netwrix
diff --git a/‎.cursor/rules/mdx-stuff.mdc‎
Lines changed: 0 additions & 12 deletions b/‎.cursor/rules/mdx-stuff.mdc‎
Lines changed: 0 additions & 12 deletions
diff --git a/‎.deployment‎
Lines changed: 0 additions & 2 deletions b/‎.deployment‎
Lines changed: 0 additions & 2 deletions
diff --git a/‎docs/accessanalyzer/config/activedirectory/access.md‎
Lines changed: 22 additions & 22 deletions b/‎docs/accessanalyzer/config/activedirectory/access.md‎
Lines changed: 22 additions & 22 deletions
diff --git a/‎docs/accessanalyzer/config/activedirectory/activity.md‎
Lines changed: 8 additions & 8 deletions b/‎docs/accessanalyzer/config/activedirectory/activity.md‎
Lines changed: 8 additions & 8 deletions
diff --git a/‎docs/accessanalyzer/config/activedirectory/filearchive.md‎
Lines changed: 5 additions & 5 deletions b/‎docs/accessanalyzer/config/activedirectory/filearchive.md‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎docs/accessanalyzer/config/dellcelerravnx/installcee.md‎
Lines changed: 10 additions & 10 deletions b/‎docs/accessanalyzer/config/dellcelerravnx/installcee.md‎
Lines changed: 10 additions & 10 deletions
@@ -84,18 +84,18 @@ For Registry Data Collector
 
 A least privilege model can be configured based on your auditing needs and the data collection jobs you will be using. The following jobs and their corresponding data collectors can be run with a least privilege permissions model.
 
-1-AD\_Scan Job Permissions
+1-AD_Scan Job Permissions
 
-The ADInventory Data Collector in the .Active Directory Inventory > 1-AD\_Scan Job has the following minimum requirements, which must be configured at the Domain level in Active Directory:
+The ADInventory Data Collector in the .Active Directory Inventory > 1-AD_Scan Job has the following minimum requirements, which must be configured at the Domain level in Active Directory:
 
 - Read access to directory tree
 - List Contents & Read Property on the Deleted Objects Container
 
   __NOTE:__ See the Microsoft [Searching for Deleted Objects](https://technet.microsoft.com/en-us/library/cc978013.aspx) article and the Microsoft [Dsacls](https://technet.microsoft.com/en-us/library/cc771151(v=ws.11).aspx) article for additional information.
 
-AD\_WeakPasswords Job Permissions
+AD_WeakPasswords Job Permissions
 
-The PasswordSecurity Data Collector in the 2.Users > AD\_WeakPasswords Job has the following minimum requirements:
+The PasswordSecurity Data Collector in the 2.Users > AD_WeakPasswords Job has the following minimum requirements:
 
 - At the domain level:
 
@@ -105,27 +105,27 @@ The PasswordSecurity Data Collector in the 2.Users > AD\_WeakPasswords Job has t
   - Replicating Directory Changes in a Filtered Set
   - Replication Synchronization
 
-AD\_CPassword Job Permissions
+AD_CPassword Job Permissions
 
-While the PowerShell Data Collector typically requires Domain Administrator permissions when targeting a domain controller, that level of access is not required to run the 4.Group Policy > AD\_CPasswords job. The minimum requirements for running this job are:
+While the PowerShell Data Collector typically requires Domain Administrator permissions when targeting a domain controller, that level of access is not required to run the 4.Group Policy > AD_CPasswords job. The minimum requirements for running this job are:
 
 - Read access to SYSVOL on the targeted Domain Controller(s) and all of its children
 
-AD\_GroupPolicy Job Permissions
+AD_GroupPolicy Job Permissions
 
-While the GroupPolicy Data Collector typically requires Domain Administrator permissions when targeting a domain controller, that level of access is not required to run the 4.Group Policy > AD\_GroupPolicy Job. The minimum requirements for running this job are:
+While the GroupPolicy Data Collector typically requires Domain Administrator permissions when targeting a domain controller, that level of access is not required to run the 4.Group Policy > AD_GroupPolicy Job. The minimum requirements for running this job are:
 
 - Requires Read permissions on Group Policy Objects
 
-AD\_PasswordPolicies Job Permissions
+AD_PasswordPolicies Job Permissions
 
-While the LDAP Data Collector typically requires Domain Administrator permissions when targeting a domain controller, that level of access is not required to run the 4.Group Policy > AD\_PasswordPolicies Job. The minimum requirements for running this job are:
+While the LDAP Data Collector typically requires Domain Administrator permissions when targeting a domain controller, that level of access is not required to run the 4.Group Policy > AD_PasswordPolicies Job. The minimum requirements for running this job are:
 
 - Requires Read permissions on the Password Settings Container
 
-AD\_DomainControllers Job Permissions
+AD_DomainControllers Job Permissions
 
-While the LDAP Data Collector and Active Directory Data Collector typically requires Domain Administrator permissions when targeting a domain controller, that level of access is not required to run the 5.Domains > 0.Collection > AD\_DomainControllers Job. The minimum requirements for running this job are:
+While the LDAP Data Collector and Active Directory Data Collector typically requires Domain Administrator permissions when targeting a domain controller, that level of access is not required to run the 5.Domains > 0.Collection > AD_DomainControllers Job. The minimum requirements for running this job are:
 
 - Read access to CN=Servers,%SITEDN% and its children
 - Read access to: %PARTITIONDNS% and its children
@@ -134,22 +134,22 @@ While the LDAP Data Collector and Active Directory Data Collector typically requ
 
 See the [Variable Definitions](#variable-definitions) for variable definitions.
 
-AD\_DSRM Job Permissions
+AD_DSRM Job Permissions
 
-While the Registry Data Collector typically requires Domain Administrator permissions when targeting a domain controller, that level of access is not required to run the 5.Domains > 0.Collection > AD\_DSRM Job. The minimum requirements for running this job are:
+While the Registry Data Collector typically requires Domain Administrator permissions when targeting a domain controller, that level of access is not required to run the 5.Domains > 0.Collection > AD_DSRM Job. The minimum requirements for running this job are:
 
 - Requires read access to the following Registry key and its children:  
-  HKEY\_LOCAL\_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
+  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
 
-AD\_TimeSync Job Permissions
+AD_TimeSync Job Permissions
 
-While the Registry Data Collector typically requires Domain Administrator permissions when targeting a domain controller, that level of access is not required to run the 5.Domains > 0.Collection > AD\_TimeSync Job. The minimum requirements for running this job are:
+While the Registry Data Collector typically requires Domain Administrator permissions when targeting a domain controller, that level of access is not required to run the 5.Domains > 0.Collection > AD_TimeSync Job. The minimum requirements for running this job are:
 
-- Requires Read access to the following Registry keys and its children: HKEY\_LOCAL\_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time
+- Requires Read access to the following Registry keys and its children: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time
 
-AD\_DomainInfo Job Permissions
+AD_DomainInfo Job Permissions
 
-While the LDAP Data Collector and Active Directory Data Collector typically requires Domain Administrator permissions when targeting a domain controller, that level of access is not required to run the 5.Domains > AD\_DomainInfo Job. The minimum requirements for running this job, which must be configured at the Domain level in Active Directory, are:
+While the LDAP Data Collector and Active Directory Data Collector typically requires Domain Administrator permissions when targeting a domain controller, that level of access is not required to run the 5.Domains > AD_DomainInfo Job. The minimum requirements for running this job, which must be configured at the Domain level in Active Directory, are:
 
 - Read access to: %DOMAINDN% and its children
 - Read access to: CN=System,%DOMAINDN% and its children
@@ -158,9 +158,9 @@ While the LDAP Data Collector and Active Directory Data Collector typically requ
 
 See the [Variable Definitions](#variable-definitions) for variable definitions.
 
-AD\_ActivityCollection Job Permission
+AD_ActivityCollection Job Permission
 
-The ADActivity Data Collector in the 6.Activity > 0.Collection > AD\_ActivityCollection Job has the following minimum requirements:
+The ADActivity Data Collector in the 6.Activity > 0.Collection > AD_ActivityCollection Job has the following minimum requirements:
 
 - Netwrix Activity Monitor API Access activity data
 - Netwrix Activity Monitor API Read
 
@@ -90,7 +90,7 @@ __Step 3 –__ Configure the following:
 
 - Configure the desired number of days for the __Period to keep Log files__. This is the number of days the log files are kept on the API server configured in the sections above. This needs to be set to a greater value than the days between Access Analyzer scans.
 
-  - For example, if Access Analyzer runs the __AD\_ActivityCollection__ Job once a week (every 7 days), then the Activity Monitor output should be configured to retain at least 10 days of log files.
+  - For example, if Access Analyzer runs the __AD_ActivityCollection__ Job once a week (every 7 days), then the Activity Monitor output should be configured to retain at least 10 days of log files.
 - Check the __This log file is for StealthAUDIT__ box.
 - Optionally select the __Enable periodic AD Status Check event reporting__ checkbox. When enabled, the agent will send out status messages every five minutes to verify whether the connection is still active.
 
@@ -126,13 +126,13 @@ __Step 8 –__ Click __Save__ and then __OK__ to confirm the changes to the job
 
 The Connection Profile will now be used for AD Activity collection.
 
-## Configure the AD\_ActivityCollection Job
+## Configure the AD_ActivityCollection Job
 
-The Access Analyzer requires additional configurations in order to collect domain activity data. Follow the steps to configure the __AD\_ActivityCollection__ Job.
+The Access Analyzer requires additional configurations in order to collect domain activity data. Follow the steps to configure the __AD_ActivityCollection__ Job.
 
 __NOTE:__ Ensure that the __.Active Directory Inventory__ Job Group has been successfully run against the target domain.
 
-__Step 1 –__ Navigate to the __Jobs__ > __Active Directory__ > __6.Activity__ > __0.Collection__ > __AD\_ActivityCollection__ Job. Select the __Configure__ > __Queries__ node.
+__Step 1 –__ Navigate to the __Jobs__ > __Active Directory__ > __6.Activity__ > __0.Collection__ > __AD_ActivityCollection__ Job. Select the __Configure__ > __Queries__ node.
 
 __Step 2 –__ Click __Query Properties__. The Query Properties window displays.
 
@@ -159,7 +159,7 @@ __Step 9 –__ On the Scope page, set the Timespan as desired. There are two opt
 - Relative Timespan – Set the number of days of activity logs to collect when the scan is run
 - Absolute Timespan – Set the date range for activity logs to collect when the scan is run
 
-___RECOMMENDED:___ The threshold should be set to ensure the logs are collected before the Activity Monitor domain output log retention expires. For example, if Access Analyzer runs the __AD\_ActivityCollection__ Job once a week (every 7 days), then the Activity Monitor output should be configured to retain at least 10 days of log files.
+___RECOMMENDED:___ The threshold should be set to ensure the logs are collected before the Activity Monitor domain output log retention expires. For example, if Access Analyzer runs the __AD_ActivityCollection__ Job once a week (every 7 days), then the Activity Monitor output should be configured to retain at least 10 days of log files.
 
 __Step 10 –__ Set the Retention period as desired. This is the number of days Access Analyzer keeps the collected data in the SQL Server database.
 
@@ -179,9 +179,9 @@ The query is now configured to target the Activity Monitor API Server to collect
 
 ### (Optional) Configure Import of AD Activity into Netwrix Access Information Center
 
-AD Activity data can be imported into Netwrix Access Information Center by the __AD\_ActivityCollection__ Job. However, this is disabled by default. Follow the steps to enable the importing of AD activity data into the Access Information Center.
+AD Activity data can be imported into Netwrix Access Information Center by the __AD_ActivityCollection__ Job. However, this is disabled by default. Follow the steps to enable the importing of AD activity data into the Access Information Center.
 
-__Step 1 –__ Navigate to the __Jobs__ > __Active Directory__ > __6.Activity__ > __0.Collection__ > __AD\_ActivityCollection__ Job.
+__Step 1 –__ Navigate to the __Jobs__ > __Active Directory__ > __6.Activity__ > __0.Collection__ > __AD_ActivityCollection__ Job.
 
 __Step 2 –__ On the job's Overview page, enable the import of AD Events.
 
@@ -195,4 +195,4 @@ __Step 3 –__ On the job's Overview page, enable the import of authentication E
 
 __Step 4 –__ Optionally, modify the __List of attributes to track for Object Modified changes__ and __Number of days to retain activity data in the AIC__ parameters.
 
-The __AD\_ActivityCollection__ Job is now configured to import both AD events and authentication events into the Netwrix Access Information Center.
+The __AD_ActivityCollection__ Job is now configured to import both AD events and authentication events into the Netwrix Access Information Center.
@@ -43,7 +43,7 @@ __Step 3 –__ Configure the following:
 
 - Configure the desired number of days for the __Period to keep Log files__. This is the number of days the log files are kept on the API server configured in the sections above. This needs to be set to a greater value than the days between Access Analyzer scans.
 
-  - For example, if Access Analyzer runs the __AD\_ActivityCollection__ Job once a week (every 7 days), then the Activity Monitor output should be configured to retain at least 10 days of log files.
+  - For example, if Access Analyzer runs the __AD_ActivityCollection__ Job once a week (every 7 days), then the Activity Monitor output should be configured to retain at least 10 days of log files.
 - Check the __This log file is for StealthAUDIT__ box.
 - Optionally select the __Enable periodic AD Status Check event reporting__ checkbox. When enabled, the agent will send out status messages every five minutes to verify whether the connection is still active.
 
@@ -81,13 +81,13 @@ __Step 8 –__ Click __Save__ and then __OK__ to confirm the changes to the job
 
 The Connection Profile will now be used for AD Activity collection.
 
-## Configure the AD\_ActivityCollection Job
+## Configure the AD_ActivityCollection Job
 
-Access Analyzer requires additional configurations in order to collect domain activity data. Follow the steps to configure the __AD\_ActivityCollection__ Job.
+Access Analyzer requires additional configurations in order to collect domain activity data. Follow the steps to configure the __AD_ActivityCollection__ Job.
 
 __NOTE:__ Ensure that the .Active Directory Inventory Job Group has been successfully run against the target domain.
 
-__Step 1 –__ Navigate to the __Jobs__ > __Active Directory__ > __6.Activity__ > __0.Collection__ > __AD\_ActivityCollection__ Job. Select the __Configure__ > __Queries__ node.
+__Step 1 –__ Navigate to the __Jobs__ > __Active Directory__ > __6.Activity__ > __0.Collection__ > __AD_ActivityCollection__ Job. Select the __Configure__ > __Queries__ node.
 
 __Step 2 –__ Click __Query Properties__. The Query Properties window displays.
 
@@ -108,7 +108,7 @@ __Step 6 –__ On the Scope page, set the Timespan as desired. There are two opt
 - Relative Timespan – Set the number of days of activity logs to collect when the scan is run
 - Absolute Timespan – Set the date range for activity logs to collect when the scan is run
 
-___RECOMMENDED:___ The threshold should be set to ensure the logs are collected before the Activity Monitor domain output log retention expires. For example, if Access Analyzer runs the __AD\_ActivityCollection__ Job once a week (every 7 days), then the Activity Monitor output should be configured to retain at least 10 days of log files.
+___RECOMMENDED:___ The threshold should be set to ensure the logs are collected before the Activity Monitor domain output log retention expires. For example, if Access Analyzer runs the __AD_ActivityCollection__ Job once a week (every 7 days), then the Activity Monitor output should be configured to retain at least 10 days of log files.
 
 __Step 7 –__ Set the Retention period as desired. This is the number of days Access Analyzer keeps the collected data in the SQL Server database.
 
 
@@ -31,7 +31,7 @@ __Step 1 –__ Open the Registry Editor (run regedit).
 
 __Step 2 –__ Navigate to following location:
 
-HKEY\_LOCAL\_MACHINE\SOFTWARE\EMC\CEE\CEPP\AUDIT\Configuration
+HKEY_LOCAL_MACHINE\SOFTWARE\EMC\CEE\CEPP\AUDIT\Configuration
 
 __Step 3 –__ Right-click on __Enabled__ and select Modify. The Edit DWORD Value window opens.
 
@@ -71,7 +71,7 @@ $ vi cepp.conf
 
 > If a ```cepp.conf``` file already exists, it can be retrieved from the Data Movers for modification with the following command:
 
-$ server\_file [DATA\_MOVER\_NAME] -get cepp.conf cepp.conf
+$ server_file [DATA_MOVER_NAME] -get cepp.conf cepp.conf
 
 __Step 3 –__ Configure the ```cepp.conf``` file. For information on the ```cepp.conf``` file, see the Dell [Using the Common Event Enabler for Windows Platforms](https://www.dellemc.com/en-us/collaterals/unauth/technical-guides-support-information/products/storage-3/docu48055.pdf) guide instructions on how to add parameters or edit the values or existing parameters.
 
@@ -95,19 +95,19 @@ The Activity Monitor requires the following parameters to be set in the ```cepp.
 
   msrpcuser=[DOMAIN\DOMAINUSER]
 
-  pool name=[POOL\_NAME] \
+  pool name=[POOL_NAME] \
 
-  servers=[IP\_ADDRESS1]|[IP\_ADDRESS2]|... \
+  servers=[IP_ADDRESS1]|[IP_ADDRESS2]|... \
 
   postevents=[EVENT1]|[EVENT2]|...
 
   Example cepp.conf file format for the Activity Monitor:
 
   msrpcuser=[DOMAIN\DOMAINUSER running CEE services]
 
-  pool name=[POOL\_NAME for configuration container] \
+  pool name=[POOL_NAME for configuration container] \
 
-  servers=[IP\_ADDRESS where CEE is installed]|... \
+  servers=[IP_ADDRESS where CEE is installed]|... \
 
   postevents=[EVENT1]|[EVENT2]|...
 
@@ -123,20 +123,20 @@ The Activity Monitor requires the following parameters to be set in the ```cepp.
 
 __Step 4 –__ Move the ```cepp.conf``` file to the Data Mover(s) root file system. Run the following command:
 
-$ server\_file [DATA\_MOVER\_NAME]‑put cepp.conf cepp.conf
+$ server_file [DATA_MOVER_NAME]‑put cepp.conf cepp.conf
 
 __NOTE:__ Each Data Mover which runs Celerra Event Publishing Agent (CEPA) must have a ```cepp.conf``` file, but each configuration file can specify different events.
 
 __Step 5 –__ (This step is required only if using the ```msrpcuser``` parameter) Register the MSRPC user (see Step 3 for additional information on this parameter). Before starting CEPA for the first time, the administrator must issue the following command from the Control Station and follow the prompts for entering information:
 
-/nas/sbin/server\_user server\_2 -add -md5 -passwd [DOMAIN\DOMAINUSER for msrpcuser]
+/nas/sbin/server_user server_2 -add -md5 -passwd [DOMAIN\DOMAINUSER for msrpcuser]
 
 __Step 6 –__ Start the CEPA facility on the Data Mover. Use the following command:
 
-server\_cepp [DATA\_MOVER\_NAME] -service –start
+server_cepp [DATA_MOVER_NAME] -service –start
 
 Then verify the CEPA status using the following command:
 
-server\_cepp [DATA\_MOVER\_NAME] -service –status
+server_cepp [DATA_MOVER_NAME] -service –status
 
 Once the ```cepp.config``` file has been configured, it is time to configure and enable monitoring with the Activity Monitor. See the [Netwrix Activity Monitor Documentation](https://helpcenter.netwrix.com/category/activitymonitor) for additional information.