed.
57+
:::
58+
5359

5460
Click **OK** to commit the modifications. Click **Cancel** to discard the modifications. The Agent
5561
Properties window closes.
@@ -96,11 +102,17 @@ Activity Monitor. The default is 60 seconds. The range is from 60 seconds to 600
96102
**Step 5 –** Set `MaxEventsPerFeed` to how many events must occur before information is sent from
97103
CEE to Activity Monitor. The default is 100 events. The range is from 10 events to 10,000 events.
98104

99-
**NOTE:** The `FeedInterval` and `MaxEventsPerFeed` delivery cadences are used simultaneously.
105+
:::note
106+
The `FeedInterval` and `MaxEventsPerFeed` delivery cadences are used simultaneously.
107+
:::
108+
100109

101110
**Step 6 –** Restart the CEE Monitor service.
102111

103-
**NOTE:** All protocol strings are case sensitive.
112+
:::note
113+
All protocol strings are case sensitive.
114+
:::
115+
104116

105117
## Linux CEE Manual Configuration
106118

@@ -179,15 +191,18 @@ If you want to send activity to several 3rd party applications, separate them wi
179191
```xml
180192
<Audit>
181193

182-
<Configuration>
194+
**<Configuration>**
183195

184196
<Enabled>1</Enabled>
185197

186-
<EndPoint>[email protected]:12345;StealthAUDIT@http://[IP Address]:[Port]</EndPoint>
198+
**<EndPoint>[email protected]:12345;StealthAUDIT@http://[IP Address]:[Port]</EndPoint>**
187199

188200
</Configuration>
189201

190202
</Audit>
191203
```
192204

193-
**NOTE:** All protocol strings are case sensitive.
205+
:::note
206+
All protocol strings are case sensitive.
207+
208+
:::

docs/activitymonitor/7.1/admin/agents/properties/inactivityalerts.md

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -45,8 +45,11 @@ configured interval. The alert is sent to the Syslog configured on the **Syslog
4545
- TCP
4646
- TLS
4747

48-
**NOTE:** The TCP and TLS protocols add the **Message framing** drop-down menu. **Message
48+
:::note
49+
The TCP and TLS protocols add the **Message framing** drop-down menu. **Message
4950
framing** options include:
51+
:::
52+
5053

5154
- LS (ASCII 10) delimiter
5255
- CR (ASCII 13) delimiter

0 commit comments

Comments
 (0)