diff --git a/docs/accessanalyzer/11.6/admin/action/activedirectory/operations/groupdetails.md b/docs/accessanalyzer/11.6/admin/action/activedirectory/operations/groupdetails.md index 162bc1a802..cdc7343dd1 100644 --- a/docs/accessanalyzer/11.6/admin/action/activedirectory/operations/groupdetails.md +++ b/docs/accessanalyzer/11.6/admin/action/activedirectory/operations/groupdetails.md @@ -13,7 +13,10 @@ Use Groups Details page to edit selected group attributes. Highlight the attribute to edit. Add or delete attributes using the buttons to the right of Insert field. -**NOTE:** The options at the bottom of the page vary based on the highlighted attribute. +:::note +The options at the bottom of the page vary based on the highlighted attribute. +::: + - Insert field – Use the drop-down list to select a field (column) from the source table. Then, click the blue arrow to insert the item into the Value box. diff --git a/docs/accessanalyzer/11.6/admin/action/activedirectory/operations/operations.md b/docs/accessanalyzer/11.6/admin/action/activedirectory/operations/operations.md index 1181516067..c3e0d1b767 100644 --- a/docs/accessanalyzer/11.6/admin/action/activedirectory/operations/operations.md +++ b/docs/accessanalyzer/11.6/admin/action/activedirectory/operations/operations.md @@ -35,7 +35,10 @@ here. To change the order, select an operation and use the **Down** and **Up** b ## Delete Objects -**CAUTION:** Once deleted, objects from Active Directory cannot be restored. +:::warning +Once deleted, objects from Active Directory cannot be restored. +::: + Select this operation to delete objects from Active Directory, such as users, groups, or computers. The source table determines which objects are deleted from the Active Directory. Therefore, this diff --git a/docs/accessanalyzer/11.6/admin/action/activedirectory/overview.md b/docs/accessanalyzer/11.6/admin/action/activedirectory/overview.md index b67183899e..3d32d185db 100644 --- a/docs/accessanalyzer/11.6/admin/action/activedirectory/overview.md +++ b/docs/accessanalyzer/11.6/admin/action/activedirectory/overview.md @@ -10,9 +10,12 @@ Use the Active Directory Action Module to make bulk changes to objects in Micros (AD) such as deleting users or changing group memberships. It is available with a special Enterprise Auditor license. -**CAUTION:** Be careful when using this action module. Make sure that only the changes required are +:::warning +Be careful when using this action module. Make sure that only the changes required are applied and only to those target systems desired. Actions perform their functions on all rows in a table. +::: + Enterprise Auditor action modules contain one or more selectable operations. Each operation performs its function on a single object per row from the source table defined in the action. @@ -30,22 +33,23 @@ target objects along with the field type to indicate the type of data contained The Operations page lists the operations that may be performed by the Active Directory Action Module. Each operation may have its own source table column requirements as follows: -| Operation | Requirements | -| ----------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Clear/Set SID History | Column containing SID History information | -| Computer Details | No specific columns required | -| Disable/Enable Computers | No specific columns required | -| Create Groups | No specific columns required | -| Create Users | Column containing the user logon name **_RECOMMENDED:_** It is recommended that the source table has columns containing the following information: - First Name - Last name - Initials - Full name - Password - OU in which to create the user (This can also be created on the Create Users page) | -| Delete Objects (Users, Groups, Computers, etc.) | No specific columns required | -| Disable/Enable Users | No specific columns required | -| Group Details | No specific columns required | -| Group Membership | Column containing the target group OU or the target group NT style name | -| Groups Remove All Members | No specific columns required | -| Move Objects | Column containing an OU (Alternatively, type in the OU or click the ellipsis (…) to select an OU) | -| Set/Reset Users Password | No specific columns required | -| Unlock Users | No specific columns required | -| User Details | No specific columns required | +| Operation | Requirements | +| ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Clear/Set SID History | Column containing SID History information | +| Computer Details | No specific columns required | +| Disable/Enable Computers | No specific columns required | +| Create Groups | No specific columns required | +| Create Users | Column containing the user logon name
**_RECOMMENDED:_** It is recommended that the source table has columns containing the following information: | +| Delete Objects (Users, Groups, Computers, etc.) | No specific columns required | +| Disable/Enable Users | No specific columns required | +| Group Details | No specific columns required | +| Group Membership | Column containing the target group OU or the target group NT style name | +| Groups Remove All Members | No specific columns required | +| Move Objects | Column containing an OU (Alternatively, type in the OU or click the ellipsis (…) to select an OU) | +| Set/Reset Users Password | No specific columns required | +| Unlock Users | No specific columns required | +| User Details | No specific columns required | + ## Configuration diff --git a/docs/accessanalyzer/11.6/admin/action/activedirectory/target.md b/docs/accessanalyzer/11.6/admin/action/activedirectory/target.md index 01863fcc05..f14272c301 100644 --- a/docs/accessanalyzer/11.6/admin/action/activedirectory/target.md +++ b/docs/accessanalyzer/11.6/admin/action/activedirectory/target.md @@ -33,5 +33,8 @@ Use the following options to configure the action: - E-Mail - Employee (employeeID) -**NOTE:** While one field is usually sufficient to identify AD objects, if specifying multiple +:::note +While one field is usually sufficient to identify AD objects, if specifying multiple fields, each field type can only be used once. + +::: diff --git a/docs/accessanalyzer/11.6/admin/action/filesystem/environment.md b/docs/accessanalyzer/11.6/admin/action/filesystem/environment.md index c78e87046b..d3c05fa6ac 100644 --- a/docs/accessanalyzer/11.6/admin/action/filesystem/environment.md +++ b/docs/accessanalyzer/11.6/admin/action/filesystem/environment.md @@ -13,7 +13,10 @@ Use this page to select and connect to a sample host, via which a set of remote variables for use in scoping the action are loaded. Then, on the Target page, use the environment variables to build dynamic file path locations for the selected operation. -**NOTE:** The environment variables from the local system load by default. +:::note +The environment variables from the local system load by default. +::: + ![File System Action Module Wizard Environment page](/img/product_docs/accessanalyzer/11.6/admin/action/filesystem/environment.webp) diff --git a/docs/accessanalyzer/11.6/admin/action/filesystem/options.md b/docs/accessanalyzer/11.6/admin/action/filesystem/options.md index 7713252a45..985975244c 100644 --- a/docs/accessanalyzer/11.6/admin/action/filesystem/options.md +++ b/docs/accessanalyzer/11.6/admin/action/filesystem/options.md @@ -46,14 +46,17 @@ Select from the following additional operations: - Batch size – Specify the batch size. -Start Process +**Start Process** Select the desired start process. -**CAUTION:** Due to system security limitations, some applications and programs cannot be restarted +:::warning +Due to system security limitations, some applications and programs cannot be restarted or run remotely using this option. Additionally, starting interactive processes (such as Word, Excel, and so on) will load them into memory, but may not make them available for interaction by the end user. +::: + Use the fields provided to select target items and hosts from the drop-down lists and populate the Set working directory field, or edit the field manually. The Preview field updates based on the diff --git a/docs/accessanalyzer/11.6/admin/action/filesystem/overview.md b/docs/accessanalyzer/11.6/admin/action/filesystem/overview.md index 4ee1958206..1d5d77db9c 100644 --- a/docs/accessanalyzer/11.6/admin/action/filesystem/overview.md +++ b/docs/accessanalyzer/11.6/admin/action/filesystem/overview.md @@ -12,9 +12,12 @@ Module provides options for changing attributes and permissions, as well as copy moving, and renaming file system contents. It is available with a special Enterprise Auditor license. -**CAUTION:** Be careful when using this Action Module. Make sure that only the changes required are +:::warning +Be careful when using this Action Module. Make sure that only the changes required are applied and only to those target systems desired. Actions perform their functions on all rows in a table. +::: + Enterprise Auditor action modules contain one or more selectable operations. Each operation performs its function on a single object per row from the source table defined in the action. @@ -31,7 +34,10 @@ Changes: - NetApp Data ONTAP Cluster-Mode Device – User credential must have role on SVM that has permission to modify share permissions - **NOTE:** Enter the following syntax to create role: + :::note + Enter the following syntax to create role: + ::: + ``` ‑security login role create ‑role [DESIRED_ROLE_NAME] ‑cmddirname “vserver cifs share access-control” ‑vserver [VSERVER_NAME] ‑access all @@ -67,35 +73,42 @@ execution of the action and with analysis and reports downstream. | rowGUID | Identifies each data row as unique. The datatype in the table is uniqueidentifier (GUID). | | RowKey | Identifies each data row as unique. Sometimes the value is a GUID, but the datatype in the table is a varchar (text string). | -_Remember,_ the individual File System actions may have their own column requirements in addition to +:::tip +Remember, the individual File System actions may have their own column requirements in addition to the above. These columns are made available through the File System Action Module wizard. +::: + The Operations page lists the operations that may be performed by the File System Action Module. Each operation has its own source table column requirements as follows: -| Operation | Column requirements | -| ------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | -| Change attributes | Columns containing: - Object to change attributes for - UNC path or local path (files or folders) | -| Change permissions and Auditing | Columns containing: - Object to change permissions for - UNC path or local path - (Optional) Permission values to change (files or folders) | -| Change permission inheritance | Columns containing: - Object to change permission inheritance for - UNC path or local path (files or folders) | -| Change Share permissions | Columns containing: - Share to change permissions for - UNC path or local path (shares) | -| Copy | Columns containing: - Object to copy - Location to copy the object to - UNC path or local path | -| Delete | Columns containing: - Object to delete - UNC Path or local path | -| Launch Remote Process | No specific columns required | -| Move | Columns containing: - Object to move - Location to move the object to - UNC path or local path | -| Remove permissions | Columns containing: - Object to remove permissions for - UNC path or local path (files or folders) | -| Remove Share permissions | Columns containing: - Object to remove Share permissions for - UNC path or local path (shares) | -| Rename | Columns containing: - Object to rename - New name of the object - UNC path or local path | -| Add tags | Columns containing: - Object to add tags to - UNC path or local path (files) | -| Remove tags | Columns containing: - Object to remove tags from - UNC path or local path (files) | -| Change Owner | Columns containing: - Object to change ownership for - UNC path or local path (folders) | +| Operation | Column requirements | +| ------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Change attributes | Columns containing: | +| Change permissions and Auditing | Columns containing: | +| Change permission inheritance | Columns containing: | +| Change Share permissions | Columns containing: | +| Copy | Columns containing: | +| Delete | Columns containing: | +| Launch Remote Process | No specific columns required | +| Move | Columns containing: | +| Remove permissions | Columns containing: | +| Remove Share permissions | Columns containing: | +| Rename | Columns containing: | +| Add tags | Columns containing: | +| Remove tags | Columns containing: | +| Change Owner | Columns containing: | + ## Configuration The File System Action module is configured through the File System Action Module Wizard, which contains the following wizard pages: -**NOTE:** Depending on the selections on the various pages, not all pages may be accessible. +:::note +Depending on the selections on the various pages, not all pages may be accessible. +::: + - Welcome - [File System Action: Action](/docs/accessanalyzer/11.6/admin/action/filesystem/action.md) diff --git a/docs/accessanalyzer/11.6/admin/action/filesystem/parameters/addtags.md b/docs/accessanalyzer/11.6/admin/action/filesystem/parameters/addtags.md index bc8e43a17a..dfc61dab0b 100644 --- a/docs/accessanalyzer/11.6/admin/action/filesystem/parameters/addtags.md +++ b/docs/accessanalyzer/11.6/admin/action/filesystem/parameters/addtags.md @@ -18,10 +18,13 @@ the field manually. The Preview field updates based on the contents of the Tag f - Append to existing tags - Adds new tags to the existing list of tags - Overwrite existing tags - Removes all existing tags before adding newly configured tags -**NOTE:** If choosing the option to overwrite tags, the action module will clear out both normal +:::note +If choosing the option to overwrite tags, the action module will clear out both normal tags and Boldon James tags and then proceed to apply the tags configured for overwrite. If choosing the option to remove all tags, the action module will clear out both normal tags and Boldon James tags. +::: + - Fields – Use the drop-down list to select a field (column) from the source table, then click the blue arrow to insert the item into the **Tag** field @@ -38,8 +41,11 @@ tags. - Regular - Configure new tag as a regular tag - Boldon James - Configure new tag as a Boldon James tag - **NOTE:** The Boldon James column indicates whether a file tag is a regular tag or a Boldon + :::note + The Boldon James column indicates whether a file tag is a regular tag or a Boldon James tag. Regular tags will be identified with **0**. Boldon James tags will be identified with **1**. + ::: + A list of supported file types appears at the bottom of the page. diff --git a/docs/accessanalyzer/11.6/admin/action/filesystem/parameters/removetags.md b/docs/accessanalyzer/11.6/admin/action/filesystem/parameters/removetags.md index a603d85c47..027aa0c89c 100644 --- a/docs/accessanalyzer/11.6/admin/action/filesystem/parameters/removetags.md +++ b/docs/accessanalyzer/11.6/admin/action/filesystem/parameters/removetags.md @@ -18,10 +18,13 @@ the field manually. The Preview field updates based on the contents of the Tag f - Remove specified tags - Remove specified tags from the existing list of tags - Remove all tags - Remove all existing tags -**NOTE:** If choosing the option to overwrite tags, the action module will clear out both normal +:::note +If choosing the option to overwrite tags, the action module will clear out both normal tags and Boldon James tags and then proceed to apply the tags configured for overwrite. If choosing the option to remove all tags, the action module will clear out both normal tags and Boldon James tags. +::: + - Fields – Use the drop-down list to select a field (column) from the source table, then click the blue arrow to insert the item into the **Tag** field @@ -38,8 +41,11 @@ tags. - Regular - Specify a regular tag for removal - Boldon James - Specify a Boldon James tag for removal - **NOTE:** The Boldon James column indicates whether a file tag is a regular tag or a Boldon + :::note + The Boldon James column indicates whether a file tag is a regular tag or a Boldon James tag. Regular tags will be identified with **0**. Boldon James tags will be identified with **1**. + ::: + A list of supported file types appears at the bottom of the page. diff --git a/docs/accessanalyzer/11.6/admin/action/filesystem/rollback.md b/docs/accessanalyzer/11.6/admin/action/filesystem/rollback.md index c9bccce874..d31ebdf6d3 100644 --- a/docs/accessanalyzer/11.6/admin/action/filesystem/rollback.md +++ b/docs/accessanalyzer/11.6/admin/action/filesystem/rollback.md @@ -10,7 +10,10 @@ Use the Rollback page to apply rollback support to the action. This option provi undo failed actions and reapply the original action settings when the action continues from where it left off. -**NOTE:** Not all actions support Rollback. +:::note +Not all actions support Rollback. +::: + ![File System Action Module Wizard Rollback page](/img/product_docs/accessanalyzer/11.6/admin/action/filesystem/rollback.webp) diff --git a/docs/accessanalyzer/11.6/admin/action/mailbox/delegaterights.md b/docs/accessanalyzer/11.6/admin/action/mailbox/delegaterights.md index 56058b7b0a..c3319009de 100644 --- a/docs/accessanalyzer/11.6/admin/action/mailbox/delegaterights.md +++ b/docs/accessanalyzer/11.6/admin/action/mailbox/delegaterights.md @@ -30,8 +30,11 @@ Set delegate rights using the following options: - Calendar - **NOTE:** If Editor or a higher rights level is selected, the **Delegate receives copies of + :::note + If Editor or a higher rights level is selected, the **Delegate receives copies of meeting-related messages sent to me** option is enabled for selection. + ::: + - Tasks - Inbox diff --git a/docs/accessanalyzer/11.6/admin/action/mailbox/messageconditions.md b/docs/accessanalyzer/11.6/admin/action/mailbox/messageconditions.md index 4ee751bd9e..4aaf60e4be 100644 --- a/docs/accessanalyzer/11.6/admin/action/mailbox/messageconditions.md +++ b/docs/accessanalyzer/11.6/admin/action/mailbox/messageconditions.md @@ -15,7 +15,10 @@ Customize the folder search conditions using the following options: - Message Category – Use the drop-down menu to select a message category - **NOTE:** Each selection may populate various conditions in the Select Conditions section. + :::note + Each selection may populate various conditions in the Select Conditions section. + ::: + - Select conditions – Select the checkbox next to any desired filter conditions to apply them to the search. The selected conditions then show in the Edit conditions box. Message Conditions include: diff --git a/docs/accessanalyzer/11.6/admin/action/mailbox/operations.md b/docs/accessanalyzer/11.6/admin/action/mailbox/operations.md index 3217c202c8..23d868d10d 100644 --- a/docs/accessanalyzer/11.6/admin/action/mailbox/operations.md +++ b/docs/accessanalyzer/11.6/admin/action/mailbox/operations.md @@ -19,4 +19,7 @@ Select from the following operations: - Remove Delegates - Remove Stale SIDS -**NOTE:** The Operation selected alters the subsequent steps displayed by the wizard. +:::note +The Operation selected alters the subsequent steps displayed by the wizard. + +::: diff --git a/docs/accessanalyzer/11.6/admin/action/mailbox/overview.md b/docs/accessanalyzer/11.6/admin/action/mailbox/overview.md index ca433e4baf..71becab6d5 100644 --- a/docs/accessanalyzer/11.6/admin/action/mailbox/overview.md +++ b/docs/accessanalyzer/11.6/admin/action/mailbox/overview.md @@ -9,8 +9,11 @@ sidebar_position: 40 The Mailbox action module allows you to perform bulk operations on Microsoft Exchange mailboxes, for example deleting mailbox content and modifying permissions and delegates. -**CAUTION:** This action module can add, change, or remove permissions and delegates from an +:::warning +This action module can add, change, or remove permissions and delegates from an environment. Always verify the data and target mailboxes prior to executing any action. +::: + ## Mailbox Action Source Table Configuration diff --git a/docs/accessanalyzer/11.6/admin/action/mailbox/trustedusers.md b/docs/accessanalyzer/11.6/admin/action/mailbox/trustedusers.md index d169b89e05..a5b078be68 100644 --- a/docs/accessanalyzer/11.6/admin/action/mailbox/trustedusers.md +++ b/docs/accessanalyzer/11.6/admin/action/mailbox/trustedusers.md @@ -49,5 +49,8 @@ The following additional options are available for the Remove Delegates operatio rights - Remove Permissions from Child Folders – Removes permissions from child folders - **NOTE:** This option is only enabled if the **Remove Permissions for Delegate** option is + :::note + This option is only enabled if the **Remove Permissions for Delegate** option is selected. + + ::: diff --git a/docs/accessanalyzer/11.6/admin/action/overview.md b/docs/accessanalyzer/11.6/admin/action/overview.md index 0258e9f5e8..89444f8cc7 100644 --- a/docs/accessanalyzer/11.6/admin/action/overview.md +++ b/docs/accessanalyzer/11.6/admin/action/overview.md @@ -71,14 +71,20 @@ job by clicking on the **Action Execute** link on the Action Selection view. ## Caution on Action Modules -**CAUTION:** Enterprise Auditor action modules apply bulk changes to targeted objects within the +:::warning +Enterprise Auditor action modules apply bulk changes to targeted objects within the target environment. Actions perform operations on selected objects listed in each row of the source table. Exercise caution to ensure the action applies only the desired changes and only to the desired target objects. +::: -**_RECOMMENDED:_** Prior to configuring the action module, scope the source data table to include + +:::info +Prior to configuring the action module, scope the source data table to include only the desired data. It is also recommended to run the action in a test environment before making changes to a production environment. +::: + ## Action Properties Page @@ -87,8 +93,11 @@ action module, and source table. Access this page via the Action Selection view. ![Action Properties page for new action](/img/product_docs/accessanalyzer/11.6/admin/action/actionproperties.webp) -**_RECOMMENDED:_** Provide unique and descriptive names and action task descriptions to all user +:::info +Provide unique and descriptive names and action task descriptions to all user created action tasks. +::: + - Name – Action task name. For new actions, an editable default name displays. - Description – Action task description. For new actions, this editable field is blank. @@ -124,17 +133,23 @@ analysis and reports downstream. | rowGUID | Identifies each data row as unique. The datatype in the table is uniqueidentifier (GUID). | | RowKey | Identifies each data row as unique. Sometimes the value is a GUID, but the datatype in the table is a varchar (text string). | -_Remember,_ the individual action modules may have their own column requirements in addition to the +:::tip +Remember, the individual action modules may have their own column requirements in addition to the above. +::: + #### Data Tables Enterprise Auditor native data tables generally contain all of the above columns. However, if all required columns are not present by default, add them manually. -**CAUTION:** Do not use native data tables in action modules. Source data tables in actions should +:::warning +Do not use native data tables in action modules. Source data tables in actions should include only the data desired for the operation. Scope the data tables to include only the required columns prior to configuring the action. +::: + #### Module-Specific Source Table Requirements diff --git a/docs/accessanalyzer/11.6/admin/action/powershell/overview.md b/docs/accessanalyzer/11.6/admin/action/powershell/overview.md index 4f1fa14847..ec537e352f 100644 --- a/docs/accessanalyzer/11.6/admin/action/powershell/overview.md +++ b/docs/accessanalyzer/11.6/admin/action/powershell/overview.md @@ -9,8 +9,11 @@ sidebar_position: 50 The PowerShell action module provides methods of running PowerShell scripts on the local machine or on remote hosts. Define PowerShell scripting actions using the PowerShell Action Module Wizard. -**CAUTION:** Ensure that only the changes required are applied and only to those target systems +:::warning +Ensure that only the changes required are applied and only to those target systems desired. +::: + Enterprise Auditor action modules contain one or more selectable operations. Each operation performs its function on a single object per row from the source table defined in the action. diff --git a/docs/accessanalyzer/11.6/admin/action/powershell/script.md b/docs/accessanalyzer/11.6/admin/action/powershell/script.md index b0b68213a0..11e963b303 100644 --- a/docs/accessanalyzer/11.6/admin/action/powershell/script.md +++ b/docs/accessanalyzer/11.6/admin/action/powershell/script.md @@ -52,7 +52,10 @@ The options are: - Delete – Delete a selected parameter -**NOTE:** The built-in default parameters cannot be edited or deleted. +:::note +The built-in default parameters cannot be edited or deleted. +::: + ### Add/Edit Variable Window diff --git a/docs/accessanalyzer/11.6/admin/action/publicfolder/action.md b/docs/accessanalyzer/11.6/admin/action/publicfolder/action.md index f42a7f1a21..78f72f2092 100644 --- a/docs/accessanalyzer/11.6/admin/action/publicfolder/action.md +++ b/docs/accessanalyzer/11.6/admin/action/publicfolder/action.md @@ -9,8 +9,11 @@ sidebar_position: 10 The Action page specifies the basic action to perform on public folders. The pages available for selection in the Steps pane adjust based on this selection. -**NOTE:** Once an action is selected and saved, and the wizard is closed, this page is no longer +:::note +Once an action is selected and saved, and the wizard is closed, this page is no longer available and the selection cannot be altered. +::: + ![Public Folder Action Module Wizard Action page](/img/product_docs/accessanalyzer/11.6/admin/action/publicfolder/action.webp) diff --git a/docs/accessanalyzer/11.6/admin/action/publicfolder/folders.md b/docs/accessanalyzer/11.6/admin/action/publicfolder/folders.md index 260589b1fb..ebc338d935 100644 --- a/docs/accessanalyzer/11.6/admin/action/publicfolder/folders.md +++ b/docs/accessanalyzer/11.6/admin/action/publicfolder/folders.md @@ -16,8 +16,11 @@ The options on this page are: - Field – Column names - **NOTE:** The displayed fields vary depending on the Source Table selected during the + :::note + The displayed fields vary depending on the Source Table selected during the creation of the new action + ::: + - Folder identifier type – Select a folder type option diff --git a/docs/accessanalyzer/11.6/admin/action/publicfolder/operations.md b/docs/accessanalyzer/11.6/admin/action/publicfolder/operations.md index c361d54b18..6489e45691 100644 --- a/docs/accessanalyzer/11.6/admin/action/publicfolder/operations.md +++ b/docs/accessanalyzer/11.6/admin/action/publicfolder/operations.md @@ -40,7 +40,10 @@ Rename folders using the following options: - Select a field from the dropdown menu and click **Add** to add it to the list below - **NOTE:** The available fields vary based on the source table. + :::note + The available fields vary based on the source table. + ::: + - New name – Enter the name to replace an existing folder name @@ -86,10 +89,13 @@ Change permissions using the following options: - Folder visible – User can view the specified public folder but cannot read or edit the items within - **NOTE:** Different permissions become automatically selected based on which permission + :::note + Different permissions become automatically selected based on which permission level is selected. To override this default, select the checkbox of the unwanted permission to deselect it. If a desired checkbox is blocked by a black square, click the square to unblock the checkbox. The checkbox can then be selected or unselected. + ::: + - Edit items – Use the drop-down menu to determine user editing permissions from the following: @@ -125,8 +131,11 @@ Select attributes using the following options: - Select a checkbox to set any custom attribute list - Select a Field from the dropdown list and click **Add** to add the field to the custom attribute - **NOTE:** Multiple fields may be added to a custom attribute. Fields added to a custom attribute + :::note + Multiple fields may be added to a custom attribute. Fields added to a custom attribute can be modified or deleted manually. + ::: + ## Replicas Window diff --git a/docs/accessanalyzer/11.6/admin/action/publicfolder/options.md b/docs/accessanalyzer/11.6/admin/action/publicfolder/options.md index 0a9bdaf7ea..3aa13514d2 100644 --- a/docs/accessanalyzer/11.6/admin/action/publicfolder/options.md +++ b/docs/accessanalyzer/11.6/admin/action/publicfolder/options.md @@ -8,7 +8,10 @@ sidebar_position: 70 Use the Options page to edit the thread settings. -**CAUTION:** Increasing the thread count increases the processing load on the servers. +:::warning +Increasing the thread count increases the processing load on the servers. +::: + ![Public Folder Action Module Wizard Options page](/img/product_docs/accessanalyzer/11.6/admin/action/publicfolder/options.webp) diff --git a/docs/accessanalyzer/11.6/admin/action/publicfolder/overview.md b/docs/accessanalyzer/11.6/admin/action/publicfolder/overview.md index b615e74c39..c54613f650 100644 --- a/docs/accessanalyzer/11.6/admin/action/publicfolder/overview.md +++ b/docs/accessanalyzer/11.6/admin/action/publicfolder/overview.md @@ -14,12 +14,18 @@ and to configure the operations performed against the selected folders. Prior to configuring the Pubic Folder Action Module Wizard, scope the source data table to ensure the actions apply only to the desired folders. -**CAUTION:** Be careful when using this action module. Make sure that only the changes required are +:::warning +Be careful when using this action module. Make sure that only the changes required are applied and only to those target folders desired. Always verify the data prior to execution of any action. +::: -**_RECOMMENDED:_** Although rollbacks for some actions are available, having to use one should be + +:::info +Although rollbacks for some actions are available, having to use one should be avoided +::: + ## Configuration diff --git a/docs/accessanalyzer/11.6/admin/action/publicfolder/prioractions.md b/docs/accessanalyzer/11.6/admin/action/publicfolder/prioractions.md index 398789e8dd..5a62df9cb3 100644 --- a/docs/accessanalyzer/11.6/admin/action/publicfolder/prioractions.md +++ b/docs/accessanalyzer/11.6/admin/action/publicfolder/prioractions.md @@ -9,8 +9,11 @@ sidebar_position: 20 The Prior Actions page selects previously executed actions for rollback. It is a wizard page when **Rollback a previously executed action** is selected on the Action page. -**NOTE:** Once an action is selected and saved, and the wizard is closed, this page is no longer +:::note +Once an action is selected and saved, and the wizard is closed, this page is no longer available and the selection cannot be altered. +::: + ![Public Folder Action Module Wizard Prior Actions page](/img/product_docs/accessanalyzer/11.6/admin/action/publicfolder/prioractions.webp) diff --git a/docs/accessanalyzer/11.6/admin/action/registry/operations.md b/docs/accessanalyzer/11.6/admin/action/registry/operations.md index de94240c00..bfa62dc0bc 100644 --- a/docs/accessanalyzer/11.6/admin/action/registry/operations.md +++ b/docs/accessanalyzer/11.6/admin/action/registry/operations.md @@ -17,7 +17,10 @@ Select and configure the operations using the following options: - Add operation – Use the drop-down menu to select an operation to perform on the target host. This opens a corresponding window for configuration. Operations include: - **NOTE:** Window options vary based on the operation selected from the drop-down menu. + :::note + Window options vary based on the operation selected from the drop-down menu. + ::: + - New Registry Value – Used to add a new registry value to the list - Modify registry value – Used to modify an existing registry value in the list diff --git a/docs/accessanalyzer/11.6/admin/action/registry/overview.md b/docs/accessanalyzer/11.6/admin/action/registry/overview.md index f438b0b0a6..fce78f4973 100644 --- a/docs/accessanalyzer/11.6/admin/action/registry/overview.md +++ b/docs/accessanalyzer/11.6/admin/action/registry/overview.md @@ -14,11 +14,17 @@ a column containing the hosts to be targeted. Prior to configuring the Registry Action Module Wizard, scope the source data table to ensure the actions apply only to the desired hosts. -**CAUTION:** Unexpected values in the registry can cause major system failures when deleting or +:::warning +Unexpected values in the registry can cause major system failures when deleting or modifying registry items. +::: -**_RECOMMENDED:_** Backup the system registry before making changes using the Registry action + +:::info +Backup the system registry before making changes using the Registry action module. +::: + ## Registry Action Source Table Configuration diff --git a/docs/accessanalyzer/11.6/admin/action/sendmail/message.md b/docs/accessanalyzer/11.6/admin/action/sendmail/message.md index 9872ada8f7..9e9b9624df 100644 --- a/docs/accessanalyzer/11.6/admin/action/sendmail/message.md +++ b/docs/accessanalyzer/11.6/admin/action/sendmail/message.md @@ -70,7 +70,7 @@ Dear [ProbableOwner]; You are approaching your Mailbox storage quota. Please clean up any unneeded items. -Thank you, +**Thank you,** The Messaging Team diff --git a/docs/accessanalyzer/11.6/admin/action/sendmail/overview.md b/docs/accessanalyzer/11.6/admin/action/sendmail/overview.md index 11e1f242b8..f6b0041598 100644 --- a/docs/accessanalyzer/11.6/admin/action/sendmail/overview.md +++ b/docs/accessanalyzer/11.6/admin/action/sendmail/overview.md @@ -15,8 +15,11 @@ The SendMail Action Module has multiple uses, for example: - In combination with other Enterprise Auditor action modules such as Survey, create an end-to-end workflow to contact clients and solicit feedback for use in the decision-making process -**CAUTION:** This module sends one or more electronic messages to a selected audience. Prior to +:::warning +This module sends one or more electronic messages to a selected audience. Prior to executing the action, ensure the audience consists of only the desired members. +::: + ## Source Table Configuration diff --git a/docs/accessanalyzer/11.6/admin/action/servicenow/authentication.md b/docs/accessanalyzer/11.6/admin/action/servicenow/authentication.md index 46ac47eea3..aa82147e10 100644 --- a/docs/accessanalyzer/11.6/admin/action/servicenow/authentication.md +++ b/docs/accessanalyzer/11.6/admin/action/servicenow/authentication.md @@ -22,5 +22,8 @@ Use the following options to log into a ServiceNow account: - Instance – Domain name for the ServiceNow account - User Name/Password – Specify the credentials to access the ServiceNow account -**NOTE:** ServiceNow accounts must have an administrator role to modify incidents on the +:::note +ServiceNow accounts must have an administrator role to modify incidents on the configuration page. + +::: diff --git a/docs/accessanalyzer/11.6/admin/action/servicenow/overview.md b/docs/accessanalyzer/11.6/admin/action/servicenow/overview.md index a01de4baa4..8015b75428 100644 --- a/docs/accessanalyzer/11.6/admin/action/servicenow/overview.md +++ b/docs/accessanalyzer/11.6/admin/action/servicenow/overview.md @@ -90,7 +90,10 @@ contains the following wizard pages: - [ServiceNow Action: Description](/docs/accessanalyzer/11.6/admin/action/servicenow/description.md) - [ServiceNow Action: Summary](/docs/accessanalyzer/11.6/admin/action/servicenow/summary.md) -**NOTE:** Not all pages may be accessible unless the user has a configured ServiceNow account. +:::note +Not all pages may be accessible unless the user has a configured ServiceNow account. +::: + The Welcome page displays first in the ServiceNow Action Module Wizard. Review the introductory and caution information about the ServiceNow Action Module. diff --git a/docs/accessanalyzer/11.6/admin/action/survey/overview.md b/docs/accessanalyzer/11.6/admin/action/survey/overview.md index a3a042741e..e6d8a67671 100644 --- a/docs/accessanalyzer/11.6/admin/action/survey/overview.md +++ b/docs/accessanalyzer/11.6/admin/action/survey/overview.md @@ -14,9 +14,12 @@ by the user. Once the survey is defined, a list of recipients can then be specif the action, the process simultaneously sends an email to the recipients containing a link to the survey and creates a web page to host the survey. -**CAUTION:** This module sends one or more electronic messages to a selected audience. Prior to +:::warning +This module sends one or more electronic messages to a selected audience. Prior to executing the action, ensure the audience consists of only the desired members. Netwrix recommends using this and all other Enterprise Auditor actions with caution. +::: + ## Survey Action Source Table Configuration diff --git a/docs/accessanalyzer/11.6/admin/action/webrequest/destination.md b/docs/accessanalyzer/11.6/admin/action/webrequest/destination.md index da3ecbfc70..a91fcc7e6a 100644 --- a/docs/accessanalyzer/11.6/admin/action/webrequest/destination.md +++ b/docs/accessanalyzer/11.6/admin/action/webrequest/destination.md @@ -14,9 +14,12 @@ Use the following categories to establish the location of the web request: - Insert field – Select a field using the drop-down menu - **NOTE:** The fields available varies based on the source table columns. + :::note + The fields available varies based on the source table columns. + ::: -Destination Information + +**Destination Information** - Method – Use the dropdown to select a method from the following: @@ -42,7 +45,10 @@ Destination Information the blue down-arrow to add it to the Resource box - Manually enter a resource in the textbox - **NOTE:** A red circle with an x indicates that the Resource field cannot be empty. + :::note + A red circle with an x indicates that the Resource field cannot be empty. + ::: + - Authentication – Select an authentication method from the following: @@ -55,7 +61,7 @@ Destination Information example, Basic [Base64 encoded credentials] or Bearer [JWT token] for Basic and JWT authentication respectively). -Test Connection +**Test Connection** - Drop-down menu – Select a method to test. Currently locked to GET. - URI textbox – Input the resource to receive the test message @@ -64,8 +70,11 @@ Test Connection down-arrow to add it to the URI textbox - Manually enter a resource in the field - **NOTE:** Red circle with x indicates + :::note + Red circle with x indicates `Invalid URI: The format of the URI could not be determined`. + ::: + - Test – Tests the connection for the request using the first row of the source table - Text box – Shows log messages from the connection test diff --git a/docs/accessanalyzer/11.6/admin/action/webrequest/header.md b/docs/accessanalyzer/11.6/admin/action/webrequest/header.md index a0aba8e613..fc7d68624f 100644 --- a/docs/accessanalyzer/11.6/admin/action/webrequest/header.md +++ b/docs/accessanalyzer/11.6/admin/action/webrequest/header.md @@ -14,7 +14,10 @@ Use the following options to enter header values: - Insert field – Select a field to include in the request using the drop-down menu - **NOTE:** The fields available varies based on the source table columns. + :::note + The fields available varies based on the source table columns. + ::: + - Use the radio buttons to indicate: diff --git a/docs/accessanalyzer/11.6/admin/action/webrequest/overview.md b/docs/accessanalyzer/11.6/admin/action/webrequest/overview.md index dbecd4b232..4eba295f98 100644 --- a/docs/accessanalyzer/11.6/admin/action/webrequest/overview.md +++ b/docs/accessanalyzer/11.6/admin/action/webrequest/overview.md @@ -10,8 +10,11 @@ The Web Request action module provides methods of applying bulk changes to REST stage, target endpoints should be identified to invoke web requests against. This wizard allows the definition of requests to perform. -**CAUTION:** Ensure that only the changes required are applied and only those target systems desired +:::warning +Ensure that only the changes required are applied and only those target systems desired when using this action module. +::: + ## Configuration diff --git a/docs/accessanalyzer/11.6/admin/action/webrequest/parameters.md b/docs/accessanalyzer/11.6/admin/action/webrequest/parameters.md index 79c1979144..276734222e 100644 --- a/docs/accessanalyzer/11.6/admin/action/webrequest/parameters.md +++ b/docs/accessanalyzer/11.6/admin/action/webrequest/parameters.md @@ -14,7 +14,10 @@ Enter parameter values using the following options: - Insert Field – Select a field to include in the request from the drop-down menu. - **NOTE:** The fields available varies based on the source table. + :::note + The fields available varies based on the source table. + ::: + - Green circle with plus sign – Add a custom attribute. This opens the Custom Attribute Editor Window. See the [Custom Attribute Editor Window](#custom-attribute-editor-window) topic for diff --git a/docs/accessanalyzer/11.6/admin/analysis/autoaction.md b/docs/accessanalyzer/11.6/admin/analysis/autoaction.md index 1f51a3f56a..254e1889ec 100644 --- a/docs/accessanalyzer/11.6/admin/analysis/autoaction.md +++ b/docs/accessanalyzer/11.6/admin/analysis/autoaction.md @@ -10,9 +10,12 @@ The Auto Action analysis module executes a pre-configured action as part of the execution. To add an action to an analysis via the Auto Action analysis module, the action must already exist and it must reside within the current job. -**NOTE:** The Actions node can also automatically execute actions. See the +:::note +The Actions node can also automatically execute actions. See the [Action Modules](/docs/accessanalyzer/11.6/admin/action/overview.md) topic for additional information. +::: + ## Select Action Window diff --git a/docs/accessanalyzer/11.6/admin/analysis/changedetection/input.md b/docs/accessanalyzer/11.6/admin/analysis/changedetection/input.md index fdd583868c..bea1bc05df 100644 --- a/docs/accessanalyzer/11.6/admin/analysis/changedetection/input.md +++ b/docs/accessanalyzer/11.6/admin/analysis/changedetection/input.md @@ -14,5 +14,8 @@ The configurable option is: - Please select a data source – Select a data source table from the list - **NOTE:** The selectable data sources change based on which option is selected on the Input + :::note + The selectable data sources change based on which option is selected on the Input Scope page. + + ::: diff --git a/docs/accessanalyzer/11.6/admin/analysis/changedetection/inputscope.md b/docs/accessanalyzer/11.6/admin/analysis/changedetection/inputscope.md index 48bd59ac9b..27a12d8414 100644 --- a/docs/accessanalyzer/11.6/admin/analysis/changedetection/inputscope.md +++ b/docs/accessanalyzer/11.6/admin/analysis/changedetection/inputscope.md @@ -17,4 +17,7 @@ Identify the scope of the data source from the following options: database - All tables in the database – Select all tables within the SQL Server database -**NOTE:** This selection affects the tables that are available for selection on the Input page. +:::note +This selection affects the tables that are available for selection on the Input page. + +::: diff --git a/docs/accessanalyzer/11.6/admin/analysis/notification/smtp.md b/docs/accessanalyzer/11.6/admin/analysis/notification/smtp.md index 5e580040d5..7692dff1b8 100644 --- a/docs/accessanalyzer/11.6/admin/analysis/notification/smtp.md +++ b/docs/accessanalyzer/11.6/admin/analysis/notification/smtp.md @@ -23,8 +23,11 @@ The following options are available: - Subject – Specify a subject for the email. The subject can include field variables. - **_RECOMMENDED:_** If configuring a Notification analysis module for a pre-configured job, it is + :::info + If configuring a Notification analysis module for a pre-configured job, it is recommended not to change the existing field variables. + ::: + - Insert Field – Select a source data column to add to the message body or subject line. Click the drop-down to see a list of columns. Once the column displays in the field, click an arrow to @@ -41,7 +44,10 @@ The following options are available: overwritten through manual configuration - Preview – Displays a preview of the email. - **NOTE:** The preview may not show any or all of the filters applied in previous steps. + :::note + The preview may not show any or all of the filters applied in previous steps. + ::: + - Clear Template – Clears all data from the subject and message boxes. Does not clear e-mail addresses. diff --git a/docs/accessanalyzer/11.6/admin/analysis/notification/tabletype.md b/docs/accessanalyzer/11.6/admin/analysis/notification/tabletype.md index fdefc57104..40a38b9941 100644 --- a/docs/accessanalyzer/11.6/admin/analysis/notification/tabletype.md +++ b/docs/accessanalyzer/11.6/admin/analysis/notification/tabletype.md @@ -20,12 +20,15 @@ The following options are available: [Notification: Select Table](/docs/accessanalyzer/11.6/admin/analysis/notification/selecttable.md) topic for additional information. - **NOTE:** Change Detection Table also locks selections to tables on the Select Table page that + :::note + Change Detection Table also locks selections to tables on the Select Table page that are selected through Other. To select tables outside of **Show only tables for this job**, select Other on the Table Type page, then select either **Show All Tables** or **Show All SA Tables**, then click back to return to the Table Type page. Now selecting Change Detection Table and proceeding defaults the selection on the Select Table page to whichever was previously selected through Other. + ::: + - Other – Sends a notification based on a value within a selected table. Selecting this option enables the following options on the Select Table page, each of which lists a specific set of diff --git a/docs/accessanalyzer/11.6/admin/analysis/notification/timewindow.md b/docs/accessanalyzer/11.6/admin/analysis/notification/timewindow.md index 9a90d133c7..1e4cea1fdf 100644 --- a/docs/accessanalyzer/11.6/admin/analysis/notification/timewindow.md +++ b/docs/accessanalyzer/11.6/admin/analysis/notification/timewindow.md @@ -15,5 +15,8 @@ The following option is available: - Only include rows from most recent run for `[]` – Select the checkbox to scope the task to the most recent data - **NOTE:** The checkbox is only enabled if the table selected on the Select Table page has a + :::note + The checkbox is only enabled if the table selected on the Select Table page has a Enterprise Auditor **JobRunTimeKey** property. Otherwise, the checkbox is cleared by default. + + ::: diff --git a/docs/accessanalyzer/11.6/admin/analysis/overview.md b/docs/accessanalyzer/11.6/admin/analysis/overview.md index 49e8feafc5..18ae5dc046 100644 --- a/docs/accessanalyzer/11.6/admin/analysis/overview.md +++ b/docs/accessanalyzer/11.6/admin/analysis/overview.md @@ -65,7 +65,10 @@ The Analysis Selection page has the following options: Moving tasks up or down the list changes the order in which the task is run when the job is executed. - **NOTE:** Tasks can be drag-and-dropped to change position in the list. + :::note + Tasks can be drag-and-dropped to change position in the list. + ::: + - Select All – Enables/disables all tasks in the list - The **Validate**, **Validate Selected**, and **Edit Rules** buttons are specific to the Business diff --git a/docs/accessanalyzer/11.6/admin/analysis/sqlscripting.md b/docs/accessanalyzer/11.6/admin/analysis/sqlscripting.md index 0236d9eac2..120fd68032 100644 --- a/docs/accessanalyzer/11.6/admin/analysis/sqlscripting.md +++ b/docs/accessanalyzer/11.6/admin/analysis/sqlscripting.md @@ -52,7 +52,10 @@ SQLscripting and users. The window only displays when **Parameters** is clicked. ![Parameters window](/img/product_docs/accessanalyzer/11.6/admin/analysis/sqlscriptparameters.webp) -**CAUTION:** not modify any parameters where the Value states `Created during execution`. +:::warning +not modify any parameters where the Value states `Created during execution`. +::: + The Parameters window has the following options: diff --git a/docs/accessanalyzer/11.6/admin/analysis/sqlviewcreation/columns.md b/docs/accessanalyzer/11.6/admin/analysis/sqlviewcreation/columns.md index 314aa32dfd..014e766953 100644 --- a/docs/accessanalyzer/11.6/admin/analysis/sqlviewcreation/columns.md +++ b/docs/accessanalyzer/11.6/admin/analysis/sqlviewcreation/columns.md @@ -50,10 +50,13 @@ The grid provides the following options for formatting the resulting table or vi - Ascending - Descending -**NOTE:** If at least one columns is sorted by value, the **With ties** option is enabled on the +:::note +If at least one columns is sorted by value, the **With ties** option is enabled on the Result Constraints page. See the [SQLViewCreation: Result Constraints](/docs/accessanalyzer/11.6/admin/analysis/sqlviewcreation/resultconstraints.md) topic for additional information. +::: + After selecting the columns to include in the resulting table or view, click **Next** to further filter the sourced data. diff --git a/docs/accessanalyzer/11.6/admin/analysis/sqlviewcreation/input.md b/docs/accessanalyzer/11.6/admin/analysis/sqlviewcreation/input.md index 493e961284..899f786688 100644 --- a/docs/accessanalyzer/11.6/admin/analysis/sqlviewcreation/input.md +++ b/docs/accessanalyzer/11.6/admin/analysis/sqlviewcreation/input.md @@ -16,8 +16,11 @@ selection made on the Input Scope page. To join or aggregate data from two table table at the second drop-down menu. To remove the second table from the field, click the **X** button. -**NOTE:** It is important to choose tables that are compatible with one another or share similar +:::note +It is important to choose tables that are compatible with one another or share similar columns. +::: + When the two sources of data are selected, click **Next** to create a joint column within the resulting table or view. diff --git a/docs/accessanalyzer/11.6/admin/analysis/sqlviewcreation/joincolumns.md b/docs/accessanalyzer/11.6/admin/analysis/sqlviewcreation/joincolumns.md index 9205f51f0e..e22dd087dd 100644 --- a/docs/accessanalyzer/11.6/admin/analysis/sqlviewcreation/joincolumns.md +++ b/docs/accessanalyzer/11.6/admin/analysis/sqlviewcreation/joincolumns.md @@ -10,11 +10,14 @@ Use the Join Columns page to select a column from each source table to join toge resulting table or view. The options on this page are only enabled if two tables are selected on the Input Source page. -**NOTE:** The SQLViewCreation analysis module can join two tables, using a simple equi-join +:::note +The SQLViewCreation analysis module can join two tables, using a simple equi-join condition of two predicates. For composite joins with two or more tables using a conjunction of predicates, use the SQLscripting analysis module. See the [SQLscripting Analysis Module](/docs/accessanalyzer/11.6/admin/analysis/sqlscripting.md) topic for additional information. +::: + ![View and Table Creation Analysis Module wizard Join Columns page](/img/product_docs/accessanalyzer/11.6/admin/analysis/sqlviewcreation/joincolumns.webp) @@ -31,7 +34,10 @@ The following options are available: - Join Type – Select a join type from the drop-down: - **NOTE:** Left is the first table referenced, right is the second table. + :::note + Left is the first table referenced, right is the second table. + ::: + - Inner Join – Returns records that have matching values in both tables - Right Outer Join – Returns all records from the left table, and the matched records from the @@ -40,9 +46,12 @@ The following options are available: left table - Full Outer Join – Return all records when there is a match in either left or right table -**NOTE:** The join property is the column found within both tables. The two columns can have +:::note +The join property is the column found within both tables. The two columns can have different names. However, in the results set, everywhere a value in the first column matches the value in the second column, rows from the respective tables are joined together. +::: + After selecting a column from each data source to join, click **Next** to select columns to transfer to the resulting table or view. diff --git a/docs/accessanalyzer/11.6/admin/analysis/sqlviewcreation/overview.md b/docs/accessanalyzer/11.6/admin/analysis/sqlviewcreation/overview.md index c2b8d3ca72..51f5485f0c 100644 --- a/docs/accessanalyzer/11.6/admin/analysis/sqlviewcreation/overview.md +++ b/docs/accessanalyzer/11.6/admin/analysis/sqlviewcreation/overview.md @@ -10,8 +10,11 @@ The SQLViewCreation analysis module provides the ability to create new views or in Enterprise Auditor actions and reports. These views or tables are re-created during job execution. -**CAUTION:** Consider the impact on storage and performance when choosing to create views versus +:::warning +Consider the impact on storage and performance when choosing to create views versus tables. Tables require more storage space in the database. +::: + ## Configuration diff --git a/docs/accessanalyzer/11.6/admin/analysis/sqlviewcreation/resultconstraints.md b/docs/accessanalyzer/11.6/admin/analysis/sqlviewcreation/resultconstraints.md index 2bf07e1858..57f15d8ee5 100644 --- a/docs/accessanalyzer/11.6/admin/analysis/sqlviewcreation/resultconstraints.md +++ b/docs/accessanalyzer/11.6/admin/analysis/sqlviewcreation/resultconstraints.md @@ -21,11 +21,14 @@ Select one of the following options to choose if and how much data should be ret To include only one instance of identical values, do not select this option.. See the [With Ties Example](#with-ties-example) topic for additional information. - **NOTE:** This field is enabled by sorting at least one column in the table by value (for + :::note + This field is enabled by sorting at least one column in the table by value (for SQL, only a sorted column can contain ties). To sort columns, use the **Order By Operation** field on the Columns page. See the [SQLViewCreations: Columns](/docs/accessanalyzer/11.6/admin/analysis/sqlviewcreation/columns.md) topic for additional information. + ::: + ## With Ties Example @@ -46,5 +49,8 @@ However, if the first three values in the sort column are unique but the fourth fifth, selecting the **With ties** option returns the first three rows as well as both the fourth and fifth rows for a total of five rows. -**NOTE:** If sorting multiple columns, **With ties** evaluates all sorted columns to determine ties +:::note +If sorting multiple columns, **With ties** evaluates all sorted columns to determine ties between columns with the same inputs. + +::: diff --git a/docs/accessanalyzer/11.6/admin/analysis/sqlviewcreation/resultsample.md b/docs/accessanalyzer/11.6/admin/analysis/sqlviewcreation/resultsample.md index fb27a73c33..bebb770de0 100644 --- a/docs/accessanalyzer/11.6/admin/analysis/sqlviewcreation/resultsample.md +++ b/docs/accessanalyzer/11.6/admin/analysis/sqlviewcreation/resultsample.md @@ -13,7 +13,10 @@ Use this page to preview a sampling of the completed data manipulation. Click **Show Preview** to populate the window with the selections from the previous pages. If the window does not populate, check the configurations for errors and try again. -**NOTE:** The **Show Preview** option does not always apply the filter conditions specified within +:::note +The **Show Preview** option does not always apply the filter conditions specified within the wizard, but the resulting table or view applies all filters. +::: + If the preview is satisfactory, click **Next** to continue. diff --git a/docs/accessanalyzer/11.6/admin/analysis/sqlviewcreation/timewindow.md b/docs/accessanalyzer/11.6/admin/analysis/sqlviewcreation/timewindow.md index 0dc8f6cf93..f7e22986ba 100644 --- a/docs/accessanalyzer/11.6/admin/analysis/sqlviewcreation/timewindow.md +++ b/docs/accessanalyzer/11.6/admin/analysis/sqlviewcreation/timewindow.md @@ -17,8 +17,11 @@ data was collected: - Source Data Details – Choose a data source. This option is for when the selected tables are from two separate Enterprise Auditor Consoles using tables generated by the same job. - **NOTE:** This section is enabled after selecting **All Enterprise Auditor Tables** or **All + :::note + This section is enabled after selecting **All Enterprise Auditor Tables** or **All tables in the database** on the Input Scope page. + ::: + - All data – Uses all data available from the selected option on the Input Scope page and merges the data diff --git a/docs/accessanalyzer/11.6/admin/datacollector/activedirectory/overview.md b/docs/accessanalyzer/11.6/admin/datacollector/activedirectory/overview.md index f98740d292..33d3331f57 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/activedirectory/overview.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/activedirectory/overview.md @@ -12,19 +12,19 @@ available with a special Enterprise Auditor license. See the [Active Directory Solution](/docs/accessanalyzer/11.6/solutions/activedirectory/overview.md) topic for additional information. -Protocols +**Protocols** - ADSI - LDAP - RPC -Ports +**Ports** - TCP 389/636 - TCP 135-139 - Randomly allocated high TCP ports -Permissions +**Permissions** - Member of the Domain Administrators group diff --git a/docs/accessanalyzer/11.6/admin/datacollector/adactivity/cleartables.md b/docs/accessanalyzer/11.6/admin/datacollector/adactivity/cleartables.md index 6cc7b4a8c3..f741bbd791 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/adactivity/cleartables.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/adactivity/cleartables.md @@ -24,5 +24,8 @@ to display a confirmation of successful removal in the results after the job is **Step 4 –** Click **Next** and then Click **Finish** to close the Active Directory Activity DC Wizard. Click **OK** to close the Query Properties window. -**CAUTION:** When the job is run, all of the ADActivity standard reference tables are removed from +:::warning +When the job is run, all of the ADActivity standard reference tables are removed from the database. + +::: diff --git a/docs/accessanalyzer/11.6/admin/datacollector/adactivity/connection.md b/docs/accessanalyzer/11.6/admin/datacollector/adactivity/connection.md index e20da1bffc..b056f55802 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/adactivity/connection.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/adactivity/connection.md @@ -28,9 +28,12 @@ archive via an API Server: Refresh token. - Exclude – Select archives to be ignored by the Active Directory Activity DC scan - **CAUTION:** Save the Refresh token to a Text Editor for later use. The Refresh token resets + :::warning + Save the Refresh token to a Text Editor for later use. The Refresh token resets each time the Test SAM host option is connected to. It must be replaced in the Connection profile if it is regenerated. + ::: + - Refresh token – After generation, it must replace the old Access Token from the SAM API Server configuration in the Connection Profiles required to connect to the API Server diff --git a/docs/accessanalyzer/11.6/admin/datacollector/adactivity/overview.md b/docs/accessanalyzer/11.6/admin/datacollector/adactivity/overview.md index 28fc1ae7be..6db6f96a5c 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/adactivity/overview.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/adactivity/overview.md @@ -13,16 +13,16 @@ the [Active Directory Solution](/docs/accessanalyzer/11.6/solutions/activedirectory/overview.md) topic for additional information. -Protocols +**Protocols** - HTTP - RPC -Ports +**Ports** - TCP 4494 (configurable within the Netwrix Activity Monitor) -Permissions +**Permissions** - Netwrix Activity Monitor API Access activity data - Netwrix Activity Monitor API Read diff --git a/docs/accessanalyzer/11.6/admin/datacollector/adactivity/scope.md b/docs/accessanalyzer/11.6/admin/datacollector/adactivity/scope.md index 86bae6a19e..47de5002cf 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/adactivity/scope.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/adactivity/scope.md @@ -19,8 +19,11 @@ The Timespan is defined according to the following two elements: - Relative Timespan – Number of days AD Activity is collected when the scan is run - Absolute Timespan – Set the date range for the scan to collect AD Activity - **_RECOMMENDED:_** The threshold should be set for after the Netwrix Activity Monitor collects + :::info + The threshold should be set for after the Netwrix Activity Monitor collects and archives its data but before they are deleted after a set retention period. + ::: + The Retention section sets what event type is collected and how many days Enterprise Auditor keeps the collected data in its SQL database. The table has the following columns: diff --git a/docs/accessanalyzer/11.6/admin/datacollector/adinventory/category.md b/docs/accessanalyzer/11.6/admin/datacollector/adinventory/category.md index daf48abab2..225a1a21ed 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/adinventory/category.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/adinventory/category.md @@ -23,6 +23,9 @@ The categories include the following tasks: topic for more information. - Drop Domain – Remove host domain related data from SQL server -**NOTE:** The Scan Active Directory category is the pre-configured setting for the .Active Directory +:::note +The Scan Active Directory category is the pre-configured setting for the .Active Directory Inventory Job Group. Therefore, accessing the Active Directory Inventory DC Wizard from the query within that job group does not display the Category wizard page. + +::: diff --git a/docs/accessanalyzer/11.6/admin/datacollector/adinventory/cleartables.md b/docs/accessanalyzer/11.6/admin/datacollector/adinventory/cleartables.md index ec5e79b6ae..b6d281968a 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/adinventory/cleartables.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/adinventory/cleartables.md @@ -9,8 +9,11 @@ sidebar_position: 90 Sometimes when troubleshooting an ADInventory issue, it becomes necessary to clear the standard reference tables. Follow the steps. -**CAUTION:** Be careful when using this query task. It will result in the deletion of collected +:::warning +Be careful when using this query task. It will result in the deletion of collected data. +::: + **Step 1 –** Create a new job and assign a query using the **ADInventory** Data Collector. @@ -24,8 +27,13 @@ Click **OK** to close the Query Properties window. When the job is run, all of the ADInventory standard reference tables are removed from the database. -**CAUTION:** Never leave the query task selected after job execution. Accidental data loss can +:::warning +Never leave the query task selected after job execution. Accidental data loss can occur. +::: + -_Remember,_ this job deletes data from the Enterprise Auditor database. Check the job has been +:::tip +Remember, this job deletes data from the Enterprise Auditor database. Check the job has been configured correctly prior to job execution. +::: diff --git a/docs/accessanalyzer/11.6/admin/datacollector/adinventory/options.md b/docs/accessanalyzer/11.6/admin/datacollector/adinventory/options.md index 40594477ac..ffb3085250 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/adinventory/options.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/adinventory/options.md @@ -32,7 +32,10 @@ The Options page has the following configuration options: - Limit Last Logon TimeStamp Changes – When selected, changes to the Last Logon TimeStamp Attribute are not recorded - **_RECOMMENDED:_** If tracking changes, use the Limit Last Logon TimeStamp Changes option. + :::info + If tracking changes, use the Limit Last Logon TimeStamp Changes option. + ::: + - Number of days you want to keep changes in the database – Use the arrow buttons or manually enter a number to set the number of days to keep changes diff --git a/docs/accessanalyzer/11.6/admin/datacollector/adinventory/overview.md b/docs/accessanalyzer/11.6/admin/datacollector/adinventory/overview.md index 54706ec9d9..a567bcd7bc 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/adinventory/overview.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/adinventory/overview.md @@ -18,26 +18,29 @@ solution are available with all Enterprise Auditor license options. See the [.Active Directory Inventory Solution](/docs/accessanalyzer/11.6/solutions/activedirectoryinventory/overview.md) topic for additional information. -Protocols +**Protocols** - LDAP -Ports +**Ports** - TCP 389 - TCP 135-139 - Randomly allocated high TCP ports -Permissions +**Permissions** - Read access to directory tree - List Contents & Read Property on the Deleted Objects Container - **NOTE:** See the Microsoft + :::note + See the Microsoft [Searching for Deleted Objects](https://technet.microsoft.com/en-us/library/cc978013.aspx) article and the Microsoft [Dsacls](https://technet.microsoft.com/en-us/library/cc771151(v=ws.11).aspx) article for additional information. + ::: + ## Functional Design of the ADInventory Data Collector diff --git a/docs/accessanalyzer/11.6/admin/datacollector/adinventory/standardtables.md b/docs/accessanalyzer/11.6/admin/datacollector/adinventory/standardtables.md index 39c4c1feb1..1a4a8f00d3 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/adinventory/standardtables.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/adinventory/standardtables.md @@ -12,24 +12,25 @@ writes data to these tables regardless of the job executing the query. These tables and their associated views are outlined below: -| Table | Details | AD Object Reference Article | -| ------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | -| SA_ADInventory_AttributeChanges | Contains a list of principal identifiers and their corresponding attribute changes for each differential scan that is performed against a domain. | [Active Directory Schema](https://learn.microsoft.com/en-gb/windows/win32/adschema/active-directory-schema) | -| SA_ADInventory_Computers | Contains extended information about computers, operating systems, service packs, etc. | [Computer class](https://learn.microsoft.com/en-gb/windows/win32/adschema/c-computer) | -| SA_ADInventory_DistinguishedNames | Contains every distinguished name collected from principals and group membership. | [Attribute distinguishedName](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-ada1/56da5a9b-485d-4d7c-a226-1a54a43d9013) | -| SA_ADInventory_Domains | Contains information about the domain such as its naming context and when it was last scanned. | [Domain class](https://learn.microsoft.com/en-gb/windows/win32/adschema/c-domain) | -| SA_ADInventory_EffectiveGroupMembers | Contains expanded group membership which includes a flattened representation of members. | | -| SA_ADInventory_Exceptions | Contains information about security issues and concerns. **NOTE:** See the [AD Exception Types Translated](#ad-exception-types-translated) topic for an explanation of Exception Types. | | -| SA_ADInventory_ExceptionTypes | Identifies how many instances of exceptions exist on the audited domain. **NOTE:** See the [AD Exception Types Translated](#ad-exception-types-translated) topic for an explanation of Exception Types. | | -| SA_ADInventory_Exchange | Contains information about the Exchange Server, each database and storage group, and the HomeMDB property. | [ms-Exch-Home-MDB Attribute](https://learn.microsoft.com/en-us/previous-versions/office/developer/exchange-server-2003/ms980583(v=exchg.65)) | -| SA_ADInventory_ExtendedAttributes | Contains information gathered by the custom attributes component of the query configuration. | [Active Directory Schema](https://learn.microsoft.com/en-gb/windows/win32/adschema/active-directory-schema) | -| SA_ADInventory_GroupMemberChanges | Contains a list of group principal identifiers and their corresponding membership changes for each differential scan that is performed against a domain. | [Member attribute](https://learn.microsoft.com/en-gb/windows/win32/adschema/a-member) | -| SA_ADInventory_GroupMembers | Contains a map of groups to member distinguished names. | [Member attribute](https://learn.microsoft.com/en-gb/windows/win32/adschema/a-member) | -| SA_ADInventory_Groups | Contains extended information about groups, group type, managed by, etc. | [Group class](https://learn.microsoft.com/en-gb/windows/win32/adschema/c-group) | -| SA_ADInventory_ImportHistory | Contains a list of all imports performed against a particular domain along with when the import happened and the GUID of the domain controller that was scanned. | | -| SA_ADInventory_Principals | Contains common attributes for users, groups, and computers as well as references to their primary distinguished name and security identifiers. | [Security-Principal class](https://learn.microsoft.com/en-gb/windows/win32/adschema/c-securityprincipal) | -| SA_ADInventory_SecurityIdentifiers | Contains every SID collected from the principals, including historical identifiers. | [Security-Identifier attribute](https://learn.microsoft.com/en-gb/windows/win32/adschema/a-securityidentifier) | -| SA_ADInventory_Users | Contains extended information about users, department, title, etc. | [User class](https://learn.microsoft.com/en-gb/windows/win32/adschema/c-user) | +| Table | Details | AD Object Reference Article | +| ------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | +| SA_ADInventory_AttributeChanges | Contains a list of principal identifiers and their corresponding attribute changes for each differential scan that is performed against a domain. | [Active Directory Schema](https://learn.microsoft.com/en-gb/windows/win32/adschema/active-directory-schema) | +| SA_ADInventory_Computers | Contains extended information about computers, operating systems, service packs, etc. | [Computer class](https://learn.microsoft.com/en-gb/windows/win32/adschema/c-computer) | +| SA_ADInventory_DistinguishedNames | Contains every distinguished name collected from principals and group membership. | [Attribute distinguishedName](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-ada1/56da5a9b-485d-4d7c-a226-1a54a43d9013) | +| SA_ADInventory_Domains | Contains information about the domain such as its naming context and when it was last scanned. | [Domain class](https://learn.microsoft.com/en-gb/windows/win32/adschema/c-domain) | +| SA_ADInventory_EffectiveGroupMembers | Contains expanded group membership which includes a flattened representation of members. | | +| SA_ADInventory_Exceptions | Contains information about security issues and concerns.
**NOTE:** See the [AD Exception Types Translated](#ad-exception-types-translated) topic for an explanation of Exception Types. | | +| SA_ADInventory_ExceptionTypes | Identifies how many instances of exceptions exist on the audited domain.
**NOTE:** See the [AD Exception Types Translated](#ad-exception-types-translated) topic for an explanation of Exception Types. | | +| SA_ADInventory_Exchange | Contains information about the Exchange Server, each database and storage group, and the HomeMDB property. | [ms-Exch-Home-MDB Attribute](https://learn.microsoft.com/en-us/previous-versions/office/developer/exchange-server-2003/ms980583(v=exchg.65)) | +| SA_ADInventory_ExtendedAttributes | Contains information gathered by the custom attributes component of the query configuration. | [Active Directory Schema](https://learn.microsoft.com/en-gb/windows/win32/adschema/active-directory-schema) | +| SA_ADInventory_GroupMemberChanges | Contains a list of group principal identifiers and their corresponding membership changes for each differential scan that is performed against a domain. | [Member attribute](https://learn.microsoft.com/en-gb/windows/win32/adschema/a-member) | +| SA_ADInventory_GroupMembers | Contains a map of groups to member distinguished names. | [Member attribute](https://learn.microsoft.com/en-gb/windows/win32/adschema/a-member) | +| SA_ADInventory_Groups | Contains extended information about groups, group type, managed by, etc. | [Group class](https://learn.microsoft.com/en-gb/windows/win32/adschema/c-group) | +| SA_ADInventory_ImportHistory | Contains a list of all imports performed against a particular domain along with when the import happened and the GUID of the domain controller that was scanned. | | +| SA_ADInventory_Principals | Contains common attributes for users, groups, and computers as well as references to their primary distinguished name and security identifiers. | [Security-Principal class](https://learn.microsoft.com/en-gb/windows/win32/adschema/c-securityprincipal) | +| SA_ADInventory_SecurityIdentifiers | Contains every SID collected from the principals, including historical identifiers. | [Security-Identifier attribute](https://learn.microsoft.com/en-gb/windows/win32/adschema/a-securityidentifier) | +| SA_ADInventory_Users | Contains extended information about users, department, title, etc. | [User class](https://learn.microsoft.com/en-gb/windows/win32/adschema/c-user) | + Views are the recommended way for you to obtain the information gathered by the ADInventory Data Collector. They contain additional information for building queries easily. diff --git a/docs/accessanalyzer/11.6/admin/datacollector/adpermissions/overview.md b/docs/accessanalyzer/11.6/admin/datacollector/adpermissions/overview.md index deb573086b..dc95436186 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/adpermissions/overview.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/adpermissions/overview.md @@ -12,19 +12,19 @@ and the solution are available with a special Enterprise Auditor license. See th [Active Directory Permissions Analyzer Solution](/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/overview.md) topic for additional information. -Protocols +**Protocols** - ADSI - LDAP - RPC -Ports +**Ports** - TCP 389 - TCP 135 – 139 - Randomly allocated high TCP ports -Permissions +**Permissions** - LDAP Read permissions - Read on all AD objects diff --git a/docs/accessanalyzer/11.6/admin/datacollector/adpermissions/removetables.md b/docs/accessanalyzer/11.6/admin/datacollector/adpermissions/removetables.md index 702c58060d..06eaf2440e 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/adpermissions/removetables.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/adpermissions/removetables.md @@ -11,7 +11,10 @@ issue, create a new job using it as the query source and select the Remove Table Connection Profile applied should be the same as the one used for the associated **Active Directory Permissions Analyzer** > **0.Collection** Job. Follow the steps. -**CAUTION:** Using this query task results in the deletion of collected data. +:::warning +Using this query task results in the deletion of collected data. +::: + **Step 1 –** Create a new job and assign a query using the **ADPermissions** Data Collector. @@ -27,8 +30,14 @@ the **Remove Tables** category and click **Next**. When the job is run, all of the ADPermissions standard reference tables are removed from the database. -_Remember,_ this job deletes data from the Enterprise Auditor database. Ensure the job has been +:::tip +Remember, this job deletes data from the Enterprise Auditor database. Ensure the job has been configured correctly prior to executing the job. +::: + -**CAUTION:** Never leave the query task selected after the job has been executed. Accidental data +:::warning +Never leave the query task selected after the job has been executed. Accidental data loss can occur. + +::: diff --git a/docs/accessanalyzer/11.6/admin/datacollector/aws/criteria.md b/docs/accessanalyzer/11.6/admin/datacollector/aws/criteria.md index b7d5397735..b56c772eae 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/aws/criteria.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/aws/criteria.md @@ -28,8 +28,11 @@ The table contains the following types of criteria: - System Criteria – Lists pre-defined criteria - User Criteria – Lists user-defined criteria -**NOTE:** Until the Sensitive Data Discovery Add-On is installed, only the headers for the System +:::note +Until the Sensitive Data Discovery Add-On is installed, only the headers for the System Criteria and User Criteria nodes are visible in the table. +::: + User-defined criteria is created in the Criteria Editor, accessed through the **Global Settings** > **Sensitive Data** node. See the diff --git a/docs/accessanalyzer/11.6/admin/datacollector/aws/droptables.md b/docs/accessanalyzer/11.6/admin/datacollector/aws/droptables.md index 2c38a749b2..2b5b4148a4 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/aws/droptables.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/aws/droptables.md @@ -23,8 +23,14 @@ tables from the Enterprise Auditor database. Follow the steps to configure a job **Step 5 –** Click **Next** and then click **Finish** to close the Amazon Web Services Data Collector Wizard. Click **OK** to close the Query Properties window. -**CAUTION:** When the job is run, all of the AWS DC data and tables are removed from the database. +:::warning +When the job is run, all of the AWS DC data and tables are removed from the database. +::: + The job is now configured and ready to run. -**NOTE:** An AWS connection profile is not required for the Drop AWS DC Tables task. +:::note +An AWS connection profile is not required for the Drop AWS DC Tables task. + +::: diff --git a/docs/accessanalyzer/11.6/admin/datacollector/aws/loginroles.md b/docs/accessanalyzer/11.6/admin/datacollector/aws/loginroles.md index 1441d1b19c..8dcf6ed1cc 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/aws/loginroles.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/aws/loginroles.md @@ -16,7 +16,7 @@ the categories of: ![AWS Query Login Roles](/img/product_docs/accessanalyzer/11.6/admin/datacollector/aws/loginroles.webp) Add the login roles that will allow Enterprise Auditor to scan the AWS accounts. See the -[Configure AWS for Scans](/docs/accessanalyzer/11.6/requirements/aws/aws_2.md) +[Configure AWS for Scans](/docs/accessanalyzer/11.6/requirements/aws/configurescans.md) topic for additional information. The page has the following options: - Import From File – Browse to the location of a CSV file from which to import the roles diff --git a/docs/accessanalyzer/11.6/admin/datacollector/aws/overview.md b/docs/accessanalyzer/11.6/admin/datacollector/aws/overview.md index 69777126a2..34b28d7390 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/aws/overview.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/aws/overview.md @@ -13,15 +13,15 @@ available with a special Enterprise Auditor license. See the [AWS Solution](/docs/accessanalyzer/11.6/solutions/aws/overview.md) topic for additional information. -Protocols +**Protocols** - 443 -Ports +**Ports** - 443 -Permissions +**Permissions** - To collect details about the AWS Organization, the following permission is required: @@ -43,7 +43,7 @@ Permissions - s3:HeadBucket - s3:List\* -Sensitive Data Discovery Considerations +**Sensitive Data Discovery Considerations** The Sensitive Data Discovery Add-On must be installed on the Enterprise Auditor Console server, which enables Sensitive Data criteria for scans. If running Sensitive Data Discovery (SDD) scans, it diff --git a/docs/accessanalyzer/11.6/admin/datacollector/aws/sensitivedata.md b/docs/accessanalyzer/11.6/admin/datacollector/aws/sensitivedata.md index a99ccddf0c..6a8570bfa0 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/aws/sensitivedata.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/aws/sensitivedata.md @@ -20,10 +20,13 @@ Configure the following options: - Perform Optical Character Recognition for image files – Enables the data collector to scan for sensitive data within digital images of physical documents - **NOTE:** The OCR option is intended to work for clear scanned physical documents or documents + :::note + The OCR option is intended to work for clear scanned physical documents or documents directly converted to images, with standard fonts. It will not work for scanning photos of documents and may not be able to recognize text on images of credit cards, driver's licenses, or other identity cards. + ::: + - Store discovered sensitive data – Stores discovered sensitive data in the database - Limit stored matches per criteria to [number] – Limits database storage of matches per criteria @@ -54,5 +57,7 @@ Configure the following options: as part of a scan, increasing parallel scanning. The value should not exceed 2x the number of CPU threads available. -_Remember,_ the sensitive data discovery options require the Sensitive Data Discovery Add-On to be +:::tip +Remember, the sensitive data discovery options require the Sensitive Data Discovery Add-On to be been installed on the Enterprise Auditor Console. +::: diff --git a/docs/accessanalyzer/11.6/admin/datacollector/azureadinventory/customattributes.md b/docs/accessanalyzer/11.6/admin/datacollector/azureadinventory/customattributes.md index d550a79c7a..f3495615a4 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/azureadinventory/customattributes.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/azureadinventory/customattributes.md @@ -20,7 +20,10 @@ Configuration options for Custom Attributes include: scan. Disabling this option will configure the data collector run a differential scan, which will only scan changes since the last scan was performed. - **CAUTION:** A full scan is required when new attributes are added or removed. + :::warning + A full scan is required when new attributes are added or removed. + ::: + - Add – Adds a manually entered attribute that is included in the scan. This option opens the Custom Attribute window. @@ -78,9 +81,12 @@ be targeted, and then select the method of supplying credentials for the specifi - App Id –Client ID - App key – Client Secret Key -**_RECOMMENDED:_** Add a valid Azure Connection Profile to the **Jobs** > **.Entra ID Inventory** > +:::info +Add a valid Azure Connection Profile to the **Jobs** > **.Entra ID Inventory** > **Settings** > **Connection** settings as a user defined profile. This ensures the connection profile displays in the dropdown menu. +::: + See the [Microsoft Entra ID Auditing Configuration](/docs/accessanalyzer/11.6/requirements/entraid/entraid/access.md) diff --git a/docs/accessanalyzer/11.6/admin/datacollector/azureadinventory/overview.md b/docs/accessanalyzer/11.6/admin/datacollector/azureadinventory/overview.md index 0925301362..6f639708d8 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/azureadinventory/overview.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/azureadinventory/overview.md @@ -15,17 +15,17 @@ See the [.Entra ID Inventory Solution](/docs/accessanalyzer/11.6/solutions/entraidinventory/overview.md) topic for additional information. -Protocols +**Protocols** - HTTP - HTTPS - REST -Ports +**Ports** - TCP 80 and 443 -Permissions +**Permissions** - Microsoft Graph API diff --git a/docs/accessanalyzer/11.6/admin/datacollector/azureadinventory/standardtables.md b/docs/accessanalyzer/11.6/admin/datacollector/azureadinventory/standardtables.md index e595a9d3c3..3427100659 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/azureadinventory/standardtables.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/azureadinventory/standardtables.md @@ -17,8 +17,8 @@ These tables and their associated views are outlined below: | SA_AzureADInventory_Contacts | Contains a list of principal identifiers and their corresponding Department and Job Title | | SA_AzureADInventory_Domains | Contains information about the domain such as last updated date and time | | SA_AzureADInventory_EffectiveGroupMembers | Contains expanded group membership which includes a flattened representation of members and nesting levels | -| SA_AzureADInventory_Exceptions | Contains information about security issues and concerns See the [AzureADInventory Exception Types Translated](#azureadinventory-exception-types-translated) section for an explanation of Exception Types | -| SA_AzureADInventory_ExceptionTypes | Contains more detailed information about each security issues and concerns See the [AzureADInventory Exception Types Translated](#azureadinventory-exception-types-translated) section for an explanation of Exception Types | +| SA_AzureADInventory_Exceptions | Contains information about security issues and concerns. See the [AzureADInventory Exception Types Translated](#azureadinventory-exception-types-translated) section for an explanation of Exception Types | +| SA_AzureADInventory_ExceptionTypes | Contains more detailed information about each security issues and concerns. See the [AzureADInventory Exception Types Translated](#azureadinventory-exception-types-translated) section for an explanation of Exception Types | | SA_AzureADInventory_ExtendedAttributes | Contains information gathered by the custom attributes component of the query configuration | | SA_AzureADInventory_GroupMembers | Contains a map of groups to member Identifiers | | SA_AzureADInventory_GroupOwners | Contains a map of groups to owner Identifiers | diff --git a/docs/accessanalyzer/11.6/admin/datacollector/box/activitytimeframescope.md b/docs/accessanalyzer/11.6/admin/datacollector/box/activitytimeframescope.md index f5072407fa..465e707fe4 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/box/activitytimeframescope.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/box/activitytimeframescope.md @@ -25,5 +25,8 @@ Select one of the following options to configure the timeframe for Box data coll - Absolute Timespan – Enter the interval of days for which activity data collection is required. The default End Date is the current day. - **NOTE:** Choosing an absolute timespan will not affect activity data during relative timespan + :::note + Choosing an absolute timespan will not affect activity data during relative timespan scans. + + ::: diff --git a/docs/accessanalyzer/11.6/admin/datacollector/box/overview.md b/docs/accessanalyzer/11.6/admin/datacollector/box/overview.md index 172376713c..583d48629e 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/box/overview.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/box/overview.md @@ -8,26 +8,29 @@ sidebar_position: 80 The Box Data Collector audits access, group membership, and content within a Box enterprise. -**NOTE:** If the Box Data Collector is used in a new job, outside of the Box Solution, it is +:::note +If the Box Data Collector is used in a new job, outside of the Box Solution, it is necessary to deselect the **Skip Hosts that do not respond to PING** option on the job’s **Properties** > **Performance** tab. +::: + The Box Data Collector has been preconfigured within the Box Solution. Both this data collector and the solution are available with a special Enterprise Auditor license. See the [Box Solution](/docs/accessanalyzer/11.6/solutions/box/overview.md) topic for additional information. -Protocols +**Protocols** - HTTP - HTTPS -Ports +**Ports** - TCP 80 - TCP 443 -Permissions +**Permissions** - Box Enterprise Administrator diff --git a/docs/accessanalyzer/11.6/admin/datacollector/box/scopebyuser.md b/docs/accessanalyzer/11.6/admin/datacollector/box/scopebyuser.md index 8f919f705b..59f5a29aac 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/box/scopebyuser.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/box/scopebyuser.md @@ -16,7 +16,10 @@ Select whether to scan **All Users** or **Limited Users**. If scanning for **Lim **Browse** and navigate to the path of the CSV file that contains the email addresses of users to be included in the scan. The CSV file should have one email address per row. -**NOTE:** The query will collect information related to User names and Group membership for all +:::note +The query will collect information related to User names and Group membership for all users in a target environment. However, if the query is scoped to specific users, no additional information is collected for users outside out of the scope. User names and group membership for the target environment is necessary to generate the Box Solution reports. + +::: diff --git a/docs/accessanalyzer/11.6/admin/datacollector/commandlineutility/definefields.md b/docs/accessanalyzer/11.6/admin/datacollector/commandlineutility/definefields.md index 9d7ccfb788..21754b5094 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/commandlineutility/definefields.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/commandlineutility/definefields.md @@ -11,5 +11,8 @@ output. It is a wizard page for the **Edit Profile** and **Create a New Profile* ![Command Line Utility Data Collector Wizard Define Fields page](/img/product_docs/accessanalyzer/11.6/admin/datacollector/commandlineutility/definefields.webp) -**CAUTION:** Do not modify this page without guidance from Netwrix or the data may not be processed +:::warning +Do not modify this page without guidance from Netwrix or the data may not be processed by Enterprise Auditor. + +::: diff --git a/docs/accessanalyzer/11.6/admin/datacollector/commandlineutility/executionoptions.md b/docs/accessanalyzer/11.6/admin/datacollector/commandlineutility/executionoptions.md index 4fe912e1c4..e59863bdb5 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/commandlineutility/executionoptions.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/commandlineutility/executionoptions.md @@ -14,14 +14,14 @@ the **Edit Profile** and **Create a New Profile** selections on the Profile Type The available options on the page vary depending on the selected profile type. The possible options are as follows: -Execution Type +**Execution Type** The Execution Type section identifies the mode of execution: - Local – Execute the utility within the Enterprise Auditor Console - Remote – Execute the utility on the target host -Output options +**Output options** The output options include: @@ -34,7 +34,7 @@ The output options include: [CLU: Profile Parameters](/docs/accessanalyzer/11.6/admin/datacollector/commandlineutility/profileparameters.md) topic for additional information. -Remote Execution Options +**Remote Execution Options** The Remote Execution Options apply to the Remote mode of execution: @@ -42,7 +42,7 @@ The Remote Execution Options apply to the Remote mode of execution: before executing it - Leave .exe on remote host – Keeps the executable on the remote machine after execution -Other Settings +**Other Settings** The Other Settings section provides additional options: diff --git a/docs/accessanalyzer/11.6/admin/datacollector/commandlineutility/overview.md b/docs/accessanalyzer/11.6/admin/datacollector/commandlineutility/overview.md index d231ad798b..b4b7ecd24b 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/commandlineutility/overview.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/commandlineutility/overview.md @@ -12,17 +12,17 @@ execute a command line utility and capture its output as Enterprise Auditor data collector is a core component of Enterprise Auditor and is available with all Enterprise Auditor licenses. -Protocols +**Protocols** - Remote Registry - RPC -Ports +**Ports** - TCP 135-139 - Randomly allocated high TCP ports -Permissions +**Permissions** - Member of the local Administrators group diff --git a/docs/accessanalyzer/11.6/admin/datacollector/commandlineutility/scripteditor.md b/docs/accessanalyzer/11.6/admin/datacollector/commandlineutility/scripteditor.md index c91fce4828..a22396939b 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/commandlineutility/scripteditor.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/commandlineutility/scripteditor.md @@ -13,5 +13,8 @@ page is disabled when the **Select Profile** option is selected on the Profile T ![Command Line Utility Data Collector Wizard Script Editor page](/img/product_docs/accessanalyzer/11.6/admin/datacollector/commandlineutility/scripteditor.webp) -**CAUTION:** Do not modify this page without guidance from Netwrix or the data may not be processed +:::warning +Do not modify this page without guidance from Netwrix or the data may not be processed by Enterprise Auditor. + +::: diff --git a/docs/accessanalyzer/11.6/admin/datacollector/diskinfo/overview.md b/docs/accessanalyzer/11.6/admin/datacollector/diskinfo/overview.md index 90731f2919..1c49b181b9 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/diskinfo/overview.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/diskinfo/overview.md @@ -11,17 +11,17 @@ targeting the local host for a DiskInfo query, it is necessary to select the **S option as the connection profile. This data collector is a core component of Enterprise Auditor and is available with all Enterprise Auditor licenses. -Protocols +**Protocols** - RPC - WMI -Ports +**Ports** - TCP 135 - Randomly allocated high TCP ports -Permissions +**Permissions** - Member of the local Administrators group diff --git a/docs/accessanalyzer/11.6/admin/datacollector/dns/overview.md b/docs/accessanalyzer/11.6/admin/datacollector/dns/overview.md index 33a9834bde..2010a8bfa6 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/dns/overview.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/dns/overview.md @@ -10,16 +10,16 @@ The DNS Data Collector provides information regarding DNS configuration and reco with the Active Directory Solution. Both this data collector and the solution are available with a special Enterprise Auditor license. -Protocols +**Protocols** - RPC -Ports +**Ports** - TCP 135 - Randomly allocated high TCP ports -Permissions +**Permissions** - Member of the Domain Administrators group diff --git a/docs/accessanalyzer/11.6/admin/datacollector/dropboxaccess/completion.md b/docs/accessanalyzer/11.6/admin/datacollector/dropboxaccess/completion.md index c38f979a43..5a6eca76ca 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/dropboxaccess/completion.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/dropboxaccess/completion.md @@ -15,8 +15,10 @@ Click **Finish** to save configuration changes. If no changes were made, it is a click **Cancel** to close the Dropbox Access Auditor Data Collector Wizard ensuring that no accidental clicks are saved. -_Remember,_ if an Access Token was generated, use it as the credential within the Connection +:::tip +Remember, if an Access Token was generated, use it as the credential within the Connection Profile. Then assign it to the job group or job which will be scanning the targeted Dropbox environment. See the [Custom Dropbox Connection Profile & Host List](/docs/accessanalyzer/11.6/admin/datacollector/dropboxaccess/configurejob.md) topic for additional information. +::: diff --git a/docs/accessanalyzer/11.6/admin/datacollector/dropboxaccess/dlpauditsettings.md b/docs/accessanalyzer/11.6/admin/datacollector/dropboxaccess/dlpauditsettings.md index 0d8e1ccb5d..f945bf580b 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/dropboxaccess/dlpauditsettings.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/dropboxaccess/dlpauditsettings.md @@ -40,7 +40,9 @@ Configure the DLP audit settings: - Files modified since the last [number] days – Scans files modified within the specified number of days -_Remember,_ the sensitive data discovery options require the Sensitive Data Discovery Add-On to have +:::tip +Remember, the sensitive data discovery options require the Sensitive Data Discovery Add-On to have been installed on the Enterprise Auditor Console. See the [Sensitive Data Discovery Add-On Installation](/docs/accessanalyzer/11.6/install/sensitivedatadiscovery/overview.md) topic for additional information. +::: diff --git a/docs/accessanalyzer/11.6/admin/datacollector/dropboxaccess/overview.md b/docs/accessanalyzer/11.6/admin/datacollector/dropboxaccess/overview.md index 236993673c..9dc5e6242c 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/dropboxaccess/overview.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/dropboxaccess/overview.md @@ -14,21 +14,21 @@ with a special Enterprise Auditor license. See the [Dropbox Solution](/docs/accessanalyzer/11.6/solutions/dropbox/overview.md) topic for additional information. -Protocols +**Protocols** - HTTP - HTTPS -Ports +**Ports** - TCP 80 - TCP443 -Permissions +**Permissions** - Dropbox Team Administrator -Sensitive Data Discovery Considerations +**Sensitive Data Discovery Considerations** The Sensitive Data Discovery Add-On must be installed on the Enterprise Auditor Console server, which enables Sensitive Data criteria for scans. If running Sensitive Data Discovery (SDD) scans, it diff --git a/docs/accessanalyzer/11.6/admin/datacollector/dropboxaccess/scanoptions.md b/docs/accessanalyzer/11.6/admin/datacollector/dropboxaccess/scanoptions.md index f5165062e0..4bed0732a6 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/dropboxaccess/scanoptions.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/dropboxaccess/scanoptions.md @@ -10,8 +10,11 @@ Use the Scan Options page to authorize Enterprise Auditor to generate an Access DropboxAccess Data Collector to access and scan an organization’s Dropbox environment. The Access Token is used as the credential in the Connection Profile. -**NOTE:** The Access Token needs to be generated only once, prior to the first execution of any job +:::note +The Access Token needs to be generated only once, prior to the first execution of any job in which the DropboxAccess Data Collector is used in a query. +::: + The Scan Options page is a wizard page for the following categories: @@ -38,5 +41,7 @@ Create a Connection Profile using this access token as the credential. See the [Custom Dropbox Connection Profile & Host List](/docs/accessanalyzer/11.6/admin/datacollector/dropboxaccess/configurejob.md) topic for additional information on configuring the Dropbox credential. -_Remember,_ assign this Connection Profile to the job group or job where the host assignment for the +:::tip +Remember, assign this Connection Profile to the job group or job where the host assignment for the Dropbox environment to be targeted has been assigned. +::: diff --git a/docs/accessanalyzer/11.6/admin/datacollector/dropboxaccess/selectdlpcriteria.md b/docs/accessanalyzer/11.6/admin/datacollector/dropboxaccess/selectdlpcriteria.md index 0804f23f88..69b52e040e 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/dropboxaccess/selectdlpcriteria.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/dropboxaccess/selectdlpcriteria.md @@ -25,8 +25,11 @@ The table contains the following types of criteria: - System Criteria – Lists pre-defined criteria - User Criteria – Lists user-defined criteria -**NOTE:** Until the Sensitive Data Discovery Add-On is installed, only the headers for the System +:::note +Until the Sensitive Data Discovery Add-On is installed, only the headers for the System Criteria and User Criteria nodes are visible in the table. +::: + Use the **Edit** button to access the Criteria Editor where user-defined criteria can be created or customized. See the diff --git a/docs/accessanalyzer/11.6/admin/datacollector/eventlog.md b/docs/accessanalyzer/11.6/admin/datacollector/eventlog.md index 89848865c2..759364d174 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/eventlog.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/eventlog.md @@ -10,17 +10,17 @@ The EventLog Data Collector provides search and extraction of details from event systems. This data collector is a core component of Enterprise Auditor and is available with all Enterprise Auditor licenses. -Protocols +**Protocols** - RPC - WMI -Ports +**Ports** - TCP 135 - Randomly allocated high TCP ports -Permissions +**Permissions** - Member of the Local Administrators group - Member of the Domain Administrators group (if targeting domain controllers) @@ -31,7 +31,7 @@ The EventLog Data Collector is configured through the Event Log Browser window. ![Event Log Browser window](/img/product_docs/accessanalyzer/11.6/admin/datacollector/eventlogbrowser.webp) -Sample +**Sample** In the Sample section, select from the following options: @@ -50,11 +50,14 @@ In the Sample section, select from the following options: - Show – Click to preview the elements in the event log file for log paths manually entered in the File path box - **NOTE:** A preview displays automatically if the folder icons is used to navigate to the log. + :::note + A preview displays automatically if the folder icons is used to navigate to the log. + ::: + - Lookup user name – Select this checkbox to resolve SID or GUID values to friendly display values -Search Criteria +**Search Criteria** In the Search Criteria section, add a search filter to the table by configuring the following criteria: @@ -78,7 +81,7 @@ remove search criteria from the filters. Click **Apply Filter** to filter the list of sample events to the search criteria. -Options +**Options** In the Options section, select the desired processing options: @@ -88,7 +91,7 @@ In the Options section, select the desired processing options: **Process offline logs if required** checkboxes are selected. Specify the path and name of the archive. -Available Properties +**Available Properties** In the Available Properties section, select which properties will be collected by the browser. diff --git a/docs/accessanalyzer/11.6/admin/datacollector/ewsmailbox/criteria.md b/docs/accessanalyzer/11.6/admin/datacollector/ewsmailbox/criteria.md index 9a96a78698..db93bfb5d1 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/ewsmailbox/criteria.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/ewsmailbox/criteria.md @@ -31,8 +31,11 @@ The options on the Criteria page are: The table contains the following types of criteria: -**NOTE:** Until the Sensitive Data Discovery Add-On is installed, only the headers for the System +:::note +Until the Sensitive Data Discovery Add-On is installed, only the headers for the System Criteria and User Criteria nodes are visible in the table. +::: + - System Criteria – Lists pre-defined criteria - User Criteria – Lists user-defined criteria diff --git a/docs/accessanalyzer/11.6/admin/datacollector/ewsmailbox/options.md b/docs/accessanalyzer/11.6/admin/datacollector/ewsmailbox/options.md index 168a6dd272..6577e4c7f4 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/ewsmailbox/options.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/ewsmailbox/options.md @@ -16,8 +16,11 @@ Select the checkboxes to apply any desired scan options: - Match job host against autodiscovered host – Matches the name of the job host against the host name returned from autodiscover - **_RECOMMENDED:_** Use this option when scanning multiple Exchange environments with a single + :::info + Use this option when scanning multiple Exchange environments with a single job and the Connection Profile has multiple credentials in it. + ::: + - Scan options diff --git a/docs/accessanalyzer/11.6/admin/datacollector/ewsmailbox/overview.md b/docs/accessanalyzer/11.6/admin/datacollector/ewsmailbox/overview.md index 422a913831..d56d758b86 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/ewsmailbox/overview.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/ewsmailbox/overview.md @@ -12,25 +12,25 @@ the solution are available with a special Enterprise Auditor license. See the [Exchange Solution](/docs/accessanalyzer/11.6/solutions/exchange/overview.md) topic for additional information. -Protocols +**Protocols** - HTTPS - ADSI - LDAP -Ports +**Ports** - TCP 389 - TCP 443 -Permissions +**Permissions** - Exchange Admin Role - Discovery Management Role - Application Impersonation Role - Exchange Online License -Sensitive Data Discovery Considerations +**Sensitive Data Discovery Considerations** The Sensitive Data Discovery Add-On must be installed on the Enterprise Auditor Console server, which enables Sensitive Data criteria for scans. If running Sensitive Data Discovery (SDD) scans, it @@ -43,7 +43,10 @@ then an extra 16 GB of RAM are required (8x2=16). The EWSMailbox Data Collector is configured through the Exchange Mailbox Data Collector Wizard, which contains the following wizard pages: -**NOTE:** The Category selected may alter the subsequent steps displayed by the wizard. +:::note +The Category selected may alter the subsequent steps displayed by the wizard. +::: + - [EWSMailbox: Category](/docs/accessanalyzer/11.6/admin/datacollector/ewsmailbox/category.md) - [EWSMailbox: Options](/docs/accessanalyzer/11.6/admin/datacollector/ewsmailbox/options.md) diff --git a/docs/accessanalyzer/11.6/admin/datacollector/ewsmailbox/results.md b/docs/accessanalyzer/11.6/admin/datacollector/ewsmailbox/results.md index e6cd506dcd..8adbf8cd41 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/ewsmailbox/results.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/ewsmailbox/results.md @@ -16,7 +16,10 @@ Select criteria using the following options: - Select the checkbox of any property to include it in the summary. All selected properties will be gathered. - **NOTE:** Available properties vary based on the category selected. + :::note + Available properties vary based on the category selected. + ::: + - Click **Select All** to select all properties - Click **Clear All** to clear all selected properties diff --git a/docs/accessanalyzer/11.6/admin/datacollector/ewsmailbox/sddoptions.md b/docs/accessanalyzer/11.6/admin/datacollector/ewsmailbox/sddoptions.md index bc02526c93..a489b8ef73 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/ewsmailbox/sddoptions.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/ewsmailbox/sddoptions.md @@ -21,4 +21,7 @@ Select the applicable Sensitive data scan options: - Limit stored matches per criteria to [number] – Limits database storage of matches per criteria for discovered sensitive data - **NOTE:** This option is only available if **Store discovered sensitive data** is selected. + :::note + This option is only available if **Store discovered sensitive data** is selected. + + ::: diff --git a/docs/accessanalyzer/11.6/admin/datacollector/ewsmailbox/searchfilter/folderconditions.md b/docs/accessanalyzer/11.6/admin/datacollector/ewsmailbox/searchfilter/folderconditions.md index ae8d3e328d..685678cebe 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/ewsmailbox/searchfilter/folderconditions.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/ewsmailbox/searchfilter/folderconditions.md @@ -20,7 +20,10 @@ Customize folder search conditions using the following options: - Edit Conditions – Click an underlined value, if present, in the Edit Conditions box to modify any of the template conditions - **NOTE:** The values present depends on the selections made in the Select conditions box. + :::note + The values present depends on the selections made in the Select conditions box. + ::: + - Click **specific** in the Edit conditions box to open the Folder Type Window. See the [Folder Type Window](#folder-type-window) topic for additional information. diff --git a/docs/accessanalyzer/11.6/admin/datacollector/ewsmailbox/searchfilter/messageconditions.md b/docs/accessanalyzer/11.6/admin/datacollector/ewsmailbox/searchfilter/messageconditions.md index 6965c77d1f..7feee4f142 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/ewsmailbox/searchfilter/messageconditions.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/ewsmailbox/searchfilter/messageconditions.md @@ -28,8 +28,11 @@ Customize message search filter conditions using the following options: - Select conditions – To add it to the search, select any of the following conditions: - **NOTE:** The conditions that are available in the Select Conditions box depends on the selected + :::note + The conditions that are available in the Select Conditions box depends on the selected **Message category**. + ::: + - with specific message classes - that is created in specific date @@ -47,7 +50,10 @@ Customize message search filter conditions using the following options: - Edit Conditions – Click an underlined value, if present, in the Edit Conditions box to modify any of the template conditions - **NOTE:** The values present depends on the selections made in the Select conditions box. + :::note + The values present depends on the selections made in the Select conditions box. + ::: + - Click **specific** to open the MessageClasses Window. See the [MessageClasses Window (Message Conditions)](#messageclasses-window-message-conditions) topic diff --git a/docs/accessanalyzer/11.6/admin/datacollector/ewsmailbox/searchfilter/searchfilter_1.md b/docs/accessanalyzer/11.6/admin/datacollector/ewsmailbox/searchfilter/searchfilter_1.md index cb317f73d8..23fc0d8083 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/ewsmailbox/searchfilter/searchfilter_1.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/ewsmailbox/searchfilter/searchfilter_1.md @@ -21,7 +21,10 @@ Customize folder search conditions using the following options: - Edit Conditions – Click an underlined value, if present, in the Edit Conditions box to modify any of the template conditions - **NOTE:** The values present depends on the selections made in the Select conditions box. + :::note + The values present depends on the selections made in the Select conditions box. + ::: + - Click either **IPM.Note** or **IPM.Appointment**, to open the MessageClasses Window with IPM.Note or IPM.Appointment class populated, respectively. See the diff --git a/docs/accessanalyzer/11.6/admin/datacollector/ewspublicfolder/critieria.md b/docs/accessanalyzer/11.6/admin/datacollector/ewspublicfolder/critieria.md index af7c636d6f..ddfd4a93fc 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/ewspublicfolder/critieria.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/ewspublicfolder/critieria.md @@ -31,8 +31,11 @@ The options on the Criteria page are: The table contains the following types of criteria: -**NOTE:** Until the Sensitive Data Discovery Add-On is installed, only the headers for the System +:::note +Until the Sensitive Data Discovery Add-On is installed, only the headers for the System Criteria and User Criteria nodes are visible in the table. +::: + - System Criteria – Lists pre-defined criteria - User Criteria – Lists user-defined criteria diff --git a/docs/accessanalyzer/11.6/admin/datacollector/ewspublicfolder/options.md b/docs/accessanalyzer/11.6/admin/datacollector/ewspublicfolder/options.md index dc4657122e..8f0c02bc57 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/ewspublicfolder/options.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/ewspublicfolder/options.md @@ -16,8 +16,11 @@ Select any desired scan options: - Match job host against autodiscovered host – Matches the name of the job host against the host name returned from autodiscover - **_RECOMMENDED:_** Use this option when scanning multiple Exchange environments with a single + :::info + Use this option when scanning multiple Exchange environments with a single job and the Connection Profile has multiple credentials in it. + ::: + - Authentication – Select an Authentication type from the drop down: diff --git a/docs/accessanalyzer/11.6/admin/datacollector/ewspublicfolder/overview.md b/docs/accessanalyzer/11.6/admin/datacollector/ewspublicfolder/overview.md index 023eb7ce05..dcd7f55988 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/ewspublicfolder/overview.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/ewspublicfolder/overview.md @@ -12,25 +12,25 @@ collector and the solution are available with a special Enterprise Auditor licen [Exchange Solution](/docs/accessanalyzer/11.6/solutions/exchange/overview.md) topic for additional information. -Protocols +**Protocols** - HTTPS - ADSI - LDAP -Ports +**Ports** - TCP 389 - TCP 443 -Permissions +**Permissions** - Exchange Admin Role - Discovery Management Role - Application Impersonation Role - Exchange Online License with a mailbox -Sensitive Data Discovery Considerations +**Sensitive Data Discovery Considerations** The Sensitive Data Discovery Add-On must be installed on the Enterprise Auditor Console server, which enables Sensitive Data criteria for scans. If running Sensitive Data Discovery (SDD) scans, it @@ -43,7 +43,10 @@ then an extra 16 GB of RAM are required (8x2=16). The EWSPublicFolder Data Collector is configured through the Exchange Public Folder Data Collector Wizard. The wizard contains the following pages: -**NOTE:** The Category selected may alter the subsequent steps displayed by the wizard. +:::note +The Category selected may alter the subsequent steps displayed by the wizard. +::: + - [EWSPublicFolder: Category](/docs/accessanalyzer/11.6/admin/datacollector/ewspublicfolder/category.md) - [EWSPublicFolder: Options](/docs/accessanalyzer/11.6/admin/datacollector/ewspublicfolder/options.md) diff --git a/docs/accessanalyzer/11.6/admin/datacollector/ewspublicfolder/results.md b/docs/accessanalyzer/11.6/admin/datacollector/ewspublicfolder/results.md index 1e99d4e239..632685e060 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/ewspublicfolder/results.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/ewspublicfolder/results.md @@ -16,7 +16,10 @@ Select criteria using the following options: - Select the checkbox of any property to include it in the summary. All selected properties will be gathered. - **NOTE:** Available properties vary based on the category selected. + :::note + Available properties vary based on the category selected. + ::: + - Click **Select All** to select all properties - Click **Clear All** to clear all selected properties diff --git a/docs/accessanalyzer/11.6/admin/datacollector/ewspublicfolder/sddoptions.md b/docs/accessanalyzer/11.6/admin/datacollector/ewspublicfolder/sddoptions.md index fe56031fe2..1949825b2a 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/ewspublicfolder/sddoptions.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/ewspublicfolder/sddoptions.md @@ -21,4 +21,7 @@ Select the applicable Sensitive data scan options: - Limit stored matches per criteria to [number] – Limits database storage of matches per criteria for discovered sensitive data - **NOTE:** This option is only available if **Store discovered sensitive data** is selected. + :::note + This option is only available if **Store discovered sensitive data** is selected. + + ::: diff --git a/docs/accessanalyzer/11.6/admin/datacollector/ewspublicfolder/searchfilter/folderconditions.md b/docs/accessanalyzer/11.6/admin/datacollector/ewspublicfolder/searchfilter/folderconditions.md index cfa2121c14..07d94c5148 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/ewspublicfolder/searchfilter/folderconditions.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/ewspublicfolder/searchfilter/folderconditions.md @@ -20,7 +20,10 @@ Customize folder search conditions using the following options: - Edit Conditions – Click an underlined value, if present, in the Edit Conditions box to modify any of the template conditions - **NOTE:** The values present depends on the selections made in the Select conditions box. + :::note + The values present depends on the selections made in the Select conditions box. + ::: + - Click **specific** in the Edit conditions box to open the Folder Type Window. See the [Folder Type Window](#folder-type-window)topic for additional information diff --git a/docs/accessanalyzer/11.6/admin/datacollector/ewspublicfolder/searchfilter/messageconditions.md b/docs/accessanalyzer/11.6/admin/datacollector/ewspublicfolder/searchfilter/messageconditions.md index 021f49dbe5..95cd963951 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/ewspublicfolder/searchfilter/messageconditions.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/ewspublicfolder/searchfilter/messageconditions.md @@ -28,8 +28,11 @@ Customize message search filter conditions using the following options: - Select conditions – To add it to the search, select any of the following conditions: - **NOTE:** The conditions that are available in the Select Conditions box depends on the selected + :::note + The conditions that are available in the Select Conditions box depends on the selected **Message category**. + ::: + - with specific message classes - that is created in specific date @@ -47,7 +50,10 @@ Customize message search filter conditions using the following options: - Edit Conditions – Click an underlined value, if present, in the Edit Conditions box to modify any of the template conditions - **NOTE:** The values present depends on the selections made in the Select conditions box. + :::note + The values present depends on the selections made in the Select conditions box. + ::: + - Click **specific** to open the MessageClasses Window. See the [MessageClasses Window](#messageclasses-window) topic for additional information. diff --git a/docs/accessanalyzer/11.6/admin/datacollector/ewspublicfolder/searchfilter/searchfilter_1.md b/docs/accessanalyzer/11.6/admin/datacollector/ewspublicfolder/searchfilter/searchfilter_1.md index 46d426f0c2..44ad65f005 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/ewspublicfolder/searchfilter/searchfilter_1.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/ewspublicfolder/searchfilter/searchfilter_1.md @@ -21,7 +21,10 @@ Customize folder search conditions using the following options: - Edit Conditions – Click an underlined value, if present, in the Edit Conditions box to modify any of the template conditions - **NOTE:** The values present depends on the selections made in the Select conditions box. + :::note + The values present depends on the selections made in the Select conditions box. + ::: + - Click either **IPM.Note** or **IPM.Appointment**, to open the MessageClasses Window with IPM.Note or IPM.Appointment class populated, respectively. See the diff --git a/docs/accessanalyzer/11.6/admin/datacollector/exchange2k/overview.md b/docs/accessanalyzer/11.6/admin/datacollector/exchange2k/overview.md index 8347ab57a6..6ec9c377bf 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/exchange2k/overview.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/exchange2k/overview.md @@ -17,7 +17,7 @@ collector and the solution are available with a special Enterprise Auditor licen [Exchange Solution](/docs/accessanalyzer/11.6/solutions/exchange/overview.md) topic for additional information. -Protocols +**Protocols** - LDAP - MAPI @@ -25,14 +25,14 @@ Protocols - RPC - WMI -Ports +**Ports** - TCP 135-139 - Randomly allocated high TCP ports - TCP 389 - Optional TCP 445 -Permissions +**Permissions** - Member of the Exchange Administrator group - Domain Admin for AD property collection diff --git a/docs/accessanalyzer/11.6/admin/datacollector/exchangemailbox/options.md b/docs/accessanalyzer/11.6/admin/datacollector/exchangemailbox/options.md index fafc41c8dc..57ab32ced3 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/exchangemailbox/options.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/exchangemailbox/options.md @@ -18,7 +18,10 @@ the following categories: The following options can be configured: -**NOTE:** Options available vary based upon the category selected. +:::note +Options available vary based upon the category selected. +::: + - Message size units: diff --git a/docs/accessanalyzer/11.6/admin/datacollector/exchangemailbox/overview.md b/docs/accessanalyzer/11.6/admin/datacollector/exchangemailbox/overview.md index 6f40c7dcc9..1c9ab8fe6e 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/exchangemailbox/overview.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/exchangemailbox/overview.md @@ -16,23 +16,23 @@ The ExchangeMailbox Data Collector is available with a special Enterprise Audito [Exchange Solution](/docs/accessanalyzer/11.6/solutions/exchange/overview.md) topic for additional information. -Protocols +**Protocols** - MAPI - RPC -Ports +**Ports** - TCP 135 - Randomly allocated high TCP ports -Permissions +**Permissions** - Member of the Exchange Administrator group - Organization Management - Discovery Management -Sensitive Data Discovery Considerations +**Sensitive Data Discovery Considerations** The Sensitive Data Discovery Add-On must be installed on the Enterprise Auditor Console server, which enables Sensitive Data criteria for scans. If running Sensitive Data Discovery (SDD) scans, it @@ -58,7 +58,7 @@ permissions on the Welcome page. ![Exchange Mailbox Data Collector Wizard Welcome page](/img/product_docs/accessanalyzer/11.6/admin/datacollector/exchangemailbox/welcome.webp) -Connection Setting +**Connection Setting** Select one of the following options for the connection setting: @@ -76,7 +76,7 @@ Select one of the following options for the connection setting: - Client Access Server – A private store server is needed if the Exchange server only has public stores -Test Connection Setting +**Test Connection Setting** Enter a server to test the connection string: diff --git a/docs/accessanalyzer/11.6/admin/datacollector/exchangemailbox/sddcriteria.md b/docs/accessanalyzer/11.6/admin/datacollector/exchangemailbox/sddcriteria.md index 0a2ed52511..0fdf62da1b 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/exchangemailbox/sddcriteria.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/exchangemailbox/sddcriteria.md @@ -23,8 +23,11 @@ The table contains the following types of criteria: - System Criteria – Lists pre-defined criteria - User Criteria – Lists user-defined criteria - **NOTE:** Until the Sensitive Data Discovery Add-On is installed, only the headers for the + :::note + Until the Sensitive Data Discovery Add-On is installed, only the headers for the System Criteria and User Criteria nodes will be visible in the table. + ::: + - Edit – Click this button to access the Criteria Editor where user-defined criteria can be created or customized. See the diff --git a/docs/accessanalyzer/11.6/admin/datacollector/exchangemetrics/options.md b/docs/accessanalyzer/11.6/admin/datacollector/exchangemetrics/options.md index 2017215b29..f918e7f2b8 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/exchangemetrics/options.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/exchangemetrics/options.md @@ -28,7 +28,10 @@ the category selected. It is a wizard page for the categories of: Select the checkbox of any of the following options to configure the query: -**NOTE:** Available options vary depending on Category selected. +:::note +Available options vary depending on Category selected. +::: + - Host-side Cleanup diff --git a/docs/accessanalyzer/11.6/admin/datacollector/exchangemetrics/overview.md b/docs/accessanalyzer/11.6/admin/datacollector/exchangemetrics/overview.md index 9fd876ecb3..d5545a01f1 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/exchangemetrics/overview.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/exchangemetrics/overview.md @@ -18,17 +18,17 @@ data collector and the solution are available with a special Enterprise Auditor [Exchange Solution](/docs/accessanalyzer/11.6/solutions/exchange/overview.md) topic for additional information. -Protocols +**Protocols** - RPC - WMI -Ports +**Ports** - TCP 135 - Randomly allocated high TCP ports -Permissions +**Permissions** - Member of the local Administrator group on the targeted Exchange server(s) @@ -52,7 +52,10 @@ which contains the following wizard pages: - [ExchangeMetrics: Message Activity Filter](/docs/accessanalyzer/11.6/admin/datacollector/exchangemetrics/messageactivityfilter.md) - [ExchangeMetrics: Summary](/docs/accessanalyzer/11.6/admin/datacollector/exchangemetrics/summary.md) - **NOTE:** Pages available vary depending on the Category selected. + :::note + Pages available vary depending on the Category selected. + ::: + ![Exchange Metrics Data Collector Wizard Welcome page](/img/product_docs/accessanalyzer/11.6/admin/datacollector/exchangemetrics/welcome.webp) diff --git a/docs/accessanalyzer/11.6/admin/datacollector/exchangeps/category.md b/docs/accessanalyzer/11.6/admin/datacollector/exchangeps/category.md index 51608f8655..2f9fa57b3c 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/exchangeps/category.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/exchangeps/category.md @@ -53,7 +53,10 @@ focus: - Mailbox Permissions – Collects permissions on mailbox folders (Exchange 2010 or later) - Mailbox Databases – Collects information on mailbox databases - **NOTE:** This option is not available for Office 365 target environments + :::note + This option is not available for Office 365 target environments + ::: + - Mailbox Rights – Collects information on mailbox rights - Mailbox AD Rights – Collects information on mailbox Active Directory rights @@ -95,7 +98,7 @@ Each category has specific requirements and capabilities per auditing focus: Mailbox Information audit focus contains the following categories: -Mailboxes +**Mailboxes** This category gathers high-level statistics about the Mailboxes in the environment. It can be run with quick properties or all properties. The quick properties are the first 14 properties and @@ -117,7 +120,7 @@ for configuration: - [ExchangePS: Error Logging](/docs/accessanalyzer/11.6/admin/datacollector/exchangeps/errorlogging.md) - [ExchangePS: Summary](/docs/accessanalyzer/11.6/admin/datacollector/exchangeps/summary.md) -Mailbox Permissions +**Mailbox Permissions** This category returns Mailbox Folder permissions and folder level statistics about the mailboxes. The PowerShell queries this category runs are as follows: @@ -138,7 +141,7 @@ for configuration: - [ExchangePS: Error Logging](/docs/accessanalyzer/11.6/admin/datacollector/exchangeps/errorlogging.md) - [ExchangePS: Summary](/docs/accessanalyzer/11.6/admin/datacollector/exchangeps/summary.md) -Mailbox Databases +**Mailbox Databases** This category returns information about the Mailbox Databases which reside in the organization. The PowerShell query this category runs is as follows: @@ -156,7 +159,7 @@ for configuration: - [ExchangePS: Error Logging](/docs/accessanalyzer/11.6/admin/datacollector/exchangeps/errorlogging.md) - [ExchangePS: Summary](/docs/accessanalyzer/11.6/admin/datacollector/exchangeps/summary.md) -Mailbox Rights +**Mailbox Rights** This category returns Mailbox Rights assigned to each Mailbox, such as Full Mailbox Access. The PowerShell query this category runs is as follows: @@ -174,7 +177,7 @@ for configuration: - [ExchangePS: Error Logging](/docs/accessanalyzer/11.6/admin/datacollector/exchangeps/errorlogging.md) - [ExchangePS: Summary](/docs/accessanalyzer/11.6/admin/datacollector/exchangeps/summary.md) -Mailbox AD Rights +**Mailbox AD Rights** This category returns information about the Mailbox Databases which reside in the organization. The PowerShell query this category runs is as follows: @@ -192,7 +195,7 @@ for configuration: - [ExchangePS: Error Logging](/docs/accessanalyzer/11.6/admin/datacollector/exchangeps/errorlogging.md) - [ExchangePS: Summary](/docs/accessanalyzer/11.6/admin/datacollector/exchangeps/summary.md) -Mailbox Search +**Mailbox Search** This category provides the capability to search the Mailbox for any criteria configured inside the data collector. The PowerShell queries this category runs are as follows: @@ -213,7 +216,7 @@ for configuration: - [ExchangePS: Error Logging](/docs/accessanalyzer/11.6/admin/datacollector/exchangeps/errorlogging.md) - [ExchangePS: Summary](/docs/accessanalyzer/11.6/admin/datacollector/exchangeps/summary.md) -Mailbox Access Logons +**Mailbox Access Logons** This category returns the Mailbox Access Auditing log details. Mailbox Access Auditing does need to be enabled on the Mailboxes in order for this job to return any information. The PowerShell queries @@ -238,7 +241,7 @@ for configuration: Exchange Organization audit focus contains the following category: -Exchange Users +**Exchange Users** This category returns information about the Mail-Enabled Users in the Exchange environment. The PowerShell queries this category runs are as follows: @@ -263,7 +266,7 @@ for configuration: Exchange ActiveSync audit focus contains the following category: -Exchange ActiveSync Mobile Devices +**Exchange ActiveSync Mobile Devices** This category returns ActiveSync device properties and the Exchange Mailboxes they are associated to. The PowerShell queries this category runs are as follows: @@ -286,7 +289,7 @@ for configuration: Public Folder Information audit focus contains the following categories: -Public Folder Content +**Public Folder Content** This category returns general statistics and sizing for the public folder environment. When it is selected, the following ExchangePS Data Collector Wizard pages are available for configuration: @@ -297,7 +300,7 @@ selected, the following ExchangePS Data Collector Wizard pages are available for - [ExchangePS: Error Logging](/docs/accessanalyzer/11.6/admin/datacollector/exchangeps/errorlogging.md) - [ExchangePS: Summary](/docs/accessanalyzer/11.6/admin/datacollector/exchangeps/summary.md) -Public Folder Permissions +**Public Folder Permissions** This category returns permissions information for the public folder environment. When it is selected, the following ExchangePS Data Collector Wizard pages are available for configuration: @@ -312,7 +315,7 @@ selected, the following ExchangePS Data Collector Wizard pages are available for Office 365 audit focus contains the following category: -Mail Flow Metrics +**Mail Flow Metrics** This category returns information about mail flow in the target Exchange Online environment. When it is selected, the following ExchangePS Data Collector Wizard pages are available for configuration: @@ -328,7 +331,7 @@ is selected, the following ExchangePS Data Collector Wizard pages are available Domain Information audit focus contains the following category: -Domains +**Domains** This category returns information about domains in the Exchange environment. When it is selected, the following ExchangePS Data Collector Wizard pages are available for configuration: diff --git a/docs/accessanalyzer/11.6/admin/datacollector/exchangeps/configurejob.md b/docs/accessanalyzer/11.6/admin/datacollector/exchangeps/configurejob.md index 244c8774cd..a6b2d0983d 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/exchangeps/configurejob.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/exchangeps/configurejob.md @@ -10,9 +10,12 @@ The ExchangePS Data Collector requires a custom Connection Profile and host list assigned to the job conducting the data collection. The host inventory option during host list creation makes it necessary to configure the Connection Profile first. -**NOTE:** It is not possible to target both Exchange Online and on-premises Exchange environments +:::note +It is not possible to target both Exchange Online and on-premises Exchange environments from the same job. Therefore, the Connection Profile should only contain the credentials for one type of environment. +::: + ## Exchange On-Premises diff --git a/docs/accessanalyzer/11.6/admin/datacollector/exchangeps/errorlogging.md b/docs/accessanalyzer/11.6/admin/datacollector/exchangeps/errorlogging.md index 27ca426e35..a80f3f4b40 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/exchangeps/errorlogging.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/exchangeps/errorlogging.md @@ -19,4 +19,4 @@ Select from the following options: These log files are stored in the following location on the target host: -…\STEALTHbits\StealthAUDIT\ExchangePS +**…\STEALTHbits\StealthAUDIT\ExchangePS** diff --git a/docs/accessanalyzer/11.6/admin/datacollector/exchangeps/mailboxlogons.md b/docs/accessanalyzer/11.6/admin/datacollector/exchangeps/mailboxlogons.md index 7f17a5596c..384283c99b 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/exchangeps/mailboxlogons.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/exchangeps/mailboxlogons.md @@ -22,6 +22,9 @@ Specify the date range for the logons: - Last – Select the number and time units - **NOTE:** Available units are **Days**, **Months**, or **Years**. + :::note + Available units are **Days**, **Months**, or **Years**. + ::: + - Between (Date) – Use the drop-down menus to open calendars to select the start and end dates diff --git a/docs/accessanalyzer/11.6/admin/datacollector/exchangeps/mailflow.md b/docs/accessanalyzer/11.6/admin/datacollector/exchangeps/mailflow.md index 5851080235..121658910a 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/exchangeps/mailflow.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/exchangeps/mailflow.md @@ -15,7 +15,10 @@ page for the category of: Select and configure a date range from the following options: -**NOTE:** Date range must be 7 days or less. +:::note +Date range must be 7 days or less. +::: + - Last – Select the number of days - Between (Date) – Use the drop-down menus to open the calendar selection view to choose the start diff --git a/docs/accessanalyzer/11.6/admin/datacollector/exchangeps/overview.md b/docs/accessanalyzer/11.6/admin/datacollector/exchangeps/overview.md index bbe2ca03b5..dbce74ca75 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/exchangeps/overview.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/exchangeps/overview.md @@ -14,16 +14,16 @@ the [Exchange Solution](/docs/accessanalyzer/11.6/solutions/exchange/overview.md) topic for additional information. -Protocols +**Protocols** - PowerShell -Ports +**Ports** - TCP 135 - Randomly allocated high TCP ports -Permissions +**Permissions** - Remote PowerShell enabled on a single Exchange server - Windows Authentication enabled for the PowerShell Virtual Directory on the same Exchange server diff --git a/docs/accessanalyzer/11.6/admin/datacollector/exchangepublicfolder/overview.md b/docs/accessanalyzer/11.6/admin/datacollector/exchangepublicfolder/overview.md index 2bc07b5b93..6f46c7c0f8 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/exchangepublicfolder/overview.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/exchangepublicfolder/overview.md @@ -18,22 +18,22 @@ the [Exchange Solution](/docs/accessanalyzer/11.6/solutions/exchange/overview.md) topic for additional information. -Protocols +**Protocols** - MAPI - RPC -Ports +**Ports** - TCP 135 - Randomly allocated high TCP ports -Permissions +**Permissions** - Member of the Exchange Administrator group - Organization Management -Sensitive Data Discovery Considerations +**Sensitive Data Discovery Considerations** The Sensitive Data Discovery Add-On must be installed on the Enterprise Auditor Console server, which enables Sensitive Data criteria for scans. If running Sensitive Data Discovery (SDD) scans, it diff --git a/docs/accessanalyzer/11.6/admin/datacollector/file/overview.md b/docs/accessanalyzer/11.6/admin/datacollector/file/overview.md index e59f49f66e..65cdb3918d 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/file/overview.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/file/overview.md @@ -11,28 +11,31 @@ used to find files and folders on a target host. The File Data Collector finds o the target hosts. It can target any file extension. This data collector is a core component of Enterprise Auditor and is available with all Enterprise Auditor licenses. -**NOTE:** For enhanced file system data collections, use the +:::note +For enhanced file system data collections, use the [FileSystemAccess Data Collector](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/overview.md). +::: -Supported Platforms + +**Supported Platforms** This data collector can target the same servers supported for the FileSystemAccess Data Collector. See the [File System Supported Platforms](/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/filesystems.md) topic for a full list of supported platforms. -Protocols +**Protocols** - RPC - WMI -Ports +**Ports** - TCP 135-139 - Randomly allocated high TCP ports - Optional TCP 445 -Permissions +**Permissions** - Member of the Local Administrators group diff --git a/docs/accessanalyzer/11.6/admin/datacollector/file/results.md b/docs/accessanalyzer/11.6/admin/datacollector/file/results.md index b5b799953e..507776bddf 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/file/results.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/file/results.md @@ -15,8 +15,11 @@ wizard page for all of the categories. Properties can be selected individually or in groups with the **Select All** or **Clear All** buttons. The properties available vary based on the category selected. -**NOTE:** When the **Calculate Group Size (Files Only)** category is selected, the properties and +:::note +When the **Calculate Group Size (Files Only)** category is selected, the properties and options on the Results page are grayed out. +::: + - Disable properties that require opening file – Disables properties that require opening files that trigger the last accessed date timestamp diff --git a/docs/accessanalyzer/11.6/admin/datacollector/file/targetfiles.md b/docs/accessanalyzer/11.6/admin/datacollector/file/targetfiles.md index 5bca8ed7ed..98c89b6634 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/file/targetfiles.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/file/targetfiles.md @@ -13,9 +13,12 @@ results for the specific folder or file. It is a wizard page for all of the cate Within the Target files configuration page, select the desired method to refine the query. -**NOTE:** Some options are grayed out depending on the option selected. +:::note +Some options are grayed out depending on the option selected. +::: -Where is the file or folder? + +**Where is the file or folder?** This section supplies options for using a fixed path (wildcards and system variables) or registry lookup values that are supported by the data collector. This header is available for all Category @@ -24,15 +27,21 @@ selections. For either option, enter the path in the text box or click the browse button (**…**) to select from the popup windows. -**CAUTION:** When selecting a **Fixed path**, avoid using file paths from network drives or from the +:::warning +When selecting a **Fixed path**, avoid using file paths from network drives or from the network neighborhoods which begin with `\\`. +::: + - Fixed path – Specify a specific path to the target files. Use the following format: `drive\filepath` (for example, `C:\WINNT\System32`). The browse button (**…**) opens the Remote Folder Explorer window. - **NOTE:** Further information for the Fixed path option is provided by clicking the tooltip + :::note + Further information for the Fixed path option is provided by clicking the tooltip button (**?**). + ::: + - System environment variables – Supply a traditional system root or previously defined variable that maps to a physical path within the file system. This is typically used when the system root @@ -61,19 +70,25 @@ network neighborhoods which begin with `\\`. - Include network drives – Includes all mapped shared drives in the network in the query - **CAUTION:** Including subfolders may result in hundreds of thousands of files being returned + :::warning + Including subfolders may result in hundreds of thousands of files being returned depending on the environment being targeted. + ::: + - Include subfolders – Searches all subfolders within the environment -What is the file or folder name? +**What is the file or folder name?** The options in this section limit the search to folders or files with a specified name against the targeted host. When the **I am looking for folders** option is selected, more options become available for further refinement. -**NOTE:** The **I am looking for folders** option and it's associated options are unavailable +:::note +The **I am looking for folders** option and it's associated options are unavailable (grayed out) when the **Calculate Group Size (Files Only)** category is selected. +::: + - I am looking for files – Identifies files that exist on the target location and returning property information on these files @@ -88,7 +103,7 @@ available for further refinement. to a specific naming convention. When searching for multiple objects, use a semicolon (`;`) to separate the objects in the list. -Last Modification Time Filter +**Last Modification Time Filter** Last Modification Time Filter is an additional filtration clause. It filters the information provided in the **Where is the file or folder** and **What is the file or folder name** criteria by diff --git a/docs/accessanalyzer/11.6/admin/datacollector/fsaa/activitysettings.md b/docs/accessanalyzer/11.6/admin/datacollector/fsaa/activitysettings.md index 03e0936fc0..71fa8f46f8 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/fsaa/activitysettings.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/fsaa/activitysettings.md @@ -35,8 +35,11 @@ information older than the time filter specified here. If either is left deselected, all available log files are collected and stored. This has a direct impact on both scan time and database size. -_Remember,_ the file activity options require the Activity Monitor to be deployed, configured, and +:::tip +Remember, the file activity options require the Activity Monitor to be deployed, configured, and services running. +::: + In the Host Mapping section, configure the following: @@ -92,5 +95,8 @@ Single-Host Multiple-Agent Example: ![Query Results window for multiple agent example](/img/product_docs/accessanalyzer/11.6/admin/datacollector/fsaa/hostmappingsinglehostmultipleagent.webp) -**NOTE:** For multiple-agent setup, the configured Host Mapping table must have the same value for +:::note +For multiple-agent setup, the configured Host Mapping table must have the same value for HostName and Host, as shown in the Single-Host Multiple-Agent example. + +::: diff --git a/docs/accessanalyzer/11.6/admin/datacollector/fsaa/appletsettings.md b/docs/accessanalyzer/11.6/admin/datacollector/fsaa/appletsettings.md index c12bd08a7f..076ed17a3d 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/fsaa/appletsettings.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/fsaa/appletsettings.md @@ -13,9 +13,12 @@ is a wizard page for the categories of: - File System Activity Scan - Sensitive Data Scan -**NOTE:** This wizard page identifies options associated with the scan mode to be used. See the +:::note +This wizard page identifies options associated with the scan mode to be used. See the [File System Scan Options](/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/scanoptions.md) topic for additional information. +::: + ![FSAA Data Collector Wizard Applet Settings page](/img/product_docs/accessanalyzer/11.6/admin/datacollector/fsaa/appletsettings.webp) @@ -116,8 +119,11 @@ In the Certificate Exchange Options section, configure the following options: [FSAA Manual Certificate Configuration](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/certificatemanagement/manualcertificate.md) topic for additional information. - **NOTE:** If the FSAA Data Collector and the applet server are on separate domains without a + :::note + If the FSAA Data Collector and the applet server are on separate domains without a trust, this option must be used. + ::: + - Provide Certificate Authority – Enables the **Select** button, which allows you to upload an existing certificate diff --git a/docs/accessanalyzer/11.6/admin/datacollector/fsaa/certificatemanagement/certificatemanagement.md b/docs/accessanalyzer/11.6/admin/datacollector/fsaa/certificatemanagement/certificatemanagement.md index f8299b33d4..1d873156bc 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/fsaa/certificatemanagement/certificatemanagement.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/fsaa/certificatemanagement/certificatemanagement.md @@ -14,11 +14,14 @@ certificate store managed by the FSAA Data Collector. These three certificates a - The server certificate (stored in the FSAA Server Certificate Store) - The client certificate (stored in the FSAA Client Certificate Store) -**NOTE:** The FSAA Data Collector and Applet server support certificates in both the user’s +:::note +The FSAA Data Collector and Applet server support certificates in both the user’s certificate store and the computer’s certificate store. It is recommended to store certificates in the user's certificate store that is running the FSAA Data Collector or Applet server because administrative access is required for the computer's certificate store. When certificates are generated using the Automatic option below, they are stored in the user’s certificate store. +::: + ![Certificate Exchange Options section of the Applet Settings page](/img/product_docs/accessanalyzer/11.6/admin/datacollector/fsaa/appletsettingscertificateexchangeoptions.webp) @@ -47,21 +50,30 @@ There are three Certificate Exchange Options provided by the FSAA Data collector instructions and examples on how to use the tool, run `FSAACertificateExchangeManager.exe` with the `-help` command. - **NOTE:** If the FSAA Data Collector and Applet are on separate domains without a trust, this + :::note + If the FSAA Data Collector and Applet are on separate domains without a trust, this option must be used. + ::: + - Provide Certificate Authority – The certificate exchange process is the same as with the Automatic option. However, instead of creating a self-signed certificate, the FSAA Data Collector uses a certificate you provide through the FSAA Data Collector Wizard. The provided certificate is stored in the FSAA Certificate Authority Store. - **NOTE:** If the provided certificate is not self-signed as the Certificate Authority, the root + :::note + If the provided certificate is not self-signed as the Certificate Authority, the root certificate and the Certificate Authority’s certificate chain must also be stored in the FSAA Certificate Authority Store on both the client and server hosts. + ::: - **CAUTION:** The FSAA Applet does not support password-protected certificates. Certificates + + :::warning + The FSAA Applet does not support password-protected certificates. Certificates generated when the Automatic option is selected have no password. When manually creating a certificate for use with the FSAA Applet the password parameter should be omitted. + ::: + Additionally, the port used for secure certificate exchange can be configured by selecting the Specify certificate exchange port checkbox on the Applet Settings page of the FSAA Data Collector diff --git a/docs/accessanalyzer/11.6/admin/datacollector/fsaa/certificatemanagement/manualcertificate.md b/docs/accessanalyzer/11.6/admin/datacollector/fsaa/certificatemanagement/manualcertificate.md index 8fe82a890c..5a12f2dab6 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/fsaa/certificatemanagement/manualcertificate.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/fsaa/certificatemanagement/manualcertificate.md @@ -13,8 +13,11 @@ case-sensitive. Follow the steps to use the tool to create and store the required certificates. -**NOTE:** In these steps, some commands need to be run on the Enterprise Auditor console and some on +:::note +In these steps, some commands need to be run on the Enterprise Auditor console and some on the Proxy host. In the provided example commands: +::: + - All files that are generated by the Certificate Manager or copied to the Enterprise Auditor console are placed in the @@ -22,7 +25,10 @@ the Proxy host. In the provided example commands: is created by the tool if it does not already exist. - When operating on the proxy host, files are placed into the root of the **FSAA** folder -_Remember,_ all commands in the `FSAACertificateManager.exe` tool are case-sensitive. +:::tip +Remember, all commands in the `FSAACertificateManager.exe` tool are case-sensitive. +::: + **Step 1 –** Create a Certificate Authority (CA). The CA is a self signed certificate that will be used to sign the client and server certificates. On the Enterprise Auditor console, run the @@ -90,8 +96,11 @@ Successfully added FSAA_Client_Auth to Client **Step 5 –** Convert the CA from a PFX file to a CER file. On the Enterprise Auditor console, run the following command: -**NOTE:** This conversion to a CER file is necessary so that the private key of the CA is not +:::note +This conversion to a CER file is necessary so that the private key of the CA is not shared. +::: + ``` .\FSAACertificateManager.exe -createCER -certificate ".\My Certificates\MyFSAACA.pfx" -outputPath ".\My Certificates" -name MyFSAACA @@ -107,7 +116,10 @@ Successfully wrote CER certificate to .\My Certificates\MyFSAACA.cer to the proxy host that will be running `FSAAAppletServer.exe`. These files must be copied to the same directory. -**NOTE:** These copied files will be deleted from the destination directory later in Step 12. +:::note +These copied files will be deleted from the destination directory later in Step 12. +::: + **Step 7 –** Generate the server certificate signing request and key on the Proxy host. On the proxy host, run the following command out of the FSAA folder where the `FSAACertificateManager.exe` was diff --git a/docs/accessanalyzer/11.6/admin/datacollector/fsaa/defaultscopingoptions/filedetails.md b/docs/accessanalyzer/11.6/admin/datacollector/fsaa/defaultscopingoptions/filedetails.md index 2b50842c83..c34b1ed46a 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/fsaa/defaultscopingoptions/filedetails.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/fsaa/defaultscopingoptions/filedetails.md @@ -17,7 +17,7 @@ Select the desired settings for additional scoping: - Scan file permissions – Turns on file permission scanning and collects a full list of who has access to which files -File tag metadata collection +**File tag metadata collection** - Collect tags/keywords from file metadata properties – Enables the collection of file Microsoft Office metadata tags and stores the tags into the tables when the **Scan file-level details** @@ -33,7 +33,7 @@ File tag metadata collection The FSAA scan collects the tags from the files and stores the information at the folder level, which provides a count for the number of occurrences of each tag. -Scan filter settings +**Scan filter settings** The Scan filter settings options are enabled if the **Scan file-level details** checkbox is selected. @@ -48,5 +48,8 @@ selected. only collect files with extensions matching to the list of file types entered. If this option is not set, all file types are collected. -**CAUTION:** Be careful when configuring these settings. If no filters are applied when file detail +:::warning +Be careful when configuring these settings. If no filters are applied when file detail scanning has been enabled, it can result in returning large amounts of data to the database. + +::: diff --git a/docs/accessanalyzer/11.6/admin/datacollector/fsaa/defaultscopingoptions/scansettings.md b/docs/accessanalyzer/11.6/admin/datacollector/fsaa/defaultscopingoptions/scansettings.md index 5954c40667..aef919a4b3 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/fsaa/defaultscopingoptions/scansettings.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/fsaa/defaultscopingoptions/scansettings.md @@ -8,7 +8,7 @@ sidebar_position: 10 The Scan Settings tab allows configuration of data collection settings. -![FSAA Data Collector Wizard Default Scoping Options page Scan Settings tab](/img/product_docs/accessanalyzer/11.6/admin/datacollector/fsaa/scansettings_1.webp) +![FSAA Data Collector Wizard Default Scoping Options page Scan Settings tab](/img/product_docs/accessanalyzer/11.6/admin/datacollector/fsaa/scansettings.webp) The Scan Settings tab has the following configurable options: diff --git a/docs/accessanalyzer/11.6/admin/datacollector/fsaa/overview.md b/docs/accessanalyzer/11.6/admin/datacollector/fsaa/overview.md index 461c28f3e6..b945a38798 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/fsaa/overview.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/fsaa/overview.md @@ -13,24 +13,24 @@ available with a special Enterprise Auditor license. See the [File System Solution](/docs/accessanalyzer/11.6/solutions/filesystem/overview.md) topic for additional information. -Protocols +**Protocols** - Remote Registry - WMI -Ports +**Ports** - Ports vary based on the Scan Mode Option selected. See the [File System Scan Options](/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/scanoptions.md) topic for additional information. -Permissions +**Permissions** - Permissions vary based on the Scan Mode Option selected. See the [File System Supported Platforms](/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/filesystems.md) topic for additional information. -Sensitive Data Discovery Considerations +**Sensitive Data Discovery Considerations** The Sensitive Data Discovery Add-On must be installed on the Enterprise Auditor Console server, which enables Sensitive Data criteria for scans. If running Sensitive Data Discovery (SDD) scans, it @@ -39,9 +39,12 @@ additional GB of RAM per host. By default, SDD scans are configured to run two c For example, if the job is configured to scan 8 hosts at a time with two concurrent SDD threads, then an extra 32 GB of RAM are required (8x2x2=32). -_Remember,_ if employing either of the File System Proxy Mode as a Service scan mode options, it is +:::tip +Remember, if employing either of the File System Proxy Mode as a Service scan mode options, it is also necessary for the Sensitive Data Discovery Add-on to be installed on the server where the proxy service is installed. +::: + ## FSAA Query Configuration diff --git a/docs/accessanalyzer/11.6/admin/datacollector/fsaa/queryselection.md b/docs/accessanalyzer/11.6/admin/datacollector/fsaa/queryselection.md index 5f7b8cc781..55622ba02b 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/fsaa/queryselection.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/fsaa/queryselection.md @@ -27,8 +27,11 @@ auditing focus: - Scan and import – Collects Distributed File System information - **NOTE:** Starting with v8.1, DFS Audits are completed with a streaming method and do not + :::note + Starting with v8.1, DFS Audits are completed with a streaming method and do not require a bulk import query following the scan query. + ::: + - The Maintenance options perform maintenance for the FSAA Data Collector, and there are three categories to choose from: @@ -37,23 +40,32 @@ auditing focus: the remote server - Upgrade proxy service – Update FSAA binaries for hosts running the File System Proxy Service - **NOTE:** The Upgrade proxy service category only applies to updating a v8.0+ File System + :::note + The Upgrade proxy service category only applies to updating a v8.0+ File System Proxy installation to a newer version. Manual updating is necessary for v7.x File System Proxy installations. + ::: + - Remove Host Data – Removes host from all SQL tables created by the FSAA Data Collector and deletes StrucMap (removes host assigned to job where query exists) -_Remember,_ the Sensitive Data category options require the Sensitive Data Discovery Add-On to be +:::tip +Remember, the Sensitive Data category options require the Sensitive Data Discovery Add-On to be installed on the Enterprise Auditor Console before the FSAA Data Collector can collect sensitive data. +::: + Once a query scan using the FSAA DC has been executed, the **Maintenance** button is enabled to allow troubleshooting of scan errors that may have occurred. -**CAUTION:** Do not use the Maintenance button unless instructed by +:::warning +Do not use the Maintenance button unless instructed by [Netwrix Support](https://www.netwrix.com/support.html). It is possible to cause corruption of the database and loss of data to occur. +::: + ## Maintenance Wizard diff --git a/docs/accessanalyzer/11.6/admin/datacollector/fsaa/scanserverselection.md b/docs/accessanalyzer/11.6/admin/datacollector/fsaa/scanserverselection.md index e24243bb76..fc0528d0bf 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/fsaa/scanserverselection.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/fsaa/scanserverselection.md @@ -45,13 +45,13 @@ Using the radio buttons, select where the execution of the applet will take plac - Select Host Lists – Opens the Select Host Lists window displaying all the available hosts to choose from. If more than one list is selected, scanning is distributed across each host. -**_RECOMMENDED:_** - +:::info It is best practice in global implementations to utilize a specific remote server or proxy scanner that is located in the same data center as the target hosts. This is particularly beneficial if the Enterprise Auditor Console server is in a different data center. See the [Proxy Scanning Architecture](/docs/accessanalyzer/11.6/install/filesystemproxy/overview.md#proxy-scanning-architecture) topic for additional information. +::: In the bottom section, the checkbox options affect the execution of the applet: diff --git a/docs/accessanalyzer/11.6/admin/datacollector/fsaa/scansettings.md b/docs/accessanalyzer/11.6/admin/datacollector/fsaa/scansettings.md index 78faa64f1f..e44dd8e43e 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/fsaa/scansettings.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/fsaa/scansettings.md @@ -12,7 +12,7 @@ wizard page for the categories of: - System Access/Permission Auditing Scan - Sensitive Data -![FSAA Data Collector Wizard Scan Settings page](/img/product_docs/accessanalyzer/11.6/admin/datacollector/fsaa/scansettings.webp) +![FSAA Data Collector Wizard Scan Settings page](/img/product_docs/accessanalyzer/11.6/admin/datacollector/fsaa/scansettings_1.webp) In the Scan Protocols section, select the desired checkboxes for including certain types of shared folders: @@ -82,7 +82,10 @@ columns for all shares in the target environment: - Host – Name of host where the share resides matching the Host Master table Name field value - **_RECOMMENDED:_** Use this column but it is not required. + :::info + Use this column but it is not required. + ::: + - Share – Name of the share - Folder – Landing folder path of the share on the host @@ -99,8 +102,11 @@ in this way: - Folder – `C:\Documentation` - ShareType – `0` -**CAUTION:** If the FSAA Data Collector has identified a share in a previous scan, but that share is +:::warning +If the FSAA Data Collector has identified a share in a previous scan, but that share is not in a table targeted by this query, then it is marked as a deleted share. +::: + Enter the SQL query by replacing the sample text in the textbox. The SQL query must target tables that have the required columns populated with the list of all shares in the target environment. @@ -114,8 +120,11 @@ data being retrieved by the query is expected. When this option is selected, the data collector runs against the target table to enumerate shares in the environment. -_Remember,_ if a share is not in the target table, the data collector assumes that the share does +:::tip +Remember, if a share is not in the target table, the data collector assumes that the share does not exist and marks it as deleted. +::: + ## HTTPS Encryption Certificate for FSAA & NetApp Communication @@ -127,7 +136,7 @@ certificate to enable HTTPS encryption of Enterprise Auditor communications. The certificate (`cacert.pem`) which is shipped with Enterprise Auditor is in the DC folder of the installation directory. The default location is: -…\STEALTHbits\StealthAUDIT\DC +**…\STEALTHbits\StealthAUDIT\DC** If employing remote applet mode or proxy servers, then the certificate (`cacert.pem`) must exist in the FSAA folder where the `FSAAAppletServer.exe` process is running (applet/proxy host). Therefore, @@ -135,11 +144,14 @@ it is necessary to also copy it to the FSAA folder on the target hosts andr prox done at runtime when using remote applet mode, but any updates or custom certificates must be copied manually. The default location is: -…\STEALTHbits\StealthAUDIT\FSAA +**…\STEALTHbits\StealthAUDIT\FSAA** -**_RECOMMENDED:_** Do not overwrite this certificate. It is fully trusted by Netwrix. Instead, add +:::info +Do not overwrite this certificate. It is fully trusted by Netwrix. Instead, add an underscore (_) character to the start of the file name. Then copy the organization's self-signed certificate to this location with the name `cacert.pem`. +::: + There is another `cacert.perm` file within the Enterprise Auditor installation directory used by the Notification SSL encryption options. While these files have the same name, they serve different diff --git a/docs/accessanalyzer/11.6/admin/datacollector/fsaa/scopingoptions.md b/docs/accessanalyzer/11.6/admin/datacollector/fsaa/scopingoptions.md index 6cf3790158..5f7ebac9eb 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/fsaa/scopingoptions.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/fsaa/scopingoptions.md @@ -72,7 +72,10 @@ Both the Resource Name and Host Name textboxes support regular expressions and p Regular Expression: To provide an expression that would include all shares or files that start with the letter `A`: - **NOTE:** This option is case sensitive. + :::note + This option is case sensitive. + ::: + - `RE:\\\\[^\\[+\\A` @@ -88,9 +91,12 @@ Then set Scoping Type and Priority: - Folder Exclude – Provided folder is excluded from the scan. All scoping options must match or it is excluded. - **NOTE:** Any included files or folders inherit all options previously checked in the + :::note + Any included files or folders inherit all options previously checked in the [FSAA: Default Scoping Options](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/defaultscopingoptions/defaultscopingoptions.md) page. Manually apply new options if the default ones are not desired in this scan. + ::: + - Priority – Numerical value that determines which options are used in the case of more than one scoping option overlaps for a particular resource. Lower numerical values have a higher priority @@ -114,7 +120,7 @@ tabs for more detail on these scoping options. The following examples show some common configurations of scoping options and the expected results. -Scenario 1 +**Scenario 1** Scan for all shares except one. @@ -122,7 +128,7 @@ Scan for all shares except one. All shares included except for the ProbableOwner share. -Scenario 2 +**Scenario 2** Scan for one share and exclude all others. @@ -131,7 +137,7 @@ Scan for one share and exclude all others. The ProbableOwner Share is included. All other shares are excluded. Share Inclusion must have a priority that is greater than or equal to the Share Exclusion. -Scenario 3 +**Scenario 3** Scan all folders except one. @@ -139,7 +145,7 @@ Scan all folders except one. All Shares are scanned and all folders are included except for C:\ProbableOwner\DifferentOwner. -Scenario 4 +**Scenario 4** Scan one folder and exclude all others. @@ -148,7 +154,7 @@ Scan one folder and exclude all others. The ProbableOwner Share is included and all other shares are excluded. Within the ProbableOwner Share, Folder path C:\ProbableOwner\DifferentOwner is included. All other folder paths are excluded. -Scenario 5 +**Scenario 5** Scan one folder and all of its children and exclude all others. @@ -158,7 +164,7 @@ The ProbableOwner Share is included and all other shares are excluded. Within th Share, Folder path C:\ProbableOwner\DifferentOwner is included along with all of its children (Notice the \\\* at the end of folder include path). All other folder paths are excluded. -Scenario 6 +**Scenario 6** Scan for all content within a folder except one sub-folder. @@ -170,7 +176,7 @@ Share, Folder path C:\ProbableOwner\DifferentOwner is included along with all of C:\ProbableOwner\DifferentOwner\Test2 is excluded (Notice the higher priority for the exclusion). All other folder paths are excluded. -Additional Considerations +**Additional Considerations** The scoping options listed above can be used to scope for SMB shares and NFS exports but NFS exports are enumerated differently. The include/exclude logic outlined above should be the same for both, diff --git a/docs/accessanalyzer/11.6/admin/datacollector/fsaa/scopingqueries.md b/docs/accessanalyzer/11.6/admin/datacollector/fsaa/scopingqueries.md index 85f355f226..ed37f43915 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/fsaa/scopingqueries.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/fsaa/scopingqueries.md @@ -46,9 +46,12 @@ The Scoping Queries buttons have the following functionality: - Requires the 1-FSAA System Scans, 2-FSAA Bulk Import, and 3-FSAA Exceptions jobs to have been run as a prerequisite -**NOTE:** These two Scan Resource Filters are both Share Include queries by default. To restrict the +:::note +These two Scan Resource Filters are both Share Include queries by default. To restrict the scan to only Open Shares or only DFS Shares it is necessary to also configure the Scoping Options on the previous page of the wizard to exclude all other shares. +::: + For example, to restrict the scan to only Open Shares and exclude all other shares, the Scoping Options page should be configured as shown: @@ -79,7 +82,10 @@ Configure the following fields: [Advanced Scoping Options Query Configuration Window](#advanced-scoping-options-query-configuration-window) topic for additional information. -**_RECOMMENDED:_** Provide a descriptive Comment on the Scoping Queries page. +:::info +Provide a descriptive Comment on the Scoping Queries page. +::: + ### Advanced Scoping Options Query Configuration Window @@ -93,8 +99,11 @@ Follow the steps to configure a query. **Step 1 –** Enter a SQL Query that will return a list of resources to be included in or excluded from the scan. -**NOTE:** The target tables must reside within the Enterprise Auditor database and the result must +:::note +The target tables must reside within the Enterprise Auditor database and the result must return at least the following columns: +::: + - Name - Priority diff --git a/docs/accessanalyzer/11.6/admin/datacollector/fsaa/sddcriteria.md b/docs/accessanalyzer/11.6/admin/datacollector/fsaa/sddcriteria.md index 8d1f0981e8..a851cbbe3b 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/fsaa/sddcriteria.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/fsaa/sddcriteria.md @@ -39,5 +39,8 @@ The table contains the following types of criteria: [Sensitive Data Discovery Add-On Installation](/docs/accessanalyzer/11.6/install/sensitivedatadiscovery/overview.md) topic for additional information. -**NOTE:** Until the Sensitive Data Discovery Add-On is installed, only the headers for the System +:::note +Until the Sensitive Data Discovery Add-On is installed, only the headers for the System Criteria and User Criteria nodes are visible in the table. + +::: diff --git a/docs/accessanalyzer/11.6/admin/datacollector/fsaa/sensitivedatasettings.md b/docs/accessanalyzer/11.6/admin/datacollector/fsaa/sensitivedatasettings.md index 25d881e0d8..1a67b46d52 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/fsaa/sensitivedatasettings.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/fsaa/sensitivedatasettings.md @@ -18,10 +18,13 @@ wizard page for the category of Sensitive Data Scan. - Perform Optical Character Recognition for image files – Enables the data collector to scan for sensitive data within digital images of physical documents - **NOTE:** The OCR option is intended to work for clear scanned physical documents or documents + :::note + The OCR option is intended to work for clear scanned physical documents or documents directly converted to images, with standard fonts. It will not work for scanning photos of documents and may not be able to recognize text on images of credit cards, driver's licenses, or other identity cards. + ::: + - Store discovered sensitive data – Stores discovered sensitive data in the database - Limit stored matches per criteria to [number] – Limits database storage of matches per criteria @@ -50,8 +53,11 @@ Use the radio buttons to select the File types to scan: - Files modified within the last [number] days – Only scans files with a modified date within the specified date range -_Remember,_ the sensitive data discovery options require the Sensitive Data Discovery Add-On to be +:::tip +Remember, the sensitive data discovery options require the Sensitive Data Discovery Add-On to be been installed on the Enterprise Auditor Console. +::: + The Performance Options section allows the user to modulate the efficiency of SDD scans. @@ -59,5 +65,8 @@ The Performance Options section allows the user to modulate the efficiency of SD as part of a scan, increasing parallel scanning. The value should not exceed 2x the number of CPU threads available. - **_RECOMMENDED:_** For optimal performance, the total number of scan processes on a scan host + :::info + For optimal performance, the total number of scan processes on a scan host should be 1 to 2 times the number of CPU threads available. + + ::: diff --git a/docs/accessanalyzer/11.6/admin/datacollector/fsaa/standardtables.md b/docs/accessanalyzer/11.6/admin/datacollector/fsaa/standardtables.md index 8f0816684b..94045aa074 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/fsaa/standardtables.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/fsaa/standardtables.md @@ -14,7 +14,7 @@ these tables regardless of the job executing the query. The tables and their associated views are grouped by types. -Structure Tables +**Structure Tables** | Tables | Details | | --------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | @@ -22,7 +22,7 @@ Structure Tables | SA_FSAA_ImportHistory | Contains historical information about the import process for each host that is imported | | SA_FSAA_Resources | Contains information about all audited resources, which can be file shares or folders. This provides information on the hierarchy relationship and references to the name and rights applied to that folder. | -Trustee Tables +**Trustee Tables** | Tables | Details | | -------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | @@ -30,7 +30,7 @@ Trustee Tables | SA_FSAA_LocalTrustees | Contains information about any trustees that do not belong to a domain, primarily local users and local groups | | SA_FSAA_TrusteeEquivalence | Contains information about Local Group membership. The trustees described can be found in the SA_FSAA_LocalTrustees table. | -Access Calculation Tables +**Access Calculation Tables** | Tables | Details | | ------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | @@ -40,14 +40,14 @@ Access Calculation Tables | SA_FSAA_Policies | Contains information about what trustees are allowed or denied through the policies described in the SA_FSAA_Gates table | | SA_FSAA_UnixRights | Contains information about permissions as they exist within the targeted Unix environment | -Calculated Tables +**Calculated Tables** | Tables | Details | | ---------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | SA_FSAA_Exceptions | Contains information about security issues and concerns. One out-of-box exception stored inside this table is the Open Shares exception. This exception identifies where resources which are open to Everyone, Authenticated Users, or Domain users are located. | | SA_FSAA_ExceptionTypes | Identifies how many instances of exceptions exist on the audited hosts. This table will contain a row for each exception type for each host. Exceptions are specific conditions set forth by Enterprise Auditor that are considered to be issues, such as folders with open access. | -Folder Content Tables +**Folder Content Tables** | Tables | Details | | ---------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | @@ -60,7 +60,7 @@ Folder Content Tables | SA_FSAA_TagProxies | Contains the unique combination of the TagID and TagProxyID | | SA_FSAA_Tags | Contains file tags and the unique ID | -System Tables +**System Tables** | Tables | Details | | ------------------- | -------------------------------------------------------------- | @@ -72,7 +72,7 @@ FSAA Data Collector. They contain additional information for building queries ea is an explanation of the corresponding views created for some of the tables generated by the FSAA Data Collector: -Permission Views +**Permission Views** | Views | Details | | -------------------------------- | ----------------------------------------------------------------------------------------------------------------------- | @@ -83,7 +83,7 @@ Permission Views | SA_FSAA_EffectiveAccessView | Correlates share folder permissions and group membership | | SA_FSAA_ExceptionsView | Contains how many instances of exceptions exist on the audited hosts | -Resources Views +**Resources Views** | Views | Details | | --------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | @@ -91,7 +91,7 @@ Resources Views | SA_FSAA_SharesTraversalView | Contains information about shared folders. It also provides useful information for the locations of these resources, including the local and network paths. Additionally, mount/junction points will show as a normal path traversal, unless the mount/junction point has system and hidden attributes set. | | SA_FSAA_Paths | Contains information about the full paths to every distinct folder location for which permissions have been scanned and child folders exist | -Additional Views +**Additional Views** | Views | Details | | ----------------------------- | --------------------------------------------------------------------------------------------- | @@ -101,7 +101,7 @@ Additional Views The tables and their associated views are grouped by types. -Activity Changes Tables (FSAC) +**Activity Changes Tables (FSAC)** | Tables | Details | | -------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------- | @@ -121,7 +121,7 @@ FSAA Data Collector. They contain additional information for building queries ea is an explanation of the corresponding views created for some of the tables generated by the FSAA Data Collector: -Activity Change Views (FSAC) +**Activity Change Views (FSAC)** | Views | Details | | --------------------------------- | ------------------------------------------------------------------------- | @@ -137,7 +137,7 @@ Activity Change Views (FSAC) The tables and their associated views are grouped by types. -FSDFS Tables +**FSDFS Tables** | Tables | Details | | ------------------- | -------------------------------------------------------------------------------------------------------------- | @@ -149,7 +149,7 @@ FSAA Data Collector. They contain additional information for building queries ea is an explanation of the corresponding views created for some of the tables generated by the FSAA Data Collector: -FSDFS Views +**FSDFS Views** | Views | Details | | -------------------------------- | ------------------------------------- | @@ -159,7 +159,7 @@ FSDFS Views The tables and their associated views are grouped by types. -FSDLP Tables +**FSDLP Tables** | Tables | Details | | --------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | @@ -174,7 +174,7 @@ FSAA Data Collector. They contain additional information for building queries ea is an explanation of the corresponding views created for some of the tables generated by the FSAA Data Collector: -FSDLP Views +**FSDLP Views** | Views | Details | | ---------------------- | ------------------------------------------------------------------------------------------ | diff --git a/docs/accessanalyzer/11.6/admin/datacollector/fsaa/workflows.md b/docs/accessanalyzer/11.6/admin/datacollector/fsaa/workflows.md index 61326469b8..da802118e2 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/fsaa/workflows.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/fsaa/workflows.md @@ -12,7 +12,10 @@ The following FSAA Data Collector query categories that provide additional funct remote server - Update proxy service – Update FSAA binaries for hosts running the File System Proxy Service - **NOTE:** Requires the existing File System Proxy Service to be v8.0 or later. + :::note + Requires the existing File System Proxy Service to be v8.0 or later. + ::: + - Remove host data – Removes host from all SQL tables created by the FSAA Data Collector and deletes StrucMap (removes host assigned to job where query exists) @@ -22,8 +25,11 @@ Additional workflows include: - Remove Host and Criteria SDD Data – Removes SDD data for a host or a criteria from the SQL tables - Drop Tables & Views – Drops the standard reference tables and views -_Remember,_ the FSAA Data Collector always records data in Standard Reference Tables, no matter what +:::tip +Remember, the FSAA Data Collector always records data in Standard Reference Tables, no matter what job it is applied to. +::: + ## Remove File System Access Scan Category @@ -67,9 +73,12 @@ updated binaries and deploy them to the proxy server. Once the proxy server has the Netwrix Enterprise Auditor FSAA Proxy Scanner service shuts down and the components are updated. Finally, the service restarts itself. -**NOTE:** This option is not for updating v7.x File System Proxy installations. Those must be +:::note +This option is not for updating v7.x File System Proxy installations. Those must be manually updated to at least v8.0 on the proxy server before this query can be used to automate the process. +::: + Follow the [Upgrade Proxy Service Procedure](/docs/accessanalyzer/11.6/install/filesystemproxy/upgrade.md) @@ -82,10 +91,16 @@ particular hosts. This would need to be done through a new job’s query. The ho set as the host list for the new job. The Connection Profile applied should be the same as the one used for the associated **FileSystem** > **0.Collection** > … **Bulk Import** Job. -**CAUTION:** Be careful when applying this query task, as it results in the deletion of collected +:::warning +Be careful when applying this query task, as it results in the deletion of collected data. Ensure proper configuration prior to job execution. +::: + + +:::info +Manually enter individual hosts into the host list executing this query. +::: -**_RECOMMENDED:_** Manually enter individual hosts into the host list executing this query. Follow the steps to build a new query using the FSAA Data Collector with the Remove host data category. @@ -110,8 +125,11 @@ the Query Properties window. This job has now been configured to run the FSAA Data Collector to remove the host identified in the job’s **Configure** > **Hosts** node. Run the job to clean-up the targeted hosts. -_Remember,_ this job deletes data from the Enterprise Auditor database. Use caution and ensure +:::tip +Remember, this job deletes data from the Enterprise Auditor database. Use caution and ensure proper configuration prior to job execution. +::: + ## Remove Host and Criteria SDD Data @@ -130,7 +148,10 @@ The 0.Collection Job Group must be run before executing the FS_SDD_DELETE Job. The analysis tasks are deselected by default. View the analysis tasks by navigating to the **Jobs** > **FS_SDD_DELETE** > **Configure** node and select **Analysis**. -**CAUTION:** Applying these analysis tasks result in the deletion of collected data. +:::warning +Applying these analysis tasks result in the deletion of collected data. +::: + ![FS_SDD_DELETE Job Analysis Selection page](/img/product_docs/accessanalyzer/11.6/admin/datacollector/fsaa/sdddeleteanalysistasks.webp) @@ -154,7 +175,10 @@ status is visible from the **Running Instances** node. **Step 4 –** When the job has completed, return to the Analysis Selection Pane and deselect all analysis tasks. -**CAUTION:** Do not leave these analysis tasks checked in order to avoid accidental data loss. +:::warning +Do not leave these analysis tasks checked in order to avoid accidental data loss. +::: + All of these tables have been dropped from the SQL Server database and the data is no longer available. @@ -184,7 +208,10 @@ Editor. Follow the steps to customize analysis task parameters. or **#hosts** row, depending on the analysis task chosen, and then **Edit Table**. The Edit Table window opens. -**CAUTION:** Do not change any parameters where the Value states `Created during execution`. +:::warning +Do not change any parameters where the Value states `Created during execution`. +::: + ![SQL Script Editor Edit Table window](/img/product_docs/accessanalyzer/11.6/admin/datacollector/fsaa/sdddeletesqlscripteditoredittable.webp) @@ -221,18 +248,21 @@ The 0.Collection Job Group must be run before executing the FS_DropTables Job. The analysis tasks are deselected by default. View the analysis tasks by navigating to the **Jobs** > **FS_DropTables** > **Configure** node and select **Analysis**. -**CAUTION:** Applying these analysis tasks result in the deletion of collected data. +:::warning +Applying these analysis tasks result in the deletion of collected data. +::: + ![FS_DropTables Job Analysis Selection page](/img/product_docs/accessanalyzer/11.6/admin/datacollector/fsaa/droptablesanalysistasks.webp) -- 1. Drop FSAA functions – Removes all functions and views from previous runs of the File System +- **1. Drop FSAA functions** – Removes all functions and views from previous runs of the File System Solution -- 2. Drop FSAC tables – Drops the File System Activity Auditing tables imported from the previous +- **2. Drop FSAC tables** – Drops the File System Activity Auditing tables imported from the previous runs -- 3. Drop FSDLP Tables – Drops the File System Sensitive Data Discovery Auditing tables imported +- **3. Drop FSDLP Tables** – Drops the File System Sensitive Data Discovery Auditing tables imported from the previous runs -- 4. Drop FSDFS Tables – Drops the File System DFS Auditing tables imported from the previous runs -- 5. Drop FSAA Tables – Drops File System Access Auditing tables imported from the previous runs +- **4. Drop FSDFS Tables** – Drops the File System DFS Auditing tables imported from the previous runs +- **5. Drop FSAA Tables** – Drops File System Access Auditing tables imported from the previous runs Do not try to run these tasks separately, as they are designed to work together. Follow these steps to run the analysis tasks: @@ -245,7 +275,10 @@ status is visible from the **Running Job** node. **Step 3 –** When the job has completed, return to the Analysis Selection Pane and click **Select All** to deselect these analysis tasks. -**CAUTION:** Do not leave these analysis tasks checked in order to avoid accidental data loss. +:::warning +Do not leave these analysis tasks checked in order to avoid accidental data loss. +::: + All of these tables have been dropped from the SQL Server database and the data is no longer available. diff --git a/docs/accessanalyzer/11.6/admin/datacollector/grouppolicy/options.md b/docs/accessanalyzer/11.6/admin/datacollector/grouppolicy/options.md index 1ab6096007..93a0fb7e12 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/grouppolicy/options.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/grouppolicy/options.md @@ -19,7 +19,10 @@ The configurable options are: - Each part of each policy on a new row - All parts of each policy on the same row - **_RECOMMENDED:_** Use the Each part of each policy on a new row for best results + :::info + Use the Each part of each policy on a new row for best results + ::: + - Multi-Valued Properties – Select one of the following options: @@ -27,6 +30,9 @@ The configurable options are: - First value only - Each value on a new row - **_RECOMMENDED:_** Use the Each value on a new row option for best results. + :::info + Use the Each value on a new row option for best results. + ::: + The available options vary based on the category selected. diff --git a/docs/accessanalyzer/11.6/admin/datacollector/grouppolicy/overview.md b/docs/accessanalyzer/11.6/admin/datacollector/grouppolicy/overview.md index 4424e61b1b..e802b32cd6 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/grouppolicy/overview.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/grouppolicy/overview.md @@ -21,18 +21,18 @@ information: - [Active Directory Solution](/docs/accessanalyzer/11.6/solutions/activedirectory/overview.md) - [Windows Solution](/docs/accessanalyzer/11.6/solutions/windows/overview.md) -Protocols +**Protocols** - LDAP - RPC -Ports +**Ports** - TCP 389 - TCP 135-139 - Randomly allocated high TCP ports -Permissions +**Permissions** - Member of the Domain Administrators group (if targeting domain controllers) - Member of the Local Administrators group diff --git a/docs/accessanalyzer/11.6/admin/datacollector/grouppolicy/policieslist.md b/docs/accessanalyzer/11.6/admin/datacollector/grouppolicy/policieslist.md index 9993ce85ee..83e74f1e3e 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/grouppolicy/policieslist.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/grouppolicy/policieslist.md @@ -22,6 +22,9 @@ To search parts of a policy, drill into the policy and select the desired policy **Check all** to select all properties, and click **Uncheck all** to deselect all properties. Search for a policy by entering a policy name in the Search box and clicking **Search**. -**NOTE:** The policy parts returned may have multiple values. +:::note +The policy parts returned may have multiple values. +::: + At least one policy or policy part must be selected in order to proceed to the next wizard page. diff --git a/docs/accessanalyzer/11.6/admin/datacollector/grouppolicy/target.md b/docs/accessanalyzer/11.6/admin/datacollector/grouppolicy/target.md index 3770721214..e4f0954346 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/grouppolicy/target.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/grouppolicy/target.md @@ -24,8 +24,11 @@ In the Connect to section of the page, select from the following options: In the Use these job credentials to browse section of the page, if multiple credentials are set up, select the credentials to use for the query from the dropdown menu. -**NOTE:** If the Default Connection profile has only one set of credentials, the dropdown will be +:::note +If the Default Connection profile has only one set of credentials, the dropdown will be grayed out and will only display the default credentials for that profile. +::: + In the Get .admx policy definitions from section of the page, select from the following options: diff --git a/docs/accessanalyzer/11.6/admin/datacollector/inifile/overview.md b/docs/accessanalyzer/11.6/admin/datacollector/inifile/overview.md index 5fd6d24b74..b2e5b0df26 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/inifile/overview.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/inifile/overview.md @@ -10,17 +10,17 @@ The INIFile Data Collector provides options to configure a task to collect infor entries on target hosts. This data collector is a core component of Enterprise Auditor and is available with all Enterprise Auditor licenses. -Protocols +**Protocols** - RPC -Ports +**Ports** - TCP 135-139 - Randomly allocated high TCP ports - Optional TCP 445 -Permissions +**Permissions** - Member of the Local Administrators group diff --git a/docs/accessanalyzer/11.6/admin/datacollector/inifile/properties.md b/docs/accessanalyzer/11.6/admin/datacollector/inifile/properties.md index ade586d93e..1e18bdfaf6 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/inifile/properties.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/inifile/properties.md @@ -14,7 +14,10 @@ Use the following options to determine which data to adult: - All contents – Collect all contents from the INI file - **NOTE:** `*` can be used for matching wildcard or single characters. + :::note + `*` can be used for matching wildcard or single characters. + ::: + - Section name – Collect data matching section name from the INI file - Key name – Collect data matching key name from the INI file diff --git a/docs/accessanalyzer/11.6/admin/datacollector/ldap.md b/docs/accessanalyzer/11.6/admin/datacollector/ldap.md index a377910f8b..ab68f0ca17 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/ldap.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/ldap.md @@ -18,15 +18,15 @@ Auditor license. See the [Active Directory Solution](/docs/accessanalyzer/11.6/solutions/activedirectory/overview.md) topic for additional information. -Protocols +**Protocols** - LDAP -Ports +**Ports** - TCP 389 -Permissions +**Permissions** - Member of the Domain Administrators group @@ -44,9 +44,12 @@ following configuration options: - Connect – Connects to the domain specified. The root folder of the domain is displayed in the left pane of the window. - **NOTE:** Before clicking **Connect**, the server port must be configured. To configure the + :::note + Before clicking **Connect**, the server port must be configured. To configure the server port, click **Options** to open the Options window and configure the server port as described in the Options Window section. + ::: + - Options – Opens the Options window to configure connection options and multi-value results options. See the [Options Window](#options-window) topic for additional information. diff --git a/docs/accessanalyzer/11.6/admin/datacollector/nis/overview.md b/docs/accessanalyzer/11.6/admin/datacollector/nis/overview.md index 1650dd6e5b..5e05164c73 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/nis/overview.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/nis/overview.md @@ -13,16 +13,16 @@ available with all Enterprise Auditor license options. See the [.NIS Inventory Solution](/docs/accessanalyzer/11.6/solutions/nisinventory/overview.md) topic for additional information. -Protocols +**Protocols** - NIS -Ports +**Ports** - TCP 111 or UDP 111 - Randomly allocated high TCP ports -Permissions +**Permissions** - No special permissions are needed aside from access to a NIS server diff --git a/docs/accessanalyzer/11.6/admin/datacollector/nosql/configurejob.md b/docs/accessanalyzer/11.6/admin/datacollector/nosql/configurejob.md index adbd09e17b..4ac697d676 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/nosql/configurejob.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/nosql/configurejob.md @@ -14,7 +14,7 @@ The credential used for MongoDB Server auditing can be either an Active Director account. Create a Connection Profile and set the following information on the User Credentials window. -Active Directory +**Active Directory** For an Active Directory account, set the following on the User Credentials window: @@ -36,7 +36,7 @@ For an Active Directory account, set the following on the User Credentials windo - Password – Type the password - Confirm – Re-type the password -SQL +**SQL** For a SQL account, set the following on the User Credentials window: diff --git a/docs/accessanalyzer/11.6/admin/datacollector/nosql/criteria.md b/docs/accessanalyzer/11.6/admin/datacollector/nosql/criteria.md index 8f556158f0..0da56408a8 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/nosql/criteria.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/nosql/criteria.md @@ -32,8 +32,11 @@ The options on the Criteria page are: The table contains the following types of criteria: -**NOTE:** Until the Sensitive Data Discovery Add-On is installed, only the headers for the System +:::note +Until the Sensitive Data Discovery Add-On is installed, only the headers for the System Criteria and User Criteria nodes are visible in the table. +::: + - System Criteria – Lists pre-defined criteria - User Criteria – Lists user-defined criteria @@ -43,6 +46,9 @@ Criteria and User Criteria nodes are visible in the table. [Sensitive Data Criteria Editor](/docs/accessanalyzer/11.6/sensitivedatadiscovery/criteriaeditor/overview.md) topic for additional information. -**NOTE:** Adding unnecessary criteria can adversely impact the scanner performance and can cause the +:::note +Adding unnecessary criteria can adversely impact the scanner performance and can cause the scanning job to take a long time. If performance is adversely affected, revisit the sensitive data scanning criteria and remove criteria that is not required. + +::: diff --git a/docs/accessanalyzer/11.6/admin/datacollector/nosql/filter.md b/docs/accessanalyzer/11.6/admin/datacollector/nosql/filter.md index af28a01614..c2f565f347 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/nosql/filter.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/nosql/filter.md @@ -103,5 +103,8 @@ The Build / Edit Pattern window has the following features: - Include — Reverts an exclusion. By default, all sub tables are included. - Pattern — Build a custom filter to be applied to the selected database objects - **NOTE:** Color-coding indicating Excluded and Included objects does not display until after a + :::note + Color-coding indicating Excluded and Included objects does not display until after a selection is validated using the **Validate Selections** button on the Filter page. + + ::: diff --git a/docs/accessanalyzer/11.6/admin/datacollector/nosql/options.md b/docs/accessanalyzer/11.6/admin/datacollector/nosql/options.md index 7cb3fbf8ae..03f32180ad 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/nosql/options.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/nosql/options.md @@ -13,7 +13,7 @@ sensitive data scan. It is a wizard page for the Sensitive Data Collection categ The sensitive data scan settings are: -Scan Options +**Scan Options** - Data Settings: @@ -36,20 +36,28 @@ Scan Options sensitive data if the collection names are included as part of the keyword list in the scanning criteria -DLP Options +**DLP Options** - Store discovered sensitive data – Stores potentially sensitive data in the Enterprise Auditor database. Any sampled sensitive data discovered based on the matched criteria is stored in the Enterprise Auditor database. This functionality can be disabled by clearing this checkbox. - **NOTE:** The **Store discovered sensitive data** option is required to view Content Audit + :::note + The **Store discovered sensitive data** option is required to view Content Audit reports in the Access Information Center for MongoDB data. + ::: - **CAUTION:** Changing scan options, criteria, or filters when resuming a scan may prevent the + + :::warning + Changing scan options, criteria, or filters when resuming a scan may prevent the scan from resuming properly. + ::: + - Resume scan from last point on error — Resumes scan from where the previous scan left off when the scan was stopped as a result of an error -_Remember,_ the Sensitive Data Discovery Add-on is required to use the sensitive data collection +:::tip +Remember, the Sensitive Data Discovery Add-on is required to use the sensitive data collection option. +::: diff --git a/docs/accessanalyzer/11.6/admin/datacollector/nosql/overview.md b/docs/accessanalyzer/11.6/admin/datacollector/nosql/overview.md index e446747e5a..39c9098e38 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/nosql/overview.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/nosql/overview.md @@ -15,16 +15,16 @@ collector and the solution are available with a special Enterprise Auditor licen [MongoDB Solution](/docs/accessanalyzer/11.6/solutions/databases/mongodb/overview.md) topic for additional information. -Protocols +**Protocols** - TCP/IP -Ports +**Ports** - MongoDB Cluster - Default port is 27017 (A custom port can be configured) -Permissions +**Permissions** - Read Only access to ALL databases in the MongoDB Cluster including: @@ -39,7 +39,7 @@ Permissions NOSQL instances when using the Scans full rows for sensitive data option on the Options wizard page -Sensitive Data Discovery Considerations +**Sensitive Data Discovery Considerations** The Sensitive Data Discovery Add-On must be installed on the Enterprise Auditor Console server, which enables Sensitive Data criteria for scans. If running Sensitive Data Discovery (SDD) scans, it diff --git a/docs/accessanalyzer/11.6/admin/datacollector/overview.md b/docs/accessanalyzer/11.6/admin/datacollector/overview.md index 9fd3a2962f..a2ad28cc3e 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/overview.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/overview.md @@ -125,8 +125,11 @@ for advanced features to manipulate the query. The **+** and **–** buttons man individual properties from the query. The script button opens the VBScript Editor window for query manipulation scripts. -**_RECOMMENDED:_** Use the Data Collector Configuration wizards for basic query modifications. For +:::info +Use the Data Collector Configuration wizards for basic query modifications. For more complex modifications, contact [Netwrix Support](https://www.netwrix.com/support.html). +::: + See the individual data collector section for configuration wizard page information. @@ -146,9 +149,12 @@ The Filter tab has the following items: - Value – When applicable, add a new value to the filter using the dropdown menu. Otherwise, create a new one by typing in the desired value. -**_RECOMMENDED:_** Use the default settings for filters. Filters can be used to substitute or delete +:::info +Use the default settings for filters. Filters can be used to substitute or delete data values during data collection. For more information on the impacts of adding filters to queries, contact [Netwrix Support](https://www.netwrix.com/support.html). +::: + Click **OK** to save changes and exist the Query Properties window. If no changes were made or intended, it is best practice to click **Cancel** to exit the Query Properties window to ensure diff --git a/docs/accessanalyzer/11.6/admin/datacollector/passwordsecurity/dictionaries.md b/docs/accessanalyzer/11.6/admin/datacollector/passwordsecurity/dictionaries.md index 84e16fe45f..276572010b 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/passwordsecurity/dictionaries.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/passwordsecurity/dictionaries.md @@ -32,7 +32,10 @@ The configurable dictionary options are: [Download and Configure the Have I Been Pwnd (HIBP) Hash List](#download-and-configure-the-have-i-been-pwnd-hibp-hash-list) topic for additional information. - **_RECOMMENDED:_** Use the sorted hash dictionary if adding an NLTM format + :::info + Use the sorted hash dictionary if adding an NLTM format + ::: + - Remove – Removes a custom dictionary file from the query scope @@ -69,13 +72,16 @@ The Pwnd Passwords Downloader is a Dotnet tool used to download all Pwned Passwo save them offline so they can be used without a dependency on the k-anonymity API. Use this tool to get the latest breached hashes from the Have I Been Pwnd (HIBP) database. -**NOTE:** The +:::note +The [](https://github.com/HaveIBeenPwned/PwnedPasswordsDownloader)[Pwnd Passwords Downloader](https://github.com/HaveIBeenPwned/PwnedPasswordsDownloader) is a third party, open source tool, created by the HaveIBeenPwned team and distributed under a BSD 3-Clause License. You might experience issues during the hash download process, depending on your threading settings or the load on the CloudFlare backend. The Pwnd Passwords Downloader tool will automatically retry to continue downloading the hashes until it fully completes the download process. +::: + ### Prerequisites diff --git a/docs/accessanalyzer/11.6/admin/datacollector/passwordsecurity/options.md b/docs/accessanalyzer/11.6/admin/datacollector/passwordsecurity/options.md index 6f2a0349e5..328c87f45a 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/passwordsecurity/options.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/passwordsecurity/options.md @@ -17,9 +17,12 @@ The configurable scan options are: - Analyze historical passwords – Scans historical passwords that have been stored in Active Directory - **CAUTION:** Enabling the following option will return clear text passwords to be stored in the + :::warning + Enabling the following option will return clear text passwords to be stored in the Enterprise Auditor database for the following exceptions: **Clear Text Password**, **Potential Keytab Password**, and **Weak Password** (when leveraging a plaintext password dictionary). + ::: + - Return cleartext passwords when possible – Returns stored clear-text passwords to the Enterprise Auditor database diff --git a/docs/accessanalyzer/11.6/admin/datacollector/passwordsecurity/overview.md b/docs/accessanalyzer/11.6/admin/datacollector/passwordsecurity/overview.md index 4f809984f6..8d7df8fef7 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/passwordsecurity/overview.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/passwordsecurity/overview.md @@ -17,15 +17,15 @@ Enterprise Auditor license. See the [Active Directory Solution](/docs/accessanalyzer/11.6/solutions/activedirectory/overview.md) topic for additional information. -Protocols +**Protocols** - LDAP -Ports +**Ports** - TCP 389/636 -Permissions +**Permissions** - At the domain level: diff --git a/docs/accessanalyzer/11.6/admin/datacollector/permissionmatrix.md b/docs/accessanalyzer/11.6/admin/datacollector/permissionmatrix.md index c21011c6a5..a0d710127e 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/permissionmatrix.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/permissionmatrix.md @@ -13,47 +13,48 @@ of data to occur. Many data collectors are included as core components. However, some data collectors require specific license features. The following table provides a quick reference for each data collector. -| Data Collector | Description | Protocols | Ports Used | Recommended Permissions | -| -------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| ActiveDirectory _\*requires license_ | The ActiveDirectory Data Collector audits objects published in Active Directory. | - ADSI - LDAP - RPC | - TCP 389/636 - TCP 135-139 - Randomly allocated high TCP ports | - Member of the Domain Administrators group | -| ADActivity _\*requires license_ | The ADActivity Data Collector integrates with the Netwrix Activity Monitor by reading the Active Directory activity log files. | - HTTP - RPC | - TCP 4494 (configurable within the Netwrix Activity Monitor) | - Netwrix Activity Monitor API Access activity data - Netwrix Activity Monitor API Read - Read access to the Netwrix Activity Monitor Log Archive location | -| ADInventory | The ADInventory Data Collector is designed as a highly scalable and useful data collection mechanism to catalogue user, group, and computer object information that can be used by other solutions within Enterprise Auditor. | - LDAP | - TCP 389 - TCP 135-139 - Randomly allocated high TCP ports | - Read access to directory tree - List Contents & Read Property on the Deleted Objects Container **NOTE:** See the Microsoft [Searching for Deleted Objects](https://technet.microsoft.com/en-us/library/cc978013.aspx) article and the Microsoft [Dsacls](https://technet.microsoft.com/en-us/library/cc771151(v=ws.11).aspx) article for additional information. | -| ADPermissions _\*requires license_ | The ADPermissions Data Collector collects the advanced security permissions of objects in AD. | - ADSI - LDAP - RPC | - TCP 389 - TCP 135 – 139 - Randomly allocated high TCP ports | - LDAP Read permissions - Read on all AD objects - Read permissions on all AD Objects | -| AWS | The AWS Data Collector collects IAM users, groups, roles, and policies, as well as S3 permissions, content, and sensitive data from the target Amazon Web Services (AWS) accounts. | - HTTPS | - 443 | - To collect details about the AWS Organization, the following permission is required: - organizations:DescribeOrganization - To collect details regarding IAM, the following permissions are required: - iam:GenerateCredentialReport - iam:GenerateServiceLastAccessedDetails - iam:Get\* - iam:List\* - iam:Simulate\* - sts:GetAccessKeyInfo - To collect details related to S3 buckets and objects, the following permissions are required: - s3:Describe\* - s3:Get\* - s3:HeadBucket - s3:List\* | -| AzureADInventory | The AzureADInventory Data Collector catalogs user and group object information from Microsoft Entra ID, formerly Azure Active Directory. This data collector is a core component of Enterprise Auditor and is preconfigured in the .Entra ID Inventory Solution. | - HTTP - HTTPS - REST | - TCP 80 and 443 | - Microsoft Graph API - Application Permissions: - AuditLog.Read.All – Read all audit log data - Directory.Read.All – Read directory data - Delegated Permissions: - Group.Read.All – Read all groups - User.Read.All – Read all users' full profiles - Access URLs - https://login.windows.net - https://graph.windows.net - https://login.microsoftonline.com - https://graph.microsoft.com - All sub-directories of the access URLs listed | -| Box _\*requires license_ | The Box Data Collector audits access, group membership, and content within a Box enterprise. | - HTTP - HTTPS | - TCP 80 - TCP 443 | - Box Enterprise Administrator | -| CommandLineUtility | The CommandLineUtility Data Collector provides the ability to remotely spawn, execute, and extract data provided by a Microsoft native or third-party command line utility. | - Remote Registry - RPC | - TCP 135-139 - Randomly allocated high TCP ports | - Member of the local Administrators group | -| DiskInfo | The DiskInfo Data Collector provides enumeration of disks and their associated properties. | - RPC - WMI | - TCP 135 - Randomly allocated high TCP ports | - Member of the local Administrators group | -| DNS _\*requires license_ | The DNS Data Collector provides information regarding DNS configuration and records. | - RPC | - TCP 135 - Randomly allocated high TCP ports | - Member of the Domain Administrators group | -| DropboxAccess _\*requires license_ | The DropboxAccess Data Collector audits access, group membership, and content within a Dropbox environment. | - HTTP - HTTPS | - TCP 80 - TCP443 | - Dropbox Team Administrator | -| EventLog | The EventLog Data Collector provides search and extraction of details from event logs on target systems. | - RPC - WMI | - TCP 135 - Randomly allocated high TCP ports | - Member of the Local Administrators group - Member of the Domain Administrators group (if targeting domain controllers) | -| EWSMailbox _\*requires license_ | The EWSMailbox Data Collector provides configuration options to scan mailbox contents, permissions, and sensitive data, and is preconfigured within the Exchange Solution. | - HTTPS - ADSI - LDAP | - TCP 389 - TCP 443 | For Exchange servers: - Exchange Admin Role - Discovery Management Role - Application Impersonation Role - Exchange Online License For Exchange Online: - Exchange Admin Role - Discovery Management Role - Exchange Online License | -| EWSPublicFolder _\*requires license_ | The EWSPublicFolder Data Collector provides configuration options to extract public folder contents, permissions, and sensitive data, and is preconfigured within the Exchange Solution. | - HTTPS - ADSI - LDAP | - TCP 389 - TCP 443 | For Exchange servers: - Exchange Admin Role - Discovery Management Role - Application Impersonation Role - Exchange Online License with a mailbox For Exchange Online: - Exchange Admin Role - Discovery Management Role - Exchange Online License with a mailbox | -| Exchange2K _\*requires license_ | The Exchange2K Data Collector extracts configuration details from Exchange organizations for versions 2003 and later. | - LDAP - MAPI - PowerShell - RPC - WMI | - TCP 135-139 - Randomly allocated high TCP ports - TCP 389 - Optional TCP 445 | - Member of the Exchange Administrator group - Domain Admin for AD property collection - Public Folder Management | -| ExchangeMailbox _\*requires license_ | The ExchangeMailbox Data Collector extracts configuration details from the Exchange Store to provide statistical, content, permission, and sensitive data reporting on mailboxes. | - MAPI - RPC | - TCP 135 - Randomly allocated high TCP ports | - Member of the Exchange Administrator group - Organization Management - Discovery Management | -| ExchangeMetrics _\*requires license_ | The ExchangeMetrics Data Collector collects Mail-Flow metrics from the Exchange Message Tracking Logs on the Exchange servers. Some examples of this include server volume and message size statistics. | - RPC - WMI | - TCP 135 - Randomly allocated high TCP ports | - Member of the local Administrator group on the targeted Exchange server(s) | -| ExchangePS _\*requires license_ | The ExchangePS Data Collector utilizes the Exchange CMDlets to return information about the Exchange environment utilizing PowerShell. This data collector has been designed to work with Exchange 2010 and newer. | - PowerShell | - TCP 135 - Randomly allocated high TCP ports | For Exchange servers: - Remote PowerShell enabled on a single Exchange server - Windows Authentication enabled for the PowerShell Virtual Directory on the same Exchange server where Remote PowerShell has been enabled - View-Only Organization Management Role Group - Discovery Search Management Role Group - Public Folder Management Role Group - Mailbox Search Role For Exchange Online: - Discovery Management Role - Organization Management Role | -| ExchangePublicFolder _\*requires license_ | The ExchangePublicFolder Data Collector audits an Exchange Public Folder, including contents, permissions, ownership, and replicas. | - MAPI - RPC | - TCP 135 - Randomly allocated high TCP ports | - Member of the Exchange Administrator group - Organization Management | -| File | The File Data Collector provides file and folder enumeration, properties, and permissions. | - RPC - WMI | - TCP 135-139 - Randomly allocated high TCP ports - Optional TCP 445 | - Member of the Local Administrators group | -| FileSystemAccess (FSAA) _\*requires license_ | The FileSystemAccess (FSAA) Data Collector collects permissions, content, and activity, and sensitive data information for Windows and NAS file systems. | - Remote Registry - WMI | - Ports vary based on the Scan Mode Option selected. See the [File System Scan Options](/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/scanoptions.md) topic for additional information. | - Permissions vary based on the Scan Mode Option selected. See the [File System Supported Platforms](/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/filesystems.md) topic for additional information. | -| GroupPolicy | The GroupPolicy Data Collector provides the ability to retrieve the GPO’s list in the domain and where they are linked, return information on configured policies and policy parts from the individual policies that have been selected, return information on selected policy parts from all policies within the domain, and return effective security policies in effect at the individual workstation. | - LDAP - RPC | - TCP 389 - TCP 135-139 - Randomly allocated high TCP ports | - Member of the Domain Administrators group (if targeting domain controllers) - Member of the Local Administrators group | -| INIFile | The INIFile Data Collector provides options to configure a task to collect information about log entries on target hosts. | - RPC | - TCP 135-139 - Randomly allocated high TCP ports - Optional TCP 445 | - Member of the Local Administrators group | -| LDAP | The LDAP Data Collector uses LDAP to query Active Directory returning the specified objects and attributes. | - LDAP | - TCP 389 | - Member of the Domain Administrators group | -| NIS | The NIS Data Collector inventories a NIS domain for user and group information, mapping to Windows-style SIDs. | - NIS | - TCP 111 or UDP 111 - Randomly allocated high TCP ports | - No special permissions are needed aside from access to a NIS server | -| NoSQL | The NoSQL Data Collector for MongoDB provides information on MongoDB Cluster configuration, limited user permissions, scans collections for sensitive data, and identifies who has access to sensitive data. | - TCP/IP | - MongoDB Cluster - Default port is 27017 (A custom port can be configured) | - Read Only access to ALL databases in the MongoDB Cluster including: - Admin databases - Config databases - Local databases - Read Only access to any user databases is required for sensitive data discovery - Read access to NOSQL instance - Read access to MongoDB instance - Requires NOSQL Full-Text and Semantic Extractions for Search feature to be installed on the target NOSQL instances when using the Scans full rows for sensitive data option on the Options wizard page | -| ODBC | Queries ODBC compliant databases for tables and table properties | - OCBC | - TCP 1433 | - Database Read access | -| PasswordSecurity | The PasswordSecurity Data Collector compares passwords stored in Active Directory to known, breached passwords in the Netwrix dictionary or custom dictionaries. The PasswordSecurity Data Collector also checks for common misconfigurations with passwords in Active Directory. | - LDAP | - TCP 389/636 | - At the domain level: - Read - Replicating Directory Changes - Replicating Directory Changes All - Replicating Directory Changes in a Filtered Set - Replication Synchronization | -| PatchCheck | Provides patch verification and optional automatic bulletin downloads from Microsoft | - HTTP - ICMP - RPC | - TCP 135-139 - Randomly allocated high TCP ports - TCP 80 - TCP 7 | - Member of the Local Administrators group | -| Perfmon | Provides performance monitor counter data samples | - RPC | - TCP 135-139 - Randomly allocated high TCP ports | - Member of the Local Administrators group | -| PowerShell | The PowerShell Data Collector provides PowerShell script exit from Enterprise Auditor. | - PowerShell | - Randomly allocated high TCP ports | - Member of the Domain Administrators group (if targeting domain controllers) - Member of the Local Administrators group | -| Registry | The Registry Data Collector queries the registry and returns keys, key values, and permissions on the keys. | - Remote Registry - RPC | - TCP 135-139 - Randomly allocated high TCP ports | - Member of the Local Administrators group | -| Script | The Script Data Collector provides VB Script exit from Enterprise Auditor. | - VB Script | - Randomly allocated high TCP ports | - Member of the Local Administrators group - Member of the Domain Administrators group (if targeting domain controllers) | -| Services | The Services Data Collector enumerates status and settings from remote services. | - RPC - WMI | - TCP 135-139 - Randomly allocated high TCP ports | - Member of the Local Administrators group | -| SharePointAccess (SPAA) _\*requires license_ | The SharePointAccess (SPAA) Data Collector audits access, group membership, and content within a SharePoint on-premises and SharePoint Online environment. The SPAA Data Collector has been preconfigured within the SharePoint Solution. | - MS SQL - Remote Registry - SP CSOM (Web Services via HTTP & HTTPS) - SP Server API - WCF AUTH via TCP (configurable) | - Ports vary based on the Scan Mode selected and target environment. See the [SharePoint Scan Options](/docs/accessanalyzer/11.6/requirements/sharepoint/scanoptions/scanoptions.md) topic for additional information. | - Permissions vary based on the Scan Mode selected and target environment. See the [SharePoint Support](/docs/accessanalyzer/11.6/requirements/sharepoint/sharepoint/sharepoint.md) topic for additional information. | -| SMARTLog | The SMARTLog Data Collector provides search and extraction of details from Windows Event Logs (online or offline) and Microsoft Exchange Internet Information Server (IIS) logs. | - Log - Remote Event - RPC | - TCP 135 - TCP 445 - Randomly allocated high TCP ports | - Member of the Domain Administrators group (if targeting domain controllers) - Member of the local Administrators group | -| SQL _\*requires license_ | The SQL Data Collector provides information on database configuration, permissions, data extraction, application name of the application responsible for activity events, an IP Address or Host name of the client server, and sensitive data reports. This data collector also provides information on Oracle databases including infrastructure and operations. | TCP | For Db2 Target: - Specified by Instances table (default is 5000) For MySQL Target: - Specified by Instances table (default is 3306) For Oracle Target: - Specified by Instances table (default is 1521) For PostgreSQL Target: - Specified by Instances table (default is 5432) For SQL Target: - Specified by Instances table (default is 1433) | For MySQL Target: - Read access to MySQL instance to include all databases contained within each instance - Windows Only — Domain Admin or Local Admin privilege For Oracle Target: - User with SYSDBA role - Local Administrator on the target servers – Only applies to Windows Servers and not on Linux or Unix operating systems For PostgreSQL Target: - Read access to all the databases in PostgreSQL cluster or instance - Windows Only — Domain Admin or Local Admin privilege For Redshift Target: - Read-access to the following tables: - pg_tables - pg_user For SQL Target: - For Instance Discovery, local rights on the target SQL Servers: - Local group membership to Remote Management Users - Permissions on the following WMI NameSpaces: `root\Microsoft\SQLServer, root\interop` - For permissions for data collection: - Read access to SQL instance - Requires SQL Full-Text and Semantic Extractions for Search feature to be installed on the target SQL instance(s) when using the **Scan full rows for sensitive data** option on the Options wizard page - Grant Authenticate Server to [DOMAIN\USER] - Grant Connect SQL to [DOMAIN\USER] - Grant View any database to [DOMAIN\USER] - Grant View any definition to [DOMAIN\USER] - Grant View server state to [DOMAIN\USER] - Grant Control Server to [DOMAIN\USER] (specifically required for the Weak Passwords Job) | -| SystemInfo | The SystemInfo Data Collector extracts information from the target system based on the selected category. | - Remote Registry - RPC - WMI | - TCP 135-139 - Randomly allocated high TCP ports | - Member of the Local Administrators group | -| TextSearch | The TextSearch Data Collector enables searches through text based log files. | - RPC | - TCP 135-139 - Randomly allocated high TCP ports | - Member of the Local Administrators group | -| Unix _\*requires license_ | The Unix Data collector provides host inventory, software inventory, and logical volume inventory on UNIX & Linux platforms. | - SSH | - TCP 22 - User configurable | - Root permissions in Unix/Linux | -| UserGroups _\*requires license_ | The UsersGroups Data Collector audits user and group accounts for both local and domain, extracting system policies. | - RPC - SMBV2 - WMI | - TCP 135-139 - Randomly allocated high TCP ports - 445 | - Member of the Local Administrators group - If a less-privileged option is required, you can use a regular domain user that has been added to the **Network access: Restrict clients allowed to make remote calls to SAM** Local Security Policy - Member of the Domain Administrators group (if targeting domain controllers) | -| WMICollector | The WMICollector Data Collector identifies data for certain types of WMI classes and namespaces. | - RPC - WMI | - TCP 135-139 - Randomly allocated high TCP ports | - Member of the Local Administrators group | +| Data Collector | Description | Protocols | Ports Used | Recommended Permissions | +| -------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| ActiveDirectory _\*requires license_ | The ActiveDirectory Data Collector audits objects published in Active Directory. | | | | +| ADActivity _\*requires license_ | The ADActivity Data Collector integrates with the Netwrix Activity Monitor by reading the Active Directory activity log files. | | | | +| ADInventory | The ADInventory Data Collector is designed as a highly scalable and useful data collection mechanism to catalogue user, group, and computer object information that can be used by other solutions within Enterprise Auditor. | | | | +| ADPermissions _\*requires license_ | The ADPermissions Data Collector collects the advanced security permissions of objects in AD. | | | | +| AWS | The AWS Data Collector collects IAM users, groups, roles, and policies, as well as S3 permissions, content, and sensitive data from the target Amazon Web Services (AWS) accounts. | | | To collect details about the AWS Organization, the following permission is required:To collect details regarding IAM, the following permissions are required:To collect details related to S3 buckets and objects, the following permissions are required: | +| AzureADInventory | The AzureADInventory Data Collector catalogs user and group object information from Microsoft Entra ID, formerly Azure Active Directory. This data collector is a core component of Enterprise Auditor and is preconfigured in the .Entra ID Inventory Solution. | | |**Microsoft Graph API**
Application Permissions:Delegated Permissions:**Access URLs** | +| Box _\*requires license_ | The Box Data Collector audits access, group membership, and content within a Box enterprise. | | | | +| CommandLineUtility | The CommandLineUtility Data Collector provides the ability to remotely spawn, execute, and extract data provided by a Microsoft native or third-party command line utility. | | | | +| DiskInfo | The DiskInfo Data Collector provides enumeration of disks and their associated properties. | | | | +| DNS _\*requires license_ | The DNS Data Collector provides information regarding DNS configuration and records. | | | | +| DropboxAccess _\*requires license_ | The DropboxAccess Data Collector audits access, group membership, and content within a Dropbox environment. | | | | +| EventLog | The EventLog Data Collector provides search and extraction of details from event logs on target systems. | | | | +| EWSMailbox _\*requires license_ | The EWSMailbox Data Collector provides configuration options to scan mailbox contents, permissions, and sensitive data, and is preconfigured within the Exchange Solution. | | | For Exchange servers: For Exchange Online: | +| EWSPublicFolder _\*requires license_ | The EWSPublicFolder Data Collector provides configuration options to extract public folder contents, permissions, and sensitive data, and is preconfigured within the Exchange Solution. | | | For Exchange servers: For Exchange Online: | +| Exchange2K _\*requires license_ | The Exchange2K Data Collector extracts configuration details from Exchange organizations for versions 2003 and later. | | | | +| ExchangeMailbox _\*requires license_ | The ExchangeMailbox Data Collector extracts configuration details from the Exchange Store to provide statistical, content, permission, and sensitive data reporting on mailboxes. | | | | +| ExchangeMetrics _\*requires license_ | The ExchangeMetrics Data Collector collects Mail-Flow metrics from the Exchange Message Tracking Logs on the Exchange servers. Some examples of this include server volume and message size statistics. | | | | +| ExchangePS _\*requires license_ | The ExchangePS Data Collector utilizes the Exchange CMDlets to return information about the Exchange environment utilizing PowerShell. This data collector has been designed to work with Exchange 2010 and newer. | | | For Exchange servers: For Exchange Online: | +| ExchangePublicFolder _\*requires license_ | The ExchangePublicFolder Data Collector audits an Exchange Public Folder, including contents, permissions, ownership, and replicas. | | | | +| File | The File Data Collector provides file and folder enumeration, properties, and permissions. | | | | +| FileSystemAccess (FSAA) _\*requires license_ | The FileSystemAccess (FSAA) Data Collector collects permissions, content, and activity, and sensitive data information for Windows and NAS file systems. | | | | +| GroupPolicy | The GroupPolicy Data Collector provides the ability to retrieve the GPO’s list in the domain and where they are linked, return information on configured policies and policy parts from the individual policies that have been selected, return information on selected policy parts from all policies within the domain, and return effective security policies in effect at the individual workstation. | | | | +| INIFile | The INIFile Data Collector provides options to configure a task to collect information about log entries on target hosts. | | | | +| LDAP | The LDAP Data Collector uses LDAP to query Active Directory returning the specified objects and attributes. | | | | +| NIS | The NIS Data Collector inventories a NIS domain for user and group information, mapping to Windows-style SIDs. | | | | +| NoSQL | The NoSQL Data Collector for MongoDB provides information on MongoDB Cluster configuration, limited user permissions, scans collections for sensitive data, and identifies who has access to sensitive data. | | | | +| ODBC | Queries ODBC compliant databases for tables and table properties | | | | +| PasswordSecurity | The PasswordSecurity Data Collector compares passwords stored in Active Directory to known, breached passwords in the Netwrix dictionary or custom dictionaries. The PasswordSecurity Data Collector also checks for common misconfigurations with passwords in Active Directory. | | | | +| PatchCheck | Provides patch verification and optional automatic bulletin downloads from Microsoft | | | | +| Perfmon | Provides performance monitor counter data samples | | | | +| PowerShell | The PowerShell Data Collector provides PowerShell script exit from Enterprise Auditor. | | | | +| Registry | The Registry Data Collector queries the registry and returns keys, key values, and permissions on the keys. | | | | +| Script | The Script Data Collector provides VB Script exit from Enterprise Auditor. | | | | +| Services | The Services Data Collector enumerates status and settings from remote services. | | | | +| SharePointAccess (SPAA) _\*requires license_ | The SharePointAccess (SPAA) Data Collector audits access, group membership, and content within a SharePoint on-premises and SharePoint Online environment. The SPAA Data Collector has been preconfigured within the SharePoint Solution. | | | | +| SMARTLog | The SMARTLog Data Collector provides search and extraction of details from Windows Event Logs (online or offline) and Microsoft Exchange Internet Information Server (IIS) logs. | | | | +| SQL _\*requires license_ | The SQL Data Collector provides information on database configuration, permissions, data extraction, application name of the application responsible for activity events, an IP Address or Host name of the client server, and sensitive data reports. This data collector also provides information on Oracle databases including infrastructure and operations. | TCP | For Db2 Target: For MySQL Target: For Oracle Target: For PostgreSQL Target: For SQL Target: | **For MySQL Target:** **For Oracle Target:** **For PostgreSQL Target:** **For Redshift Target:** **For SQL Target:**
For Instance Discovery, local rights on the target SQL Servers:For permissions for data collection:| +| SystemInfo | The SystemInfo Data Collector extracts information from the target system based on the selected category. | | | | +| TextSearch | The TextSearch Data Collector enables searches through text based log files. | | | | +| Unix _\*requires license_ | The Unix Data collector provides host inventory, software inventory, and logical volume inventory on UNIX & Linux platforms. | | | | +| UserGroups _\*requires license_ | The UsersGroups Data Collector audits user and group accounts for both local and domain, extracting system policies. | | | | +| WMICollector | The WMICollector Data Collector identifies data for certain types of WMI classes and namespaces. | | | | + diff --git a/docs/accessanalyzer/11.6/admin/datacollector/powershell/editquery.md b/docs/accessanalyzer/11.6/admin/datacollector/powershell/editquery.md index 18f44712b7..1293169a87 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/powershell/editquery.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/powershell/editquery.md @@ -35,8 +35,11 @@ The options in the Parameters Window are: [Add/Edit Variable Window](#addedit-variable-window) topic for additional information. - Delete – Delete a parameter -**NOTE:** Only user created parameters can be edited or deleted. Pre-configured parameters cannot be +:::note +Only user created parameters can be edited or deleted. Pre-configured parameters cannot be edited or deleted. +::: + ### Add/Edit Variable Window diff --git a/docs/accessanalyzer/11.6/admin/datacollector/powershell/overview.md b/docs/accessanalyzer/11.6/admin/datacollector/powershell/overview.md index 4c1cc7043a..521dd5ec0b 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/powershell/overview.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/powershell/overview.md @@ -10,15 +10,15 @@ The PowerShell Data Collector provides PowerShell script exit from Enterprise Au configuration options for creating and configuring a PowerShell query. This data collector is a core component of Enterprise Auditor and is available with all Enterprise Auditor licenses. -Protocols +**Protocols** - PowerShell -Ports +**Ports** - Randomly allocated high TCP ports -Permissions +**Permissions** - Member of the Domain Administrators group (if targeting domain controllers) - Member of the Local Administrators group diff --git a/docs/accessanalyzer/11.6/admin/datacollector/registry.md b/docs/accessanalyzer/11.6/admin/datacollector/registry.md index 1723ff897a..958f451034 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/registry.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/registry.md @@ -20,17 +20,17 @@ special Enterprise Auditor licenses. See the following topics for additional inf - [Active Directory Solution](/docs/accessanalyzer/11.6/solutions/activedirectory/overview.md) - [Windows Solution](/docs/accessanalyzer/11.6/solutions/windows/overview.md) -Protocols +**Protocols** - Remote Registry - RPC -Ports +**Ports** - TCP 135-139 - Randomly allocated high TCP ports -Permissions +**Permissions** - Member of the Local Administrators group diff --git a/docs/accessanalyzer/11.6/admin/datacollector/script/example1.md b/docs/accessanalyzer/11.6/admin/datacollector/script/example1.md index 15d936c435..d9be2daa43 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/script/example1.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/script/example1.md @@ -25,10 +25,13 @@ The script then takes the value of `REMAINDER`, which is in seconds, and convert minutes, and seconds. These values are then recorded in the Query object so that Enterprise Auditor can store this data. -**NOTE:** In this task, the hours, minutes, and seconds properties were specified manually using the +:::note +In this task, the hours, minutes, and seconds properties were specified manually using the task dialog. See the [Script Properties](/docs/accessanalyzer/11.6/admin/datacollector/script/properties.md) topic for additional information. +::: + ## Example of Conversion of Data Script diff --git a/docs/accessanalyzer/11.6/admin/datacollector/script/example2.md b/docs/accessanalyzer/11.6/admin/datacollector/script/example2.md index 145757faea..2c2d88d90a 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/script/example2.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/script/example2.md @@ -10,8 +10,11 @@ The following example illustrates the use of scripts within Enterprise Auditor. database list from SQL Server and then proceeds to the File System Data Collector for the size of the database file, essentially inventorying the installed databases, their paths, and sizes. -**NOTE:** Because the object instances are not thread-safe, scripts like these that use objects +:::note +Because the object instances are not thread-safe, scripts like these that use objects external to Enterprise Auditor should be run with only one thread. +::: + In this example, a connection is opened with a SQL server. The SQL server name is provided by Enterprise Auditor during the query. Enterprise Auditor provides the active host to the script using diff --git a/docs/accessanalyzer/11.6/admin/datacollector/script/overview.md b/docs/accessanalyzer/11.6/admin/datacollector/script/overview.md index 0ade70077e..5a7ee04537 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/script/overview.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/script/overview.md @@ -31,15 +31,15 @@ See the [Windows Solution](/docs/accessanalyzer/11.6/solutions/windows/overview.md) topic for additional information. -Protocols +**Protocols** - VB Script -Ports +**Ports** - Randomly allocated high TCP ports -Permissions +**Permissions** - Member of the Local Administrators group - Member of the Domain Administrators group (if targeting domain controllers) diff --git a/docs/accessanalyzer/11.6/admin/datacollector/script/properties.md b/docs/accessanalyzer/11.6/admin/datacollector/script/properties.md index c75f36a774..66eecb39d8 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/script/properties.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/script/properties.md @@ -11,8 +11,11 @@ The Data Source tab is used to select the data collector to be used. The configu - Source – Used to select data collector - Path – Displays the returned path from the data collector - **CAUTION:** Editing the path is considered an advanced operation. Entering an incorrect value + :::warning + Editing the path is considered an advanced operation. Entering an incorrect value may render the query inoperable. + ::: + - The path is used to identify the selection from within the data collector. The path essentially tells the data collector where the data is and depending on the data collector, @@ -33,8 +36,11 @@ The Data Source tab is used to select the data collector to be used. The configu order and the ability to graph content. In some cases, the data collector is unable to determine the correct data type for the returned data. - **CAUTION:** Setting this value manually to an incorrect data type may render your results + :::warning + Setting this value manually to an incorrect data type may render your results invalid and inaccessible by Enterprise Auditor. + ::: + - For example: Querying the registry for a value stored as **REG_SZ** returns a string, as **REG_SZ** is a string type in the registry. However, sometimes numbers are recorded in diff --git a/docs/accessanalyzer/11.6/admin/datacollector/script/reference.md b/docs/accessanalyzer/11.6/admin/datacollector/script/reference.md index a782e0cd9f..1af55b8fb7 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/script/reference.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/script/reference.md @@ -10,13 +10,13 @@ Enterprise Auditor provides extensions to standard Visual Basic Script. These ex access to and manipulation of task data, in addition to invoking queries. They are implemented through two objects. -Query Object +**Query Object** The Query object provides access to the current query configuration and data. Use this to examine the results of a query or to manipulate the query before it is executed. Changing properties of this object will change the way the task is executed by Enterprise Auditor. -Working Query Object +**Working Query Object** The Working Query object is identical to the Query object. This object supports the same methods and properties as the Query object but its properties and methods do not access the current query. Think diff --git a/docs/accessanalyzer/11.6/admin/datacollector/services.md b/docs/accessanalyzer/11.6/admin/datacollector/services.md index 68173600f7..5c6f1c69b8 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/services.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/services.md @@ -13,17 +13,17 @@ the Windows Solution is only available with a special Enterprise Auditor license [Windows Solution](/docs/accessanalyzer/11.6/solutions/windows/overview.md) topic for additional information. -Protocols +**Protocols** - RPC - WMI -Ports +**Ports** - TCP 135-139 - Randomly allocated high TCP ports -Permissions +**Permissions** - Member of the Local Administrators group @@ -42,6 +42,9 @@ The Services Data Collector is configured through the Service Browser window. - Connect – Click **Connect** to connect to the host and display a list of all services found - Available Properties – Select the properties to be returned -**NOTE:** In cases where the query does not find the selected services on the target host, the +:::note +In cases where the query does not find the selected services on the target host, the `InternalName` column that is returned reflects the `DisplayName` column and no other values are retrieved. If the services are found on the host, the `DisplayName` value in the table is resolved. + +::: diff --git a/docs/accessanalyzer/11.6/admin/datacollector/smartlog/collectionmethod.md b/docs/accessanalyzer/11.6/admin/datacollector/smartlog/collectionmethod.md index a2eb844b3b..3783c68b37 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/smartlog/collectionmethod.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/smartlog/collectionmethod.md @@ -19,7 +19,10 @@ executed to collect the data from the target. process on the target host. It connects to the log, retrieves information, and returns it to the Enterprise Auditor Console. - **NOTE:** The applet cannot be used to target the local host. + :::note + The applet cannot be used to target the local host. + ::: + - Copy the log locally and process (Not available for all query scenarios) – Extract events from an offline log by moving the log to the Enterprise Auditor Console and having it processed on the diff --git a/docs/accessanalyzer/11.6/admin/datacollector/smartlog/overview.md b/docs/accessanalyzer/11.6/admin/datacollector/smartlog/overview.md index c4b7014559..7fe415785c 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/smartlog/overview.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/smartlog/overview.md @@ -20,19 +20,19 @@ information: - [SQL Job Group](/docs/accessanalyzer/11.6/solutions/databases/sql/overview.md) - [Windows Solution](/docs/accessanalyzer/11.6/solutions/windows/overview.md) -Protocols +**Protocols** - Log - Remote Event - RPC -Ports +**Ports** - TCP 135 - TCP 445 - Randomly allocated high TCP ports -Permissions +**Permissions** - Member of the Domain Administrators group (if targeting domain controllers) - Member of the local Administrators group diff --git a/docs/accessanalyzer/11.6/admin/datacollector/spaa/activitydatescope.md b/docs/accessanalyzer/11.6/admin/datacollector/spaa/activitydatescope.md index b2dd68987a..4a7226ef63 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/spaa/activitydatescope.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/spaa/activitydatescope.md @@ -26,5 +26,8 @@ Use the radio buttons to select the **Scan Filters**. - End date – Click the down arrow to access the calendar and select the end date for data collection - **NOTE:** Selecting Absolute Timespan will not affect activity data collected during Relative + :::note + Selecting Absolute Timespan will not affect activity data collected during Relative Timespan scans. + + ::: diff --git a/docs/accessanalyzer/11.6/admin/datacollector/spaa/activityloglocations.md b/docs/accessanalyzer/11.6/admin/datacollector/spaa/activityloglocations.md index bdc0276614..e24ed980a4 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/spaa/activityloglocations.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/spaa/activityloglocations.md @@ -30,14 +30,20 @@ The options in the Customize Activity Log UNC Paths Window are: - Activity log UNC path – UNC path to the location of the **SBTFileMon_Logs** folder containing the Activity Logs (as configured in **Activity Monitor** > **Monitored Hosts**) - **NOTE:** For On-Premises environments you do not need to specify an Activity Log UNC path as + :::note + For On-Premises environments you do not need to specify an Activity Log UNC path as the Data Collector will default to finding the log locations via the registry. + ::: + - Activity archive UNC path – UNC path to the archive location of Activity Logs (as configured in **Activity Monitor** > **Agents**). If archiving is not enabled in Activity Monitor this can be left blank. -**NOTE:** In any UNC paths, `%HOST%` will be replaced with the host name. +:::note +In any UNC paths, `%HOST%` will be replaced with the host name. +::: + See the Getting Started with SharePoint & SharePoint Online Activity Monitor topic in the [Netwrix Activity Monitor Documentation](https://helpcenter.netwrix.com/category/activitymonitor) diff --git a/docs/accessanalyzer/11.6/admin/datacollector/spaa/additionalscoping.md b/docs/accessanalyzer/11.6/admin/datacollector/spaa/additionalscoping.md index 0c651af879..1947b03fd1 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/spaa/additionalscoping.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/spaa/additionalscoping.md @@ -12,10 +12,13 @@ page for the categories of: - Scan SharePoint Access - Scan For Sensitive Content -**CAUTION:** Users should not change scans in a way that would result in less data being returned on +:::warning +Users should not change scans in a way that would result in less data being returned on a subsequent scan (i.e. scanning fewer web applications, scanning fewer site collections, or a shallower depth scan). Those resources not included in a subsequent scan are marked as deleted in the Tier 2 database and subsequently removed from the Tier 1 database. +::: + ![Additional Scoping page](/img/product_docs/accessanalyzer/11.6/admin/datacollector/spaa/additionalscoping.webp) @@ -28,5 +31,8 @@ Check the **Perform differential scan** box to enable the job to run a different Differential scanning is enabled by default. When this option is enabled, SPAA scan will only parse files for content/SDD if it has been modified since the last scan. -**NOTE:** This option only applies to Tag collection and Sensitive data collection. Files will be +:::note +This option only applies to Tag collection and Sensitive data collection. Files will be still be scanned for permissions regardless of whether this option is checked or not. + +::: diff --git a/docs/accessanalyzer/11.6/admin/datacollector/spaa/agentsettings.md b/docs/accessanalyzer/11.6/admin/datacollector/spaa/agentsettings.md index 801daca5e4..62e4054f4c 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/spaa/agentsettings.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/spaa/agentsettings.md @@ -9,7 +9,7 @@ sidebar_position: 70 The Agent Settings page is where the SharePoint Agent Service is configured. It is a wizard page for the category of Scan SharePoint Access. -![Agent Settings page](/img/product_docs/activitymonitor/7.1/install/agent/windowsagent.webp) +![Agent Settings page](/img/product_docs/accessanalyzer/11.6/admin/datacollector/spaa/agentsettings.webp) The **Enable Agent Service Scans** checkbox enables collecting SharePoint data through the agent services instead of directly from SharePoint. This option requires a **Network Port** to be entered. diff --git a/docs/accessanalyzer/11.6/admin/datacollector/spaa/category.md b/docs/accessanalyzer/11.6/admin/datacollector/spaa/category.md index 868fdb4fb0..dc879bba4f 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/spaa/category.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/spaa/category.md @@ -29,6 +29,8 @@ The options on the Category page are: - Bulk Import SharePoint Activity Scan Results – Imports SharePoint activity into the Enterprise Auditor database -_Remember,_ the sensitive data discovery options require the Sensitive Data Discovery Add-On to be +:::tip +Remember, the sensitive data discovery options require the Sensitive Data Discovery Add-On to be installed on the Enterprise Auditor Console. If the SharePoint Agent is used, then it must also be installed on the application server that hosts the Central Administration component. +::: diff --git a/docs/accessanalyzer/11.6/admin/datacollector/spaa/configurejob.md b/docs/accessanalyzer/11.6/admin/datacollector/spaa/configurejob.md index 1b85cd6301..4aca22f190 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/spaa/configurejob.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/spaa/configurejob.md @@ -90,10 +90,13 @@ Create a Connection Profile and set the following information on the User Creden C:\Program Files (x86)\STEALTHbits\StealthAUDIT\PrivateAssemblies\spaa_cert_myorg.pfx,PasswordGoesHere,0 - **NOTE:** `PasswordGoesHere` should be replaced with the password used when generating the + :::note + `PasswordGoesHere` should be replaced with the password used when generating the self-signed X.509 certificate if the Microsoft Entra ID Application was Registered and Provisioned manually or the $appPassword parameter used in the SP_RegisterAzureAppAuth Instant Job if that method was used. + ::: + Once the Connection Profile is created, it is time to create the custom host list. See the [Connection](/docs/accessanalyzer/11.6/admin/settings/connection/overview.md) diff --git a/docs/accessanalyzer/11.6/admin/datacollector/spaa/dlpauditsettings.md b/docs/accessanalyzer/11.6/admin/datacollector/spaa/dlpauditsettings.md index 39cc16cf7f..c55d648a6a 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/spaa/dlpauditsettings.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/spaa/dlpauditsettings.md @@ -9,10 +9,13 @@ sidebar_position: 90 The DLP Audit Settings page is where sensitive data discovery settings are configured. It is a wizard page for the category of Scan For Sensitive Content. -**CAUTION:** Users should not change scans in a way that would result in less data being returned on +:::warning +Users should not change scans in a way that would result in less data being returned on a subsequent scan (i.e. scanning fewer web applications, scanning fewer site collections, or a shallower depth scan). Those resources not included in a subsequent scan are marked as deleted in the Tier 2 database and subsequently removed from the Tier 1 database. +::: + ![DLP Audit Settings page](/img/product_docs/accessanalyzer/11.6/admin/datacollector/spaa/dlpauditsettings.webp) @@ -32,10 +35,13 @@ Use the radio buttons to select the **File types to scan**: - Scan image files for OCR content – Use optical character recognition to scan image files for sensitive data content - **NOTE:** The OCR option is intended to work for clear scanned physical documents or documents + :::note + The OCR option is intended to work for clear scanned physical documents or documents directly converted to images, with standard fonts. It will not work for scanning photos of documents and may not be able to recognize text on images of credit cards, driver's licenses, or other identity cards. + ::: + Use the checkboxes to select to **Store Match Hits**: @@ -45,6 +51,8 @@ Use the checkboxes to select to **Store Match Hits**: - Limit stored matches per criteria to [number] – Enabled when the Store discovered sensitive data checkbox is selected. Limits the number of stored matches per criteria to the specified number. -_Remember,_ the sensitive data discovery options require the Sensitive Data Discovery Add-On to be +:::tip +Remember, the sensitive data discovery options require the Sensitive Data Discovery Add-On to be installed on the Enterprise Auditor Console. If the SharePoint Agent is used, then it must also be installed on the application server that hosts the Central Administration component. +::: diff --git a/docs/accessanalyzer/11.6/admin/datacollector/spaa/droptables.md b/docs/accessanalyzer/11.6/admin/datacollector/spaa/droptables.md index a7c5fd3060..9f387db064 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/spaa/droptables.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/spaa/droptables.md @@ -20,19 +20,22 @@ topic for additional information. Navigate to the **Jobs** > **SP_DropTables** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Applying these analysis tasks will result in the deletion of collected data. +:::warning +Applying these analysis tasks will result in the deletion of collected data. +::: + ![SP_DropTables Job Analysis tasks](/img/product_docs/accessanalyzer/11.6/admin/datacollector/spaa/droptablesanalysis.webp) The default analysis tasks are: -- 1. Drop SPAA functions – Removes all functions and views from previous runs of the SharePoint +- **1. Drop SPAA functions** – Removes all functions and views from previous runs of the SharePoint Solution -- 2. Drop SPAC imports – Drops the SharePoint Activity Auditing tables imported from the previous +- **2. Drop SPAC imports** – Drops the SharePoint Activity Auditing tables imported from the previous runs -- 3. Drop SPDLP Tables – Drops the SharePoint Sensitive Data Discovery Auditing (SEEK) tables +- **3. Drop SPDLP Tables** – Drops the SharePoint Sensitive Data Discovery Auditing (SEEK) tables imported from the previous runs -- 4. Drop SPAA Tables – Drops the SharePoint Access Auditing tables imported from the previous +- **4. Drop SPAA Tables** – Drops the SharePoint Access Auditing tables imported from the previous runs Do not try to run these tasks separately, as they are designed to work together. Follow these steps @@ -46,7 +49,10 @@ status will be visible from the **Running Jobs** node. **Step 3 –** When the job has completed, return to the Analysis Selection Pane and click **Select All** to deselect these analysis tasks. -**_RECOMMENDED:_** Do not leave these analysis tasks checked in order to avoid accidental data loss. +:::info +Do not leave these analysis tasks checked in order to avoid accidental data loss. +::: + All of these tables have been dropped from the SQL Server database and the data is no longer available. diff --git a/docs/accessanalyzer/11.6/admin/datacollector/spaa/overview.md b/docs/accessanalyzer/11.6/admin/datacollector/spaa/overview.md index 8330c5ba18..846b020647 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/spaa/overview.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/spaa/overview.md @@ -13,7 +13,7 @@ available with a special Enterprise Auditor license. See the [SharePoint Solution](/docs/accessanalyzer/11.6/solutions/sharepoint/overview.md) topic for additional information. The SPAA Data Collector has the following requirements: -Protocols +**Protocols** - MS SQL - Remote Registry @@ -21,19 +21,19 @@ Protocols - SP Server API - WCF AUTH via TCP (configurable) -Ports +**Ports** - Ports vary based on the Scan Mode selected and target environment. See the [SharePoint Scan Options](/docs/accessanalyzer/11.6/requirements/sharepoint/scanoptions/scanoptions.md) topic for additional information. -Permissions +**Permissions** - Permissions vary based on the Scan Mode selected and target environment. See the [SharePoint Support](/docs/accessanalyzer/11.6/requirements/sharepoint/sharepoint/sharepoint.md) topic for additional information. -Sensitive Data Discovery Considerations +**Sensitive Data Discovery Considerations** The Sensitive Data Discovery Add-On must be installed on the Enterprise Auditor Console server, which enables Sensitive Data criteria for scans. If running Sensitive Data Discovery (SDD) scans, it @@ -41,8 +41,11 @@ will be necessary to increase the minimum amount of RAM. Each thread requires a additional GB of RAM per host. For example, if the job is configured to scan 8 hosts at a time , then an extra 16 GB of RAM are required (8x2=16). -_Remember,_ if employing the Enterprise Auditor SharePoint Agent, it is also necessary for the +:::tip +Remember, if employing the Enterprise Auditor SharePoint Agent, it is also necessary for the Sensitive Data Discovery Add-on to be installed on the server where the agent is installed. +::: + ## SPAA Query Configuration diff --git a/docs/accessanalyzer/11.6/admin/datacollector/spaa/scanscopingoptions.md b/docs/accessanalyzer/11.6/admin/datacollector/spaa/scanscopingoptions.md index b3c86473d9..ae15082b47 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/spaa/scanscopingoptions.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/spaa/scanscopingoptions.md @@ -23,7 +23,10 @@ The options on the Scan Scoping Options page are: [Scoping to SharePoint Host Named Site Collections](#scoping-to-sharepoint-host-named-site-collections) topic for additional information. - **NOTE:** If sites are included in the Scope box, all other sites are excluded from the scan. + :::note + If sites are included in the Scope box, all other sites are excluded from the scan. + ::: + - Import CSV – Opens a file explorer to browse for a CSV file - Scope box – Lists all added URLs @@ -92,6 +95,9 @@ A new host folder is created for each Virtual Host in `Jobs/SA_CommonData/SHAREP will also see a separate line on the Running Instances tab for each Virtual Host included in the scan. -**NOTE:** The Host List for Bulk Import should be configured to contain each Virtual Host included +:::note +The Host List for Bulk Import should be configured to contain each Virtual Host included in the above scan using the `HOSTNAME#DESIGNATOR` format. After Bulk Import, the data contained in Tier 1 Database tables and views will resemble a scan run against multiple hosts. + +::: diff --git a/docs/accessanalyzer/11.6/admin/datacollector/spaa/selectdlpcriteria.md b/docs/accessanalyzer/11.6/admin/datacollector/spaa/selectdlpcriteria.md index 2741f5c136..04a8b74e50 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/spaa/selectdlpcriteria.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/spaa/selectdlpcriteria.md @@ -14,10 +14,13 @@ the application server that hosts the Central Administration component. See the [Sensitive Data Discovery Add-On Installation](/docs/accessanalyzer/11.6/install/sensitivedatadiscovery/overview.md) topic for additional information. -**CAUTION:** Users should not change scans in a way that would result in less data being returned on +:::warning +Users should not change scans in a way that would result in less data being returned on a subsequent scan (i.e. scanning fewer web applications, scanning fewer site collections, or a shallower depth scan). Those resources not included in a subsequent scan are marked as deleted in the Tier 2 database and subsequently removed from the Tier 1 database. +::: + ![Select DLP criteria for this scan page](/img/product_docs/accessanalyzer/11.6/admin/datacollector/spaa/selectdlpcriteria.webp) @@ -36,8 +39,11 @@ The options on the Select DLP Criteria page are: The table contains the following types of criteria: -**NOTE:** Until the Sensitive Data Discovery Add-On is installed, only the headers for the System +:::note +Until the Sensitive Data Discovery Add-On is installed, only the headers for the System Criteria and User Criteria nodes are visible in the table. +::: + - System Criteria – Lists pre-defined criteria - User Criteria – Lists user-defined criteria diff --git a/docs/accessanalyzer/11.6/admin/datacollector/spaa/settings.md b/docs/accessanalyzer/11.6/admin/datacollector/spaa/settings.md index f4b78b8b69..5b4bc6335e 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/spaa/settings.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/spaa/settings.md @@ -12,10 +12,13 @@ a wizard page for the categories of: - Scan SharePoint Access - Scan For Sensitive Content -**CAUTION:** Users should not change scans in a way that would result in less data being returned on +:::warning +Users should not change scans in a way that would result in less data being returned on a subsequent scan (i.e. scanning fewer web applications, scanning fewer site collections, or a shallower depth scan). Those resources not included in a subsequent scan are marked as deleted in the Tier 2 database and subsequently removed from the Tier 1 database. +::: + ![SharePoint data collection settings page](/img/product_docs/accessanalyzer/11.6/admin/datacollector/spaa/datacollectionsettings.webp) @@ -45,14 +48,20 @@ query treats personal sites to which it does not have access: Administrator role for SharePoint Online or be a Farm Administrator for SharePoint on premise. This permission is required to facilitate altering the administrators of site collections. - **NOTE:** The Microsoft SharePoint API employed to remove personal Site Collection + :::note + The Microsoft SharePoint API employed to remove personal Site Collection Administrator is unreliable, and occasionally the scanning account is left as a Site Collection Administrator of personal sites. This may leave the scanning account visible to SharePoint users on the permissions of the files in their personal sites. + ::: + - **_RECOMMENDED:_** Only use this option if that account is clearly identifiable as an + :::info + Only use this option if that account is clearly identifiable as an administrative account, and users are advised of the possibility that the account could appear on the permissions of their personal site collection documents. + ::: + - Force Company Administrator as admin of inaccessible personal sites – Make the special Company Administrator account an administrator of any personal sites to which it does not have access @@ -64,8 +73,11 @@ query treats personal sites to which it does not have access: Administrator role for SharePoint Online or be a Farm Administrator for SharePoint on premise. This permission is required to facilitate altering the administrators of site collections. - **NOTE:** The Company Administrator account is a special SharePoint Online and SharePoint + :::note + The Company Administrator account is a special SharePoint Online and SharePoint 2013 group which contains all accounts which have the Global Administrators role. + ::: + The **Extract Document Tags** option enables the collection of metadata tags from Microsoft Office files in SharePoint. Since this option requires the retrieval and scanning of each document, it diff --git a/docs/accessanalyzer/11.6/admin/datacollector/spaa/standardtables.md b/docs/accessanalyzer/11.6/admin/datacollector/spaa/standardtables.md index 4715b4108f..603a9528c6 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/spaa/standardtables.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/spaa/standardtables.md @@ -14,7 +14,7 @@ SPAA Data Collector writes data to these tables regardless of the job executing The tables and their associated views are grouped by types. -Structure Tables +**Structure Tables** | Tables | Details | | ----------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | @@ -26,14 +26,14 @@ Structure Tables | SA_SPAA_WebApplications | Contains a list of web applications audited. | | SA_SPAA_WebAppURls | Contains a list of URLs for each web application audited. | -Trustee Tables +**Trustee Tables** | Tables | Details | | --------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | SA_SPAA_Trustees | Contains information about any domain user, group, or security principal that has been assigned permissions. This table does not contain local user and groups, as none of the trustees in this table are specific to any one host. | | SA_SPAA_TrusteeGroupMembers | Table contains information on SharePoint group membership. | -Access Calculation Tables +**Access Calculation Tables** | Tables | Details | | ---------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | @@ -42,14 +42,14 @@ Access Calculation Tables | SA_SPAA_RolesProxy | Contains a mapping of role sets to individually assigned role definitions. A role set is a distinct set of roles that are applied to one or more resources. | | SA_SPAA_WebAppPolicies | Contains summarized rights for every trustee in a web application policy. Each policy refers to a specific URL within that web application. | -Calculated Tables +**Calculated Tables** | Tables | Details | | ---------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | SA_SPAA_Exceptions | Contains information about security issues and concerns. One out-of-the-box exception stored inside this table is the Open Resource exception, which identifies where resources are open to Everyone, Authenticated Users, or Domain Users. | | SA_SPAA_ExceptionTypes | Contains summary information about exceptions. It details how many exceptions are found on each host scanned and breaks them down by exception type. | -Content Tables +**Content Tables** | Tables | Details | | ------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | @@ -63,7 +63,7 @@ the SPAA Data Collector. They contain additional information for building querie following is an explanation of the corresponding views created for some of the tables generated by the SPAA Data Collector: -Permission Views +**Permission Views** | Views | Details | | ----------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | @@ -72,26 +72,26 @@ Permission Views | SA_SPAA_EffectiveAccessView | Provides information on every trustee with access to a resource and the trustee’s level of access. This will do complete group expansion, but also take into account security principals such as Authenticated Users. Also, this view will not just expand permissions; it will calculate access by making sure every user has access to the web application. | | SA_SPAA_WebAppPoliciesView | Provides details around the web application policies that are applied to the audited SharePoint environment. These policies allow or deny access to the entire web application for the specified trustees. | -Resources Views +**Resources Views** | Views | Details | | ------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | SA_SPAA_SiteCollectionsView | Provides information about each site collection. | | SA_SPAA_SiteCollectionsTraversalView | Provides information about resources and about navigation of these resources, such as their URL, the site collection they belong to, how deeply nested they are beneath the site collection, and so on. | -Calculated Views +**Calculated Views** | Views | Details | | ---------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | SA_SPAA_ExceptionsView | Provides information on instances of exceptions that exist on the audited hosts. This view will contain a row for each exception type for each host. Exceptions are specific conditions set forth by Enterprise Auditor that are considered to be issues, such as folders with open access. | -Additional Views +**Additional Views** | Views | Details | | ----------------------------- | ---------------------------------------------------------------------------------------------- | | SA_SPAA_LocalGroupMembersView | Provides information on the local groups present on each host and the members of those groups. | -Legacy Views +**Legacy Views** | Views | Details | | -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | @@ -101,7 +101,7 @@ Legacy Views The tables and their associated views are: -Activity Changes Tables (SPAC) +**Activity Changes Tables (SPAC)** | Tables | Details | | ----------------------- | -------------------------------------------------------------------------------------- | @@ -115,7 +115,7 @@ SPAA Data Collector. They contain additional information for building queries ea is an explanation of the corresponding views created for some of the tables generated by the SPAA Data Collector: -Activity Changes Views (SPAC) +**Activity Changes Views (SPAC)** | Views | Details | | -------------------------- | --------------------------------------------- | @@ -125,9 +125,12 @@ Activity Changes Views (SPAC) The tables and their associated views are: -**NOTE:** Lists and libraries are excluded from Sensitive Data Discovery Auditing. +:::note +Lists and libraries are excluded from Sensitive Data Discovery Auditing. +::: -SPDLP Tables + +**SPDLP Tables** | Tables | Details | | ------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | @@ -140,7 +143,7 @@ SPAA Data Collector. They contain additional information for building queries ea is an explanation of the corresponding views created for some of the tables generated by the SPAA Data Collector: -SPDLP Views +**SPDLP Views** | Views | Details | | ---------------------- | ------------------------------------------------------------------------------------------- | diff --git a/docs/accessanalyzer/11.6/admin/datacollector/spaa/summary.md b/docs/accessanalyzer/11.6/admin/datacollector/spaa/summary.md index ed9b2b648f..07bde9676b 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/spaa/summary.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/spaa/summary.md @@ -9,7 +9,7 @@ sidebar_position: 150 The Summary page is where configuration settings are summarized. It is a wizard page for all of the categories. --![Summary Page](/img/product_docs/accessanalyzer/11.6/admin/datacollector/spaa/summarypage.webp) +**-![Summary Page](/img/product_docs/accessanalyzer/11.6/admin/datacollector/spaa/summarypage.webp)** Click **Finish** to save configuration changes. If no changes were made, it is a best practice to click **Cancel** to close the SharePoint Access Auditor Data Collector Wizard ensuring that no diff --git a/docs/accessanalyzer/11.6/admin/datacollector/sql/category.md b/docs/accessanalyzer/11.6/admin/datacollector/sql/category.md index 0b255357b4..1318f09054 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/sql/category.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/sql/category.md @@ -25,11 +25,14 @@ The query categories are: - Sensitive Data Collection – Scan databases for sensitive data - **NOTE:** The Sensitive Data category options require the Sensitive Data Discovery Add-on to + :::note + The Sensitive Data category options require the Sensitive Data Discovery Add-on to have been installed on the Enterprise Auditor Console before the SQL Data Collector can collect sensitive data. See the [Sensitive Data Discovery Add-On Installation](/docs/accessanalyzer/11.6/install/sensitivedatadiscovery/overview.md) topic for additional information. + ::: + - Microsoft SQL Server diff --git a/docs/accessanalyzer/11.6/admin/datacollector/sql/criteria.md b/docs/accessanalyzer/11.6/admin/datacollector/sql/criteria.md index c50894179b..405435a4a9 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/sql/criteria.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/sql/criteria.md @@ -32,8 +32,11 @@ The options on the Criteria page are: The table contains the following types of criteria: -**NOTE:** Until the Sensitive Data Discovery Add-On is installed, only the headers for the System +:::note +Until the Sensitive Data Discovery Add-On is installed, only the headers for the System Criteria and User Criteria nodes are visible in the table. +::: + - System Criteria – Lists pre-defined criteria - User Criteria – Lists user-defined criteria @@ -43,6 +46,9 @@ Criteria and User Criteria nodes are visible in the table. [Sensitive Data Criteria Editor](/docs/accessanalyzer/11.6/sensitivedatadiscovery/criteriaeditor/overview.md) topic for additional information. -**NOTE:** Adding unnecessary criteria can adversely impact the scanner performance and can cause the +:::note +Adding unnecessary criteria can adversely impact the scanner performance and can cause the scanning job to take a long time. If performance is adversely affected, revisit the sensitive data scanning criteria and remove criteria that is not required. + +::: diff --git a/docs/accessanalyzer/11.6/admin/datacollector/sql/options.md b/docs/accessanalyzer/11.6/admin/datacollector/sql/options.md index b50780b328..8ca9a47f7f 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/sql/options.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/sql/options.md @@ -39,7 +39,7 @@ gathering server audits. This is a page for the Sensitive Data Collection catego The sensitive data scan settings are: -Scan Options +**Scan Options** - Scan tables for sensitive data – Scans the tables within the database for sensitive data @@ -47,7 +47,7 @@ Scan Options - Scan views for sensitive data – Scans views for sensitive data -Data Settings +**Data Settings** - Scan individual columns for sensitive data – Scans individual columns within the database for sensitive data @@ -56,7 +56,7 @@ Data Settings - Limit rows to scan – Select the number of rows to scan for sensitive data. Select the **Use random sampling** checkbox to enable random sampling for checking for sensitive data. -Meta Data Options +**Meta Data Options** - Scan database names for sensitive data – Scans database names for sensitive data if the database names are included as part of the keyword list in the scanning criteria @@ -66,27 +66,35 @@ Meta Data Options This scans all column names of every table for sensitive data if the column names are included as part of the keyword list in the scanning criteria. -Large Data Type Options +**Large Data Type Options** - Included binary data types (BLOB, NLOB, LONGRAW, VARBINARY) – Select to include the listed binary data types - Include character data types (NCLOB, CLOB, LONG) – Select to include the listed character data types -SDD Options +**SDD Options** - Store discovered sensitive data – Stores potentially sensitive data in the Enterprise Auditor database. Any sampled sensitive data discovered based on the matched criteria is stored in the Enterprise Auditor database. This functionality can be disabled by clearing this option. - **NOTE:** The **Store discovered sensitive data** option is required to view Content Audit + :::note + The **Store discovered sensitive data** option is required to view Content Audit reports in the Access Information Center for SQL data. + ::: - **CAUTION:** Changing scan options, criteria, or filters when resuming a scan may prevent the + + :::warning + Changing scan options, criteria, or filters when resuming a scan may prevent the can from resuming properly. + ::: + - Resume scan from last point on error – Resumes scan from where the previous scan left off when the previous scan was stopped as a result of an error -_Remember,_ the Sensitive Data Discovery Add-on is required to use the sensitive data collection +:::tip +Remember, the Sensitive Data Discovery Add-on is required to use the sensitive data collection option. +::: diff --git a/docs/accessanalyzer/11.6/admin/datacollector/sql/overview.md b/docs/accessanalyzer/11.6/admin/datacollector/sql/overview.md index 03471f3f98..69cbc51c77 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/sql/overview.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/sql/overview.md @@ -23,11 +23,11 @@ for additional information: - [Redshift Solution](/docs/accessanalyzer/11.6/solutions/databases/redshift/overview.md) - [SQL Job Group](/docs/accessanalyzer/11.6/solutions/databases/sql/overview.md) -Protocols +**Protocols** TCP -Ports +**Ports** For Db2: @@ -49,7 +49,7 @@ For SQL: - Specified by Instances table (default is 1433) -Permissions +**Permissions** For MySQL: @@ -95,12 +95,12 @@ For SQL: - Grant Control Server to [DOMAIN\USER] (specifically required for the Weak Passwords Job) See the -[Azure SQL Auditing Configuration](/docs/accessanalyzer/11.6/requirements/databases/databasesql/azuresqlaccess.md) +[Azure SQL Auditing Configuration](/docs/accessanalyzer/11.6/requirements/databases/sql/azuresqlaccess.md) topic and the -[AzureSQL Target Least Privilege Model](/docs/accessanalyzer/11.6/requirements/databases/databasesql/databaseazuresql.md) +[AzureSQL Target Least Privilege Model](/docs/accessanalyzer/11.6/requirements/databases/sql/azuresql.md) topic for additional information. -Sensitive Data Discovery Considerations +**Sensitive Data Discovery Considerations** The Sensitive Data Discovery Add-On must be installed on the Enterprise Auditor Console server, which enables Sensitive Data criteria for scans. If running Sensitive Data Discovery (SDD) scans, it @@ -113,8 +113,11 @@ then an extra 16 GB of RAM are required (8x2=16). The SQL Data Collector is configured through the SQL Data Collector Wizard. The wizard contains the following pages, which change based upon the query category selected: -**NOTE:** The SQL Data Collector is used in multiple Enterprise Auditor Solutions, and the query +:::note +The SQL Data Collector is used in multiple Enterprise Auditor Solutions, and the query categories used are dependent on the solution. +::: + - [SQL: Category](/docs/accessanalyzer/11.6/admin/datacollector/sql/category.md) - [SQL: Options](/docs/accessanalyzer/11.6/admin/datacollector/sql/options.md) diff --git a/docs/accessanalyzer/11.6/admin/datacollector/systeminfo/options.md b/docs/accessanalyzer/11.6/admin/datacollector/systeminfo/options.md index 0936bd02ec..716e500058 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/systeminfo/options.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/systeminfo/options.md @@ -13,8 +13,11 @@ categories of: - Network Interface (NIC) - Open File Shares -**NOTE:** This is a legacy feature, as it is more efficient to use the **FileSystemAccess** (FSAA) +:::note +This is a legacy feature, as it is more efficient to use the **FileSystemAccess** (FSAA) Data Collector to gather this information. +::: + ## File Shares and Open File Shares diff --git a/docs/accessanalyzer/11.6/admin/datacollector/systeminfo/overview.md b/docs/accessanalyzer/11.6/admin/datacollector/systeminfo/overview.md index 5bce287c6c..cdbf2941ec 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/systeminfo/overview.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/systeminfo/overview.md @@ -14,18 +14,18 @@ license. See the [Windows Solution](/docs/accessanalyzer/11.6/solutions/windows/overview.md) topic for additional information. -Protocols +**Protocols** - Remote Registry - RPC - WMI -Ports +**Ports** - TCP 135-139 - Randomly allocated high TCP ports -Permissions +**Permissions** - Member of the Local Administrators group diff --git a/docs/accessanalyzer/11.6/admin/datacollector/systeminfo/probableowner.md b/docs/accessanalyzer/11.6/admin/datacollector/systeminfo/probableowner.md index 82027d13d3..d5209d9398 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/systeminfo/probableowner.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/systeminfo/probableowner.md @@ -11,7 +11,7 @@ This page is enabled when the **Probable Owner** property is selected on the Res ![System Info Data Collector Wizard Probable Owner page](/img/product_docs/accessanalyzer/11.6/admin/datacollector/systeminfo/probableowner.webp) -Determine owner +**Determine owner** In the Determine owner section, select from the following options: @@ -27,7 +27,7 @@ In the Determine owner section, select from the following options: The Result weights box displays the custom weights set in the Probable Owner Settings window. -Exclude users list +**Exclude users list** In the Exclude users list section, select from the following checkboxes: @@ -48,7 +48,7 @@ Click **Set Users to Exclude** to open the Probable Owner Settings window: - Import from file – Select **Import from file** to open the Import File Dialog and import files to add to the excluded users list -Output options +**Output options** In the Output options section, select from the following options: diff --git a/docs/accessanalyzer/11.6/admin/datacollector/textsearch/overview.md b/docs/accessanalyzer/11.6/admin/datacollector/textsearch/overview.md index b3297cea20..57601553fd 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/textsearch/overview.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/textsearch/overview.md @@ -13,16 +13,16 @@ the Windows Solution is only available with a special Enterprise Auditor license [Windows Solution](/docs/accessanalyzer/11.6/solutions/windows/overview.md) topic for additional information. -Protocols +**Protocols** - RPC -Ports +**Ports** - TCP 135-139 - Randomly allocated high TCP ports -Permissions +**Permissions** - Member of the Local Administrators group diff --git a/docs/accessanalyzer/11.6/admin/datacollector/textsearch/sourcefiles.md b/docs/accessanalyzer/11.6/admin/datacollector/textsearch/sourcefiles.md index 1849eae668..ef9d9e53c1 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/textsearch/sourcefiles.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/textsearch/sourcefiles.md @@ -10,7 +10,7 @@ The Source Files page provides options to specify which files to search. ![Text Search Data Collector Wizard Source Files page](/img/product_docs/accessanalyzer/11.6/admin/datacollector/textsearch/sourcefiles.webp) -Location +**Location** The Location section provides options to scope the search. @@ -31,7 +31,7 @@ The Location section provides options to scope the search. - Query 32-bit – Select this checkbox to query a 32-bit view - Query 64-bit – Select this checkbox to query a 64-bit view -Files +**Files** The Files section provides options to define the object or set of objects to find. @@ -50,14 +50,14 @@ The Files section provides options to define the object or set of objects to fin - First line is header captions line – Enabled when CSV, TSV, or Space Separated Text is selected -Options +**Options** The Options section provides options to scope the search. - Ignore files larger than [number]MB - Include subfolders -Last Modification Time Filter +**Last Modification Time Filter** The Last Modification Time Filter section provides options to apply time filters to the search. diff --git a/docs/accessanalyzer/11.6/admin/datacollector/unix/overview.md b/docs/accessanalyzer/11.6/admin/datacollector/unix/overview.md index 10563012f0..8b4323b74c 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/unix/overview.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/unix/overview.md @@ -13,21 +13,21 @@ See the [Unix Solution](/docs/accessanalyzer/11.6/solutions/unix/overview.md) topic for additional information. -Protocols +**Protocols** - SSH -Ports +**Ports** - TCP 22 - User configurable -Permissions +**Permissions** - Root permissions in Unix/Linux If the Root permission is unavailable, a least privileged model can be used. See the -[Least Privilege Model](/docs/accessanalyzer/11.6/requirements/unix/unix_1.md#least-privilege-model) +[Least Privilege Model](/docs/accessanalyzer/11.6/requirements/unix/target.md#least-privilege-model) topic additional information. ## Unix Query Configuration diff --git a/docs/accessanalyzer/11.6/admin/datacollector/usersgroups/overview.md b/docs/accessanalyzer/11.6/admin/datacollector/usersgroups/overview.md index 88f68f9775..1eaeb6c398 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/usersgroups/overview.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/usersgroups/overview.md @@ -14,19 +14,19 @@ collector and the solution are available with a special Enterprise Auditor licen [Windows Solution](/docs/accessanalyzer/11.6/solutions/windows/overview.md) topic for additional information. -Protocols +**Protocols** - RPC - SMBV2 - WMI -Ports +**Ports** - TCP 135-139 - Randomly allocated high TCP ports - 445 -Permissions +**Permissions** - Member of the Local Administrators group diff --git a/docs/accessanalyzer/11.6/admin/datacollector/usersgroups/results/groups.md b/docs/accessanalyzer/11.6/admin/datacollector/usersgroups/results/groups.md index fea879faeb..451bf3c2af 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/usersgroups/results/groups.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/usersgroups/results/groups.md @@ -25,10 +25,16 @@ In the Groups section, select from the following options: In the Additional Properties section, select the **What rights does this group have?** checkbox to return rights for the selected groups. -**CAUTION:** The number of offline Groups can significantly increase the time for a scan. +:::warning +The number of offline Groups can significantly increase the time for a scan. +::: -**_RECOMMENDED:_** For large networks, configure the length of time for a scan when Groups are + +:::info +For large networks, configure the length of time for a scan when Groups are offline. +::: + - Retry Attempts [number] - Retry Interval [number] seconds diff --git a/docs/accessanalyzer/11.6/admin/datacollector/usersgroups/results/security.md b/docs/accessanalyzer/11.6/admin/datacollector/usersgroups/results/security.md index e2e80b48ed..455535326a 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/usersgroups/results/security.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/usersgroups/results/security.md @@ -23,11 +23,17 @@ Select from the following options for what data will be returned: - Audit Policy – Returns an audit policy audit for the target - Account Lockout Policy – Returns an account lockout policy audit for the target -**CAUTION:** The number of offline hosts with policies can significantly increase the time for a +:::warning +The number of offline hosts with policies can significantly increase the time for a scan. +::: -**_RECOMMENDED:_** For large networks, configure the length of time for a scan when hosts with + +:::info +For large networks, configure the length of time for a scan when hosts with policies are offline. +::: + - Retry Attempts [number] - Retry Interval [number] seconds diff --git a/docs/accessanalyzer/11.6/admin/datacollector/usersgroups/results/users.md b/docs/accessanalyzer/11.6/admin/datacollector/usersgroups/results/users.md index 0bb6cde0f2..e1f0dc4042 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/usersgroups/results/users.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/usersgroups/results/users.md @@ -43,10 +43,16 @@ information on user objects: Click **Select all** to select all properties. Click **Clear all** to deselect all properties -**CAUTION:** The number of offline Users can significantly increase the time for a scan. +:::warning +The number of offline Users can significantly increase the time for a scan. +::: -**_RECOMMENDED:_** For large networks, configure the length of time for a scan when Users are + +:::info +For large networks, configure the length of time for a scan when Users are offline. +::: + - Retry Attempts [number] - Retry Interval [number] seconds diff --git a/docs/accessanalyzer/11.6/admin/datacollector/wmicollector/overview.md b/docs/accessanalyzer/11.6/admin/datacollector/wmicollector/overview.md index 31ce031e04..dcffce1989 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/wmicollector/overview.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/wmicollector/overview.md @@ -14,17 +14,17 @@ See the [Windows Solution](/docs/accessanalyzer/11.6/solutions/windows/overview.md) topic for additional information. -Protocols +**Protocols** - RPC - WMI -Ports +**Ports** - TCP 135-139 - Randomly allocated high TCP ports -Permissions +**Permissions** - Member of the Local Administrators group diff --git a/docs/accessanalyzer/11.6/admin/hostdiscovery/queries.md b/docs/accessanalyzer/11.6/admin/hostdiscovery/queries.md index b10efaf6da..2a49eed0a2 100644 --- a/docs/accessanalyzer/11.6/admin/hostdiscovery/queries.md +++ b/docs/accessanalyzer/11.6/admin/hostdiscovery/queries.md @@ -26,7 +26,10 @@ The list of previously configured queries is provided in a table format with the - Cumulative – Grows the host list by appending newly discovered hosts with each query execution - Snapshot – Only shows host found during the most recent query execution - **NOTE:** The Snapshot mode is configured on the Options page of the Host Discovery Wizard. + :::note + The Snapshot mode is configured on the Options page of the Host Discovery Wizard. + ::: + ## View Hidden Columns diff --git a/docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/addomaincontrollers.md b/docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/addomaincontrollers.md index b0878c73ed..a87fbdcb3e 100644 --- a/docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/addomaincontrollers.md +++ b/docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/addomaincontrollers.md @@ -10,7 +10,7 @@ Follow the steps to create a Host Discovery query using the **Query an Active Di (Discover Domain Controllers)** source option. This option scans the default domain controller or a specified server but is scoped to return only machines that are domain controllers. -![Host Discovey Wizard Source page for AD Domain Controllers query](/img/product_docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/source.webp) +![Host Discovey Wizard Source page for AD Domain Controllers query](/img/product_docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/source_2.webp) **Step 1 –** Open the Host Discovery Wizard. On the Source page, select the **Query an Active Directory server (Discover Domain Controllers)** option. Click **Next**. @@ -76,8 +76,11 @@ Click **Next** to continue. the Host Discovery query prior to executing a job that has the host list generated by this query assigned. This ensures any new hosts have been discovered and are available for auditing. - **_RECOMMENDED:_** Use this setting only for host lists tied to specific jobs that require + :::info + Use this setting only for host lists tied to specific jobs that require up-to-date host lists. + ::: + - Query Result Retention – Select how to maintain the host list generated by this discovery query: @@ -89,7 +92,7 @@ Click **Next** to continue. Click **Next** to continue. -![Host Discovey Wizard Inventory page for AD Domain Controllers query](/img/product_docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/inventory.webp) +![Host Discovey Wizard Inventory page for AD Domain Controllers query](/img/product_docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/inventory_2.webp) **Step 5 –** On the Inventory page, the host inventory process can be automatically included with the discovery query. diff --git a/docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/adexchange.md b/docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/adexchange.md index a51598366c..28dbdea1a4 100644 --- a/docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/adexchange.md +++ b/docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/adexchange.md @@ -11,7 +11,7 @@ Follow the steps to create a Host Discovery query using the Query an Active Dire specified server but is scoped to return only computer objects residing in the configuration container for Exchange servers. -![Host Discovery Wizard Source page for AD Exchange](/img/product_docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/source.webp) +![Host Discovery Wizard Source page for AD Exchange](/img/product_docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/source_5.webp) **Step 1 –** Open the Host Discovery Wizard. On the Source Page, select the **Query an Active Directory server (Discover Exchange servers)** option. Click **Next**. @@ -56,8 +56,11 @@ topic for instructions. Click **Next**. the Host Discovery query prior to executing a job that has the host list generated by this query assigned. This ensures any new hosts have been discovered and are available for auditing. - **_RECOMMENDED:_** Use this setting only for host lists tied to specific jobs that require + :::info + Use this setting only for host lists tied to specific jobs that require up-to-date host lists. + ::: + - Query Result Retention – Select how to maintain the host list generated by this discovery query: @@ -69,7 +72,7 @@ topic for instructions. Click **Next**. Click **Next** to continue. -![Host Discovery Wizard Inventory page for AD Exchange](/img/product_docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/inventory.webp) +![Host Discovery Wizard Inventory page for AD Exchange](/img/product_docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/inventory_5.webp) **Step 5 –** On the Inventory page, the host inventory process can be automatically included with the discovery query. diff --git a/docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/adgeneral.md b/docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/adgeneral.md index c45638cdab..5d1febe6b0 100644 --- a/docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/adgeneral.md +++ b/docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/adgeneral.md @@ -11,7 +11,7 @@ Follow the steps to create a Host Discovery query using the Query an Active Dire all computer objects. The query can be scoped to only return computer objects in specified containers or individual computer objects. See Step 3 for additional information. -![Host Discovery Wizard Source page for AD General](/img/product_docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/source.webp) +![Host Discovery Wizard Source page for AD General](/img/product_docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/source_4.webp) **Step 1 –** Open the Host Discovery Wizard. On the Source page, select the **Query an Active Directory server (General)** option. Click **Next**. @@ -43,7 +43,10 @@ Click **Next** to continue. **Step 3 –** On the Active Directory page, identify the organizational units (OUs) to scan. -**_RECOMMENDED:_** Scope the query when using this source option. +:::info +Scope the query when using this source option. +::: + - Connection – Select the server to connect to and search for computer objects using the radio buttons: @@ -77,8 +80,11 @@ Click **Next** to continue. the Host Discovery query prior to executing a job that has the host list generated by this query assigned. This ensures any new hosts have been discovered and are available for auditing. - **_RECOMMENDED:_** Use this setting only for host lists tied to specific jobs that require + :::info + Use this setting only for host lists tied to specific jobs that require up-to-date host lists. + ::: + - Query Result Retention – Select how to maintain the host list generated by this discovery query: @@ -90,7 +96,7 @@ Click **Next** to continue. Click **Next** to continue. -![Host Discovery Wizard Inventory page for AD General](/img/product_docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/inventory.webp) +![Host Discovery Wizard Inventory page for AD General](/img/product_docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/inventory_4.webp) **Step 5 –** On the Inventory page, the host inventory process can be automatically included with the discovery query. diff --git a/docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/csv.md b/docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/csv.md index 10128d91e0..51007e5301 100644 --- a/docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/csv.md +++ b/docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/csv.md @@ -9,11 +9,14 @@ sidebar_position: 50 Follow the steps to create a Host Discovery query using the **Import from a CSV file** source option. -**CAUTION:** Each time a query refresh occurs for a query with an import option set as the source, +:::warning +Each time a query refresh occurs for a query with an import option set as the source, it re-imports the host list. Therefore, deleting, renaming, or moving the import source file causes the query to fail. +::: -![Host Discovery Wizard Source page for CSV import](/img/product_docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/source.webp) + +![Host Discovery Wizard Source page for CSV import](/img/product_docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/source_3.webp) **Step 1 –** Open the Host Discovery Wizard. On the Source page, select the **Import from a CSV file** option on the Source page. Click **Next**. @@ -22,7 +25,10 @@ file** option on the Source page. Click **Next**. **Step 2 –** On the Query page, name the query and select the credentials used to access the source. -**NOTE:** The source in this case is the Enterprise Auditor Console server. +:::note +The source in this case is the Enterprise Auditor Console server. +::: + - Query Name – Provide a unique descriptive name for this query by typing over the `NEWQUERY` default name. Two queries cannot have the same name. If you use an existing name, a number is @@ -66,8 +72,11 @@ Click **Next** to continue. the Host Discovery query prior to executing a job that has the host list generated by this query assigned. This ensures any new hosts have been discovered and are available for auditing. - **_RECOMMENDED:_** Use this setting only for host lists tied to specific jobs that require + :::info + Use this setting only for host lists tied to specific jobs that require up-to-date host lists. + ::: + - Query Result Retention – Select how to maintain the host list generated by this discovery query: @@ -79,7 +88,7 @@ Click **Next** to continue. Click **Next** to continue. -![Host Discovery Wizard Inventory page for CSV import](/img/product_docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/inventory.webp) +![Host Discovery Wizard Inventory page for CSV import](/img/product_docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/inventory_3.webp) **Step 5 –** On the Inventory page, the host inventory process can be automatically included with the discovery query. diff --git a/docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/database.md b/docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/database.md index 85ab97603a..eaf9e7fb9e 100644 --- a/docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/database.md +++ b/docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/database.md @@ -9,9 +9,12 @@ sidebar_position: 60 Follow the steps to create a Host Discovery query using the **Import from a database** source option. -**CAUTION:** Each time a query refresh occurs for a query with an import option set as the source, +:::warning +Each time a query refresh occurs for a query with an import option set as the source, it re-imports the host list. Therefore, deleting, renaming, or moving the import source file causes the query to fail. +::: + ![Host Discovery Wizard Source page for database import](/img/product_docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/source.webp) @@ -93,8 +96,11 @@ Click **Next** to continue. the Host Discovery query prior to executing a job that has the host list generated by this query assigned. This ensures any new hosts have been discovered and are available for auditing. - **_RECOMMENDED:_** Use this setting only for host lists tied to specific jobs that require + :::info + Use this setting only for host lists tied to specific jobs that require up-to-date host lists. + ::: + - Query Result Retention – Select how to maintain the host list generated by this discovery query: diff --git a/docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/ipnetwork.md b/docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/ipnetwork.md index e58b78f76f..e937a8c424 100644 --- a/docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/ipnetwork.md +++ b/docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/ipnetwork.md @@ -10,7 +10,7 @@ Follow the steps to create a Host Discovery query using the Scan your IP network option scans a specified range of IP Addresses for active hosts and resolves the names of machines using DNS. -![Host Discovey Wizard Source page for IP network scan](/img/product_docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/source.webp) +![Host Discovey Wizard Source page for IP network scan](/img/product_docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/source_1.webp) **Step 1 –** Open the Host Discovery Wizard. On the Source page, select the **Scan your IP network** option. Click **Next**. @@ -87,8 +87,11 @@ Click **Next** to continue. the Host Discovery query prior to executing a job that has the host list generated by this query assigned. This ensures any new hosts have been discovered and are available for auditing. - **_RECOMMENDED:_** Use this setting only for host lists tied to specific jobs that require + :::info + Use this setting only for host lists tied to specific jobs that require up-to-date host lists. + ::: + - Query Result Retention – Select how to maintain the host list generated by this discovery query: @@ -100,7 +103,7 @@ Click **Next** to continue. Click **Next** to continue. -![Host Discovey Wizard Inventory page for IP network scan](/img/product_docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/inventory.webp) +![Host Discovey Wizard Inventory page for IP network scan](/img/product_docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/inventory_1.webp) **Step 5 –** On the Inventory page, the host inventory process can be automatically included with the discovery query. diff --git a/docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/overview.md b/docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/overview.md index b4c36a502a..61d3c3540d 100644 --- a/docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/overview.md +++ b/docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/overview.md @@ -41,5 +41,8 @@ for hosts. Hosts are discoverable using one of the following options: - [Import From a Database](/docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/database.md) – Imports a host list from a specified SQL Server database -**NOTE:** The Advanced Options checkbox in the lower-left corner is a legacy item and should not be +:::note +The Advanced Options checkbox in the lower-left corner is a legacy item and should not be selected. + +::: diff --git a/docs/accessanalyzer/11.6/admin/hostmanagement/actions/deletehost.md b/docs/accessanalyzer/11.6/admin/hostmanagement/actions/deletehost.md index 3b58bc8929..3710324072 100644 --- a/docs/accessanalyzer/11.6/admin/hostmanagement/actions/deletehost.md +++ b/docs/accessanalyzer/11.6/admin/hostmanagement/actions/deletehost.md @@ -18,9 +18,12 @@ Host(s)** on the Activities pane. ![Confirm dialog box](/img/product_docs/accessanalyzer/11.6/admin/hostmanagement/actions/confirmdeletehost.webp) -**CAUTION:** A deletion from the host master table at the Host Management node cannot be undone, as +:::warning +A deletion from the host master table at the Host Management node cannot be undone, as it deletes it from the host management database tables. It also removes the host from any host list to which it has been assigned. Click **Cancel** to stop the deletion. +::: + **Step 2 –** A dialog box asks for confirmation of the action. Click **OK** to proceed with the deletion. @@ -44,8 +47,11 @@ deletion is limited to removing the selected host from the current host list. ![Confirm deletion from master host table dialog box](/img/product_docs/accessanalyzer/11.6/admin/hostmanagement/actions/confirmdeletehostmaster.webp) -**CAUTION:** A deletion from the host master table cannot be undone, as it deletes it from the host +:::warning +A deletion from the host master table cannot be undone, as it deletes it from the host management database tables. +::: + **Step 3 –** If the host is not found in another static host list, Enterprise Auditor asks if you also want to remove the host from the Host Master Table. On the Confirm dialog, select the desired diff --git a/docs/accessanalyzer/11.6/admin/hostmanagement/actions/deletelist.md b/docs/accessanalyzer/11.6/admin/hostmanagement/actions/deletelist.md index ed4c042956..ecfa1446ad 100644 --- a/docs/accessanalyzer/11.6/admin/hostmanagement/actions/deletelist.md +++ b/docs/accessanalyzer/11.6/admin/hostmanagement/actions/deletelist.md @@ -9,13 +9,19 @@ sidebar_position: 40 Use the **Delete List** option to remove the selected list. This option is available only at an individual host list node. -**_RECOMMENDED:_** Before deleting a host list, first ensure it is not assigned to a job. +:::info +Before deleting a host list, first ensure it is not assigned to a job. +::: + **Step 1 –** In the Navigation pane, select the host list to delete and click **Delete List**. ![Confirm dialog box](/img/product_docs/accessanalyzer/11.6/admin/hostmanagement/actions/confirmdeletelist.webp) -**CAUTION:** This action cannot be undone. Click **Cancel** to stop the deletion. +:::warning +This action cannot be undone. Click **Cancel** to stop the deletion. +::: + **Step 2 –** On the Confirm dialog box, click **OK** to continue with the deletion. diff --git a/docs/accessanalyzer/11.6/admin/hostmanagement/actions/editlist.md b/docs/accessanalyzer/11.6/admin/hostmanagement/actions/editlist.md index 87d27fb341..57689630ea 100644 --- a/docs/accessanalyzer/11.6/admin/hostmanagement/actions/editlist.md +++ b/docs/accessanalyzer/11.6/admin/hostmanagement/actions/editlist.md @@ -18,8 +18,11 @@ the Specify Host List Properties page where you can modify the following: - Host List Name - **CAUTION:** Changing the name of a host list that has been assigned to a job can cause the job + :::warning + Changing the name of a host list that has been assigned to a job can cause the job to fail. + ::: + - Refresh inventory setting - Credentials used for host inventory diff --git a/docs/accessanalyzer/11.6/admin/hostmanagement/actions/export.md b/docs/accessanalyzer/11.6/admin/hostmanagement/actions/export.md index b4a5036fc9..b752cf083a 100644 --- a/docs/accessanalyzer/11.6/admin/hostmanagement/actions/export.md +++ b/docs/accessanalyzer/11.6/admin/hostmanagement/actions/export.md @@ -32,14 +32,14 @@ export option, this file will be in the same format as the data grid. The following examples show the different export format options. -Example HTML File Export +**Example HTML File Export** ![Example HTML File Export](/img/product_docs/accessanalyzer/11.6/admin/hostmanagement/actions/exportexamplehtml.webp) -Example XML File Export +**Example XML File Export** ![Example XML File Export](/img/product_docs/accessanalyzer/11.6/admin/hostmanagement/actions/exportexamplexml.webp) -Example CSV File Export +**Example CSV File Export** ![Example CSV File Export](/img/product_docs/accessanalyzer/11.6/admin/hostmanagement/actions/exportexamplecsv.webp) diff --git a/docs/accessanalyzer/11.6/admin/hostmanagement/actions/importhost.md b/docs/accessanalyzer/11.6/admin/hostmanagement/actions/importhost.md index 4d21759448..91a9fd720b 100644 --- a/docs/accessanalyzer/11.6/admin/hostmanagement/actions/importhost.md +++ b/docs/accessanalyzer/11.6/admin/hostmanagement/actions/importhost.md @@ -44,8 +44,11 @@ step. [Import From a Database](/docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/database.md) topic for additional information. - **NOTE:** The Provider, Advanced, and All tabs of the Data Link Properties window should not + :::note + The Provider, Advanced, and All tabs of the Data Link Properties window should not be modified. + ::: + - Table – Use the dropdown to select the table that contains the hosts to be imported. A preview of the selected table is displayed in the preview box. diff --git a/docs/accessanalyzer/11.6/admin/hostmanagement/actions/importlocation.md b/docs/accessanalyzer/11.6/admin/hostmanagement/actions/importlocation.md index 9475749924..6f4b1d6176 100644 --- a/docs/accessanalyzer/11.6/admin/hostmanagement/actions/importlocation.md +++ b/docs/accessanalyzer/11.6/admin/hostmanagement/actions/importlocation.md @@ -17,8 +17,11 @@ Follow the steps to import physical location data for hosts. **Step 1 –** Ensure the import source file has columns for both the host name as it is identified within Enterprise Auditor and the location. -**NOTE:** When a host name does not match any existing hosts within the Host Master Table, it can be +:::note +When a host name does not match any existing hosts within the Host Master Table, it can be added as a new host. +::: + ![Import Location option on Activities pane](/img/product_docs/accessanalyzer/11.6/admin/hostmanagement/actions/importlocation.webp) @@ -48,8 +51,11 @@ step. [Import From a Database](/docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/database.md) topic for additional information. - **NOTE:** The Provider, Advanced, and All tabs of the Data Link Properties window should not + :::note + The Provider, Advanced, and All tabs of the Data Link Properties window should not be modified. + ::: + - Table – Use the dropdown to select the table that contains the hosts to be imported. A preview of the selected table is displayed in the preview box. @@ -71,5 +77,8 @@ import file are not already in the Host Master Table, Enterprise Auditor prompts whether or not to import the host. Selecting **Yes** or **Yes to All** adds the new hosts to the Host Master Table but not to any individual host lists. -**NOTE:** Any new hosts that match dynamic host list criteria will be added to the appropriate +:::note +Any new hosts that match dynamic host list criteria will be added to the appropriate dynamic host lists. + +::: diff --git a/docs/accessanalyzer/11.6/admin/hostmanagement/actions/rename.md b/docs/accessanalyzer/11.6/admin/hostmanagement/actions/rename.md index f6dc4d652d..6790240c90 100644 --- a/docs/accessanalyzer/11.6/admin/hostmanagement/actions/rename.md +++ b/docs/accessanalyzer/11.6/admin/hostmanagement/actions/rename.md @@ -9,14 +9,20 @@ sidebar_position: 100 Use the Rename List option to change the name of a selected host list. This option is available only from an individual host list node. -**CAUTION:** Changing the name on a host list that has been assigned to a job can cause the job to +:::warning +Changing the name on a host list that has been assigned to a job can cause the job to fail. +::: + ![Host list name window](/img/product_docs/accessanalyzer/11.6/admin/hostmanagement/actions/hostlistname.webp) Select the host list to rename and click **Rename List** to open the Host list name window. Enter the new name for the host list and click **OK**. -**NOTE:** Host list names can also be changed using the **Edit List** option, see the +:::note +Host list names can also be changed using the **Edit List** option, see the [Edit List](/docs/accessanalyzer/11.6/admin/hostmanagement/actions/editlist.md) topic for additional information. + +::: diff --git a/docs/accessanalyzer/11.6/admin/hostmanagement/actions/saveview.md b/docs/accessanalyzer/11.6/admin/hostmanagement/actions/saveview.md index 500c51185d..d46c72e9d5 100644 --- a/docs/accessanalyzer/11.6/admin/hostmanagement/actions/saveview.md +++ b/docs/accessanalyzer/11.6/admin/hostmanagement/actions/saveview.md @@ -30,8 +30,11 @@ closes the host lists under the Host Management node, the hosts reorganize in al Like the default host lists, custom dynamic host lists are auto-populated and updated according to host inventory. -**_RECOMMENDED:_** Do not modify the criteria once a dynamic based list has been created. It is +:::info +Do not modify the criteria once a dynamic based list has been created. It is better to delete and recreate the list in order to modify a dynamic-based list. +::: + See the [Dynamic Host Lists](/docs/accessanalyzer/11.6/admin/hostmanagement/lists.md#dynamic-host-lists) diff --git a/docs/accessanalyzer/11.6/admin/hostmanagement/actions/suspend.md b/docs/accessanalyzer/11.6/admin/hostmanagement/actions/suspend.md index 9f525bcfeb..5558058545 100644 --- a/docs/accessanalyzer/11.6/admin/hostmanagement/actions/suspend.md +++ b/docs/accessanalyzer/11.6/admin/hostmanagement/actions/suspend.md @@ -13,8 +13,11 @@ Use the **Suspend Host Inventory** option to pause an in progress inventory. Once clicked, the option changes to **Resume Host Inventory** and the **In progress** host inventories change to an **In queue** state. -**NOTE:** Clicking **Refresh Hosts** while inventory is suspended adds to the queue but does not +:::note +Clicking **Refresh Hosts** while inventory is suspended adds to the queue but does not resume the inventory. +::: + ![Resume Host Inventory](/img/product_docs/accessanalyzer/11.6/admin/hostmanagement/actions/resumehostinventory.webp) diff --git a/docs/accessanalyzer/11.6/admin/hostmanagement/datagrid.md b/docs/accessanalyzer/11.6/admin/hostmanagement/datagrid.md index fa8d16ce76..07503e2bdc 100644 --- a/docs/accessanalyzer/11.6/admin/hostmanagement/datagrid.md +++ b/docs/accessanalyzer/11.6/admin/hostmanagement/datagrid.md @@ -31,10 +31,13 @@ Use the horizontal scrollbar at the bottom to view the host inventory data, whic - InventoryState – Last known status of the host inventory query (**Idle**, **In progress**, or **In queue**) - **NOTE:** If the Enterprise Auditor application is stopped during host inventory collection, + :::note + If the Enterprise Auditor application is stopped during host inventory collection, hosts queued for inventory retain the **InventoryState** of **In queue** within the Host Management node data grid, as this is the last known state of inventory. It retains that state until the next host inventory collection is executed against the host. + ::: + - IPAddress – Last known IP Address for the host from host inventory collection - Subnet – Subnet mask for the host’s IP Address diff --git a/docs/accessanalyzer/11.6/admin/hostmanagement/lists.md b/docs/accessanalyzer/11.6/admin/hostmanagement/lists.md index f4d5223385..9f4cd82dfa 100644 --- a/docs/accessanalyzer/11.6/admin/hostmanagement/lists.md +++ b/docs/accessanalyzer/11.6/admin/hostmanagement/lists.md @@ -51,8 +51,11 @@ the Host Master Table or at any host list node. See the [Filter](/docs/accessanalyzer/11.6/admin/navigate/datagrid.md#filter) topic for additional information on filtering data grids. -**_RECOMMENDED:_** Do not modify the criteria once a dynamic based list has been created. It is +:::info +Do not modify the criteria once a dynamic based list has been created. It is better to delete and recreate the list in order to modify a dynamic-based list. +::: + ## Static Host Lists diff --git a/docs/accessanalyzer/11.6/admin/jobs/features.md b/docs/accessanalyzer/11.6/admin/jobs/features.md index 13d86cb39d..6dfc08355b 100644 --- a/docs/accessanalyzer/11.6/admin/jobs/features.md +++ b/docs/accessanalyzer/11.6/admin/jobs/features.md @@ -9,30 +9,30 @@ sidebar_position: 40 There are several special features and functions available for jobs and job components with which Enterprise Auditor users should be familiar. -View XML Files +**View XML Files** Job, query, analysis, and action property windows all have the **View XML** option. These provide the ability to edit through an XML text window. -Open Explore Folder +**Open Explore Folder** Enterprise Auditor users can directly open a selected job or job group folder from the Jobs tree using the **Explore Folder** option in the right-click menu. -Publish Reports after Report Generation +**Publish Reports after Report Generation** Reports that have been generated but not published can be sent to the Web Console using the **Publish** option in the right-click menu from the selected Jobs tree, job group, or job node. See the [Publish Reports Window](#publish-reports-window) topic for additional information. -Job Configuration Change Tracking +**Job Configuration Change Tracking** Jobs configuration changes can be tracked using the **Changes** option in the right-click menu from the selected Jobs tree, job group, or job node. See the [Changes Window](/docs/accessanalyzer/11.6/admin/jobs/overview.md#changes-window) topic for additional information. -Job Export +**Job Export** Jobs can be exported to a ZIP file using the **Export** option in the right-click menu from the selected job group or job node. See the diff --git a/docs/accessanalyzer/11.6/admin/jobs/group/overview.md b/docs/accessanalyzer/11.6/admin/jobs/group/overview.md index 76abb284d6..30a97cdc05 100644 --- a/docs/accessanalyzer/11.6/admin/jobs/group/overview.md +++ b/docs/accessanalyzer/11.6/admin/jobs/group/overview.md @@ -36,8 +36,11 @@ The two types of job groups in Enterprise Auditor are: - User Created – Job group description of job description only provides generic information and options -**NOTE:** Every job group’s description includes options for creating a group, opening the Instant +:::note +Every job group’s description includes options for creating a group, opening the Instant Job Library, and creating a job. +::: + Pre-configured job group description pages provide users with shortcuts and links to many of the functions that can be accessed in the Jobs Tree in the Navigation Pane. @@ -92,8 +95,11 @@ following information: - Contents – Shows the job groups and jobs contained within the currently selected job group -**NOTE:** If applicable, the page shows special instructions for which hosts need to be targeted for +:::note +If applicable, the page shows special instructions for which hosts need to be targeted for proper job group execution. +::: + ### Job Settings: Inherited and Directly Applied @@ -107,11 +113,12 @@ highlighted in blue). The following inherited settings are available: -| Setting | Description | -| --------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Connection profile | The tooltip shows the account name used in the connection profile. Clicking the button opens the parent Connection settings for the selected job group. See [Connection Node](/docs/accessanalyzer/11.6/admin/jobs/group/settings/connection.md) for more information. Clicking the three dots menu on the right part of the button opens the Edit menu. The following options are available: - Edit the Profile – Clicking the link opens the Connection settings for the current profile - Use Default Profile – Clicking the link applies the connection profile set as default on a global level to a job. In this case, this setting is hidden under the **Show Inherited Settings** button. - List of profiles – Allows switching between existing connection profiles and apply a desired one to a job | -| Data Retention Period | The tooltip shows the current value for the data retention period (by default, **Never retain previous job data**). Clicking the button opens the parent History settings for the selected job group. See the [History Node](/docs/accessanalyzer/11.6/admin/jobs/group/settings/history.md) topic for additional information. | -| Log Retention Period | The tooltip shows the current value for log retention period (by default, **Retain previous job log for 7 times**). Clicking the button opens the parent History settings for the selected job group. See the [History Node](/docs/accessanalyzer/11.6/admin/jobs/group/settings/history.md) topic for additional information. | -| Hosts Lists | The tooltip shows the names of the host lists assigned to this job group. If you have more than three host lists assigned to a job group, the tooltip shows 3 hosts name and the number of other hosts lists assigned (for example, if 5 hosts are assigned it shows `Host1, Host2, Host3 + 2 more`). Clicking the button opens the parent Host Lists setting for the selected job group. See the [Host Lists Assignment](/docs/accessanalyzer/11.6/admin/jobs/group/settings/hostlistsassignment.md) topic for additional information. | -| Reporting Settings | Clicking the Reporting Settings button opens the parent Reporting settings for the selected job group including publishing options, email settings, and roles. See the [Reporting Node](/docs/accessanalyzer/11.6/admin/jobs/group/settings/reporting.md) topic for additional information. | -| Storage Profile | The tooltip shows the current SQL Server instance, database name, user account, and authentication type used for the selected job group. See the [Storage Node](/docs/accessanalyzer/11.6/admin/jobs/group/settings/storage.md)s topic for additional information. Clicking the three dots menu on the right part of the button opens the Edit menu. The following options are available: - Edit This Profile – Clicking the link opens the Storage settings for the current profile - Use Default Profile – Clicking the link applies the storage profile set as default on a global level to a job. In this case, this setting is hidden under the **Show Inherited Settings** button - List of existing profiles – Allows switching between existing storage profiles and apply a desired one to a job | +| Setting | Description | +| --------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Connection profile | The tooltip shows the account name used in the connection profile. Clicking the button opens the parent Connection settings for the selected job group. See [Connection Node](/docs/accessanalyzer/11.6/admin/jobs/group/settings/connection.md) for more information. Clicking the three dots menu on the right part of the button opens the Edit menu. The following options are available: | +| Data Retention Period | The tooltip shows the current value for the data retention period (by default, **Never retain previous job data**). Clicking the button opens the parent History settings for the selected job group. See the [History Node](/docs/accessanalyzer/11.6/admin/jobs/group/settings/history.md) topic for additional information. | +| Log Retention Period | The tooltip shows the current value for log retention period (by default, **Retain previous job log for 7 times**). Clicking the button opens the parent History settings for the selected job group. See the [History Node](/docs/accessanalyzer/11.6/admin/jobs/group/settings/history.md) topic for additional information. | +| Hosts Lists | The tooltip shows the names of the host lists assigned to this job group. If you have more than three host lists assigned to a job group, the tooltip shows 3 hosts name and the number of other hosts lists assigned (for example, if 5 hosts are assigned it shows `Host1, Host2, Host3 + 2 more`). Clicking the button opens the parent Host Lists setting for the selected job group. See the [Host Lists Assignment](/docs/accessanalyzer/11.6/admin/jobs/group/settings/hostlistsassignment.md) topic for additional information. | +| Reporting Settings | Clicking the Reporting Settings button opens the parent Reporting settings for the selected job group including publishing options, email settings, and roles. See the [Reporting Node](/docs/accessanalyzer/11.6/admin/jobs/group/settings/reporting.md) topic for additional information. | +| Storage Profile | The tooltip shows the current SQL Server instance, database name, user account, and authentication type used for the selected job group. See the [Storage Node](/docs/accessanalyzer/11.6/admin/jobs/group/settings/storage.md)s topic for additional information. Clicking the three dots menu on the right part of the button opens the Edit menu. The following options are available: | + diff --git a/docs/accessanalyzer/11.6/admin/jobs/group/settings/history.md b/docs/accessanalyzer/11.6/admin/jobs/group/settings/history.md index d80309f787..984df72791 100644 --- a/docs/accessanalyzer/11.6/admin/jobs/group/settings/history.md +++ b/docs/accessanalyzer/11.6/admin/jobs/group/settings/history.md @@ -16,8 +16,11 @@ By default, all job groups are set to inherit **Use Default Setting** option fro [History](/docs/accessanalyzer/11.6/admin/settings/history.md) topic for additional information. -**CAUTION:** It is important to understand that some pre-configured jobs require history retention +:::warning +It is important to understand that some pre-configured jobs require history retention while others do not support it. See job group and job descriptions for additional information. +::: + If the Default Setting is not preferred, select the custom type of retention settings desired below: diff --git a/docs/accessanalyzer/11.6/admin/jobs/group/settings/reporting.md b/docs/accessanalyzer/11.6/admin/jobs/group/settings/reporting.md index 3b35e62e0e..b033d6a6ae 100644 --- a/docs/accessanalyzer/11.6/admin/jobs/group/settings/reporting.md +++ b/docs/accessanalyzer/11.6/admin/jobs/group/settings/reporting.md @@ -13,9 +13,12 @@ reporting settings, the **Use default setting** option, from the global level (* [Reporting](/docs/accessanalyzer/11.6/admin/settings/reporting.md) topic for additional information. -**NOTE:** If the Role Based Access feature is enabled, it also displays a list of all accounts +:::note +If the Role Based Access feature is enabled, it also displays a list of all accounts granted access to the published reports via the Web Console that are generated by any jobs within the job group. +::: + ![Job Group Reporting Settings page](/img/product_docs/accessanalyzer/11.6/admin/jobs/group/reporting.webp) @@ -23,7 +26,10 @@ Checking the **Set all the child objects to inherit these settings** option at t page forces inheritance of these settings to all sub-groups and jobs within the job group. When enabled, this option overrides any custom settings configured for the child objects. -**NOTE:** The **Set all the child objects to inherit these settings** option has no impact on the +:::note +The **Set all the child objects to inherit these settings** option has no impact on the inheritance of Report Roles. +::: + ## Publish diff --git a/docs/accessanalyzer/11.6/admin/jobs/group/settings/settings.md b/docs/accessanalyzer/11.6/admin/jobs/group/settings/settings.md index e6e2ae3598..fd24c3071b 100644 --- a/docs/accessanalyzer/11.6/admin/jobs/group/settings/settings.md +++ b/docs/accessanalyzer/11.6/admin/jobs/group/settings/settings.md @@ -24,11 +24,14 @@ group or a job level. – Use the default host list configured on a parent job group or break inheritance on assigned host lists for this job group - **NOTE:** Host List Assignments is not a global setting. The pre-configured solutions may + :::note + Host List Assignments is not a global setting. The pre-configured solutions may contain Host List Assignments configured to use Global Default Host Lists, for example All Domain Controllers. See the [Default Host Lists](/docs/accessanalyzer/11.6/admin/settings/hostinventory.md#default-host-lists) topic for additional information. + ::: + - [Reporting Node](/docs/accessanalyzer/11.6/admin/jobs/group/settings/reporting.md) – Use the default report settings or break inheritance on Published Report settings, Email diff --git a/docs/accessanalyzer/11.6/admin/jobs/instantiate.md b/docs/accessanalyzer/11.6/admin/jobs/instantiate.md index 41f9595c2c..e0f93e1fa9 100644 --- a/docs/accessanalyzer/11.6/admin/jobs/instantiate.md +++ b/docs/accessanalyzer/11.6/admin/jobs/instantiate.md @@ -10,7 +10,7 @@ Enterprise Auditor jobs and solutions are comprised of files contained within th installation directory. All jobs and job groups contained within the Jobs tree are housed in the Jobs directory. The default location is: -…\STEALTHbits\StealthAUDIT\Jobs +**…\STEALTHbits\StealthAUDIT\Jobs** ![Explore Folder option from Jobs Tree](/img/product_docs/accessanalyzer/11.6/admin/jobs/explorefolder.webp) @@ -28,7 +28,10 @@ location. However, copying an existing job within the Jobs directory is not supp already exists within the Enterprise Auditor Console server, copying outside of the console may result in reporting issues. -**CAUTION:** Do not use these steps to copy an existing job. +:::warning +Do not use these steps to copy an existing job. +::: + There is no need to close the Enterprise Auditor application to instantiate a new job. Follow the steps to instantiate a new job into the Enterprise Auditor Jobs tree: @@ -41,7 +44,7 @@ colleague, or other entity, it is most likely in one of two formats: **Step 2 –** Open the Jobs directory. The default location is: -…\STEALTHbits\StealthAUDIT\Jobs +**…\STEALTHbits\StealthAUDIT\Jobs** **Step 3 –** Place the job or job group into the Jobs directory. diff --git a/docs/accessanalyzer/11.6/admin/jobs/instantjobs/ad_passwordexpirationnotification.md b/docs/accessanalyzer/11.6/admin/jobs/instantjobs/ad_passwordexpirationnotification.md index 88d4b7fda7..b8ccec70a6 100644 --- a/docs/accessanalyzer/11.6/admin/jobs/instantjobs/ad_passwordexpirationnotification.md +++ b/docs/accessanalyzer/11.6/admin/jobs/instantjobs/ad_passwordexpirationnotification.md @@ -35,26 +35,26 @@ action task). Navigate to the **Jobs** > **AD_PasswordExpirationNotification** > **Configure** node and select **Analysis** to view the analysis tasks. -![Default Analysis Tasks for the Job](/img/product_docs/accessanalyzer/11.6/admin/jobs/instantjobs/analysistasks.webp) +![Default Analysis Tasks for the Job](/img/product_docs/accessanalyzer/11.6/admin/jobs/instantjobs/analysistasks_2.webp) The default analysis tasks are: -- 1. User Password Information – Creates the PasswordExpirationNotification_Details table +- **1. User Password Information** – Creates the PasswordExpirationNotification_Details table accessible under the job’s Results node - Contains a configurable parameter for the number of days until a password expires to be identified - See the [Customizable Analysis Tasks for the AD_PasswordExpirationNotification Job](#customizable-analysis-tasks-for-the-ad_passwordexpirationnotification-job) topic for additional information. -- 2. Domain Summary – Creates an interim processing table in the database for use by downstream +- **2. Domain Summary** – Creates an interim processing table in the database for use by downstream analysis and report generation -- 3. Passwords Set to Expire Within 15 Days – Creates the +- **3. Passwords Set to Expire Within 15 Days** – Creates the PasswordExpirationNotification_ExpiresWithin15Days table accessible under the job’s Results node -- 4. Notification Data Table – Creates the +- **4. Notification Data Table** – Creates the PasswordExpirationNotification_ExpiresWithin15Days_UserNotifications table accessible under the job’s Results node -- 5. Help Desk Notification – Sends notification of users with passwords set to expire in X days +- **5. Help Desk Notification** – Sends notification of users with passwords set to expire in X days - See the [Notification Analysis Task in the AD_PasswordExpirationNotification Job](#notification-analysis-task-in-the-ad_passwordexpirationnotification-job) topic for additional information. @@ -64,13 +64,16 @@ The default analysis tasks are: Navigate to the **Jobs** > **AD_PasswordExpirationNotification** > **Configure** node and select **Actions** to view the action modules. -**CAUTION:** This action is enabled by default. +:::warning +This action is enabled by default. +::: -![Default Action Tasks for the Job](/img/product_docs/accessanalyzer/11.6/admin/jobs/instantjobs/actiontasks.webp) + +![Default Action Tasks for the Job](/img/product_docs/accessanalyzer/11.6/admin/jobs/instantjobs/actiontasks_1.webp) The default actions are: -- 1. User Notification – Uses the SendMail Action Module to send notifications to users on +- **1. User Notification** – Uses the SendMail Action Module to send notifications to users on password expiration - Requires the Notification Actions license feature - See the @@ -80,9 +83,10 @@ The default actions are: In addition to the tables created by the analysis and action tasks, the AD_PasswordExpirationNotification Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| --------------------------------- | -------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------- | -| Passwords Expiring Within 15 Days | This report displays users accounts with passwords set to expire within 15 days. | None | This report is comprised of one element: - Table – Displays details on passwords expiring within 15 days | +| Report | Description | Default Tags | Report Elements | +| --------------------------------- | -------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------ | +| Passwords Expiring Within 15 Days | This report displays users accounts with passwords set to expire within 15 days. | None | This report is comprised of one element: | + ## Customizable Analysis Tasks for the AD_PasswordExpirationNotification Job @@ -91,9 +95,12 @@ group objects during this job’s analysis. The parameters can be customized and section at the bottom of the SQL Script Editor. Follow the steps to customize an analysis task’s parameters. -**CAUTION:** Do not change the table names or report name to align with a different value supplied +:::warning +Do not change the table names or report name to align with a different value supplied for this parameter. Modifying the table names will result in analysis and report errors downstream. Only the report title and descriptions can be modified within the report configuration. +::: + | Analysis Task | Customizable Parameter Name | Default Value | Value Indicates | | ---------------------------- | --------------------------- | ------------- | ------------------------------------------------------------------------------------------------- | @@ -113,7 +120,10 @@ Task and click on **Analysis Configuration**. The SQL Script Editor opens. **Step 3 –** In the parameters section at the bottom of the editor, find the Value column. Double-click on the current value and change as desired. -**CAUTION:** Do not change any parameters where the Value states **Created during execution**. +:::warning +Do not change any parameters where the Value states **Created during execution**. +::: + **Step 4 –** Click **Save and Close** to finalize the customization and close the SQL Script Editor. @@ -127,21 +137,22 @@ listed in the PasswordExpirationNotification_ExpiresWithin15Days table. The anal default. Therefore, when the job is executed the following message is sent to the specified recipient, such as the organization’s help desk, with information from the associated table: -_Subject:_ Users with Passwords About To Expire - -Support Team, - -Heads-up.  The following users are facing password expiration in seven days or less: - -**[[ -- Password for [User] ([NTAccount]) expires in [DaysUntilExpiration] days** - -**]** - -Thank you, +> _Subject:_ Users with Passwords About To Expire +> +> Support Team, +> +> Heads-up.  The following users are facing password expiration in seven days or less: +> +> [ -- Password for [User] ([NTAccount]) expires in [DaysUntilExpiration] days] +> +> Thank you, +> +> Netwrix -Netwrix +:::warning +Do not modify the tags, highlighted in bold text above. +::: -**CAUTION:** Do not modify the tags, highlighted in bold text above. The Subject or message body can be modified, for example to replace `Netwrix` with the organization’s name. Follow the steps to configure the 5. Help Desk Notification Analysis Task. @@ -197,28 +208,34 @@ PasswordExpirationNotification_ExpiresWithin15Days_UserNotifications table. The default. Therefore, when the job is executed the following message is sent to all users in the associated table: -_Subject:_ Attention **[User]** - Your Password Expires in **[DaysUntilExpiration]** Days - -Hello **[User]**, - -The password for the account **[NTAccount]** expires on **[ExpirationDate]**. Please change the -password prior to the expiration date.  If account profiles are used on mobile devices, please -remember to update the password on each device used. - -Thank you, - -Netwrix - -**CAUTION:** Do not change the recipient for the action task. While the tags can be moved, do not +> _Subject:_ Attention **[User]** - Your Password Expires in **[DaysUntilExpiration]** Days +> +> Hello **[User]**, +> +> The password for the account **[NTAccount]** expires on **[ExpirationDate]**. Please change the +>password prior to the expiration date.  If account profiles are used on mobile devices, please +>remember to update the password on each device used. +> +> Thank you, +> +> Netwrix + +:::warning +Do not change the recipient for the action task. While the tags can be moved, do not remove or modify the tags, which are highlighted in bold text above. +::: + The subject or message body can be modified, for example to replace `Netwrix` with the organization’s name. Follow the steps to modify the Subject or message body within the 1. User Notification Action Task. -**NOTE:** It is necessary for the +:::note +It is necessary for the PasswordExpirationNotification_ExpiresWithin15Days_UserNotifications table to exist in the database before this action task can be modified. +::: + **Step 1 –** Navigate to the **AD_PasswordExpirationNotification** > **Configure** node and select **Actions**. @@ -226,7 +243,10 @@ before this action task can be modified. **Step 2 –** In the Action Selection view, select the **1. User Notification** Action Task and click on **Action Properties** to view the actions. -**CAUTION:** Do not modify the action task properties. +:::warning +Do not modify the action task properties. +::: + **Step 3 –** In the Action Properties view, the action properties and a preview of the users from the associated table are displayed. Click **Configure Action**. The Send Mail Action Module Wizard diff --git a/docs/accessanalyzer/11.6/admin/jobs/instantjobs/ex_registerazureappauth.md b/docs/accessanalyzer/11.6/admin/jobs/instantjobs/ex_registerazureappauth.md index 855bba607d..adc87d905e 100644 --- a/docs/accessanalyzer/11.6/admin/jobs/instantjobs/ex_registerazureappauth.md +++ b/docs/accessanalyzer/11.6/admin/jobs/instantjobs/ex_registerazureappauth.md @@ -21,7 +21,10 @@ authentication and provision appropriate permissions for Exchange Online scans. - Azure AD PowerShell module installed on targeted hosts - **NOTE:** If the module is not already installed, the job will attempt to install it. + :::note + If the module is not already installed, the job will attempt to install it. + ::: + - You can install the module with the following command: @@ -92,6 +95,8 @@ The Microsoft Entra ID application is now provisioned with the necessary permiss Online scans. There will be a new Connection Profile for this Application. Restart the Enterprise Auditor Console and enter a password to use this Connection Profile. -_Remember,_ the required rights and roles for Exchange Online still need to be configured. See the +:::tip +Remember, the required rights and roles for Exchange Online still need to be configured. See the [Target Exchange Online Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/exchange/exchangeonline/exchangeonline.md) topic for additional information. +::: diff --git a/docs/accessanalyzer/11.6/admin/jobs/instantjobs/fs_defend_sdd.md b/docs/accessanalyzer/11.6/admin/jobs/instantjobs/fs_defend_sdd.md index f2b1f62513..bbe943e567 100644 --- a/docs/accessanalyzer/11.6/admin/jobs/instantjobs/fs_defend_sdd.md +++ b/docs/accessanalyzer/11.6/admin/jobs/instantjobs/fs_defend_sdd.md @@ -56,7 +56,7 @@ Request Action Module to send the data to Threat Manager. Navigate to the **Jobs** > **FS_DEFEND_SDD** > **Configure** node and select **Analysis** to view the analysis tasks. -![Default Analysis tasks for the job](/img/product_docs/accessanalyzer/11.6/admin/jobs/instantjobs/analysistasks.webp) +![Default Analysis tasks for the job](/img/product_docs/accessanalyzer/11.6/admin/jobs/instantjobs/analysistasks_1.webp) The default analysis tasks are: @@ -68,7 +68,10 @@ The default analysis tasks are: Navigate to the **Jobs** > **FS_DEFEND_SDD** > **Configure** node and select **Actions** to view the actions. -**CAUTION:** This action is enabled by default. +:::warning +This action is enabled by default. +::: + ![Default Action Tasks for the Job](/img/product_docs/accessanalyzer/11.6/admin/jobs/instantjobs/actiontasks.webp) diff --git a/docs/accessanalyzer/11.6/admin/jobs/instantjobs/fs_migrateschema.md b/docs/accessanalyzer/11.6/admin/jobs/instantjobs/fs_migrateschema.md index cd5e44be6b..d07e543299 100644 --- a/docs/accessanalyzer/11.6/admin/jobs/instantjobs/fs_migrateschema.md +++ b/docs/accessanalyzer/11.6/admin/jobs/instantjobs/fs_migrateschema.md @@ -33,8 +33,11 @@ without affecting data. Navigate to the **Jobs** > **FS_MigrateSchema** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Default Analysis tasks for the job](/img/product_docs/accessanalyzer/11.6/admin/jobs/instantjobs/analysistasks.webp) diff --git a/docs/accessanalyzer/11.6/admin/jobs/instantjobs/sas_executionstatistics.md b/docs/accessanalyzer/11.6/admin/jobs/instantjobs/sas_executionstatistics.md index 8a5b8f1126..86f5f78b2f 100644 --- a/docs/accessanalyzer/11.6/admin/jobs/instantjobs/sas_executionstatistics.md +++ b/docs/accessanalyzer/11.6/admin/jobs/instantjobs/sas_executionstatistics.md @@ -39,10 +39,13 @@ executions, analysis history, host query details, and analysis details. Navigate to the **Jobs** > **SAS_ExecutionStatistics** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: -![Default Analysis tasks for the job](/img/product_docs/accessanalyzer/11.6/admin/jobs/instantjobs/analysistasks.webp) + +![Default Analysis tasks for the job](/img/product_docs/accessanalyzer/11.6/admin/jobs/instantjobs/analysistasks_3.webp) The default analysis tasks are: @@ -56,8 +59,9 @@ The default analysis tasks are: In addition to the tables created by the analysis tasks, the SAS_ExecutionStatistics Job produces the following pre-configured reports. -| Report | Description | Default Tags | Report Elements | -| ------------------------ | ----------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------ | -| Analysis Execution | This report identifies abnormally long analysis times. | None | This report is comprised of two elements: - Bar graph – Displays Abnormally Long Analysis Times - Table – Displays details on analysis times | -| Collection Statistics | This report identifies abnormally long collection times. | None | This report is comprised of two elements: - Bar graph – Displays Abnormally Long Collection Times - Table – Displays details on collection times | -| Job Execution Statistics | This report identifies jobs which have abnormally long run times. | None | This report is comprised of two elements: - Pie chart – Displays Job Status - Table – Displays details on job status | +| Report | Description | Default Tags | Report Elements | +| ------------------------ | ----------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Analysis Execution | This report identifies abnormally long analysis times. | None | This report is comprised of two elements: | +| Collection Statistics | This report identifies abnormally long collection times. | None | This report is comprised of two elements: | +| Job Execution Statistics | This report identifies jobs which have abnormally long run times. | None | This report is comprised of two elements: | + diff --git a/docs/accessanalyzer/11.6/admin/jobs/instantjobs/sp_registerazureappauth.md b/docs/accessanalyzer/11.6/admin/jobs/instantjobs/sp_registerazureappauth.md index bb4741b95c..cab680351c 100644 --- a/docs/accessanalyzer/11.6/admin/jobs/instantjobs/sp_registerazureappauth.md +++ b/docs/accessanalyzer/11.6/admin/jobs/instantjobs/sp_registerazureappauth.md @@ -45,7 +45,7 @@ browser, they will need to login to Microsoft Entra ID as a Global Administrator Application's API Permissions to grant Admin Consent before the Application can be used for SharePoint scans in Enterprise Auditor. -Additional Considerations +**Additional Considerations** - After the job successfully runs, there will be a new Connection Profile for this Application. Restart the Enterprise Auditor Console and enter a password to use this Connection Profile. @@ -59,4 +59,4 @@ Additional Considerations generated by the script. For example, if the targeted host is `myorg.onmicrosoft.com`, then the password for the connection profile would be: - ...\STEALTHbits\StealthAUDIT\PrivateAssemblies\spaa_cert_myorg.pfx,YourPasswordHere,0 +**...\STEALTHbits\StealthAUDIT\PrivateAssemblies\spaa_cert_myorg.pfx,YourPasswordHere,0** diff --git a/docs/accessanalyzer/11.6/admin/jobs/instantjobs/sp_removehost.md b/docs/accessanalyzer/11.6/admin/jobs/instantjobs/sp_removehost.md index 9fd2db4b0b..9fa879cbce 100644 --- a/docs/accessanalyzer/11.6/admin/jobs/instantjobs/sp_removehost.md +++ b/docs/accessanalyzer/11.6/admin/jobs/instantjobs/sp_removehost.md @@ -30,10 +30,13 @@ the hosts on the job and run it to delete the respective hosts SharePoint data. Navigate to the **Jobs** > **SP_RemoveHost** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: -![Default Analysis tasks for the job](/img/product_docs/accessanalyzer/11.6/admin/jobs/instantjobs/analysistasks.webp) + +![Default Analysis tasks for the job](/img/product_docs/accessanalyzer/11.6/admin/jobs/instantjobs/analysistasks_1.webp) The default analysis tasks are: diff --git a/docs/accessanalyzer/11.6/admin/jobs/job/configure/actions.md b/docs/accessanalyzer/11.6/admin/jobs/job/configure/actions.md index 9a05ee7498..bef3cdcada 100644 --- a/docs/accessanalyzer/11.6/admin/jobs/job/configure/actions.md +++ b/docs/accessanalyzer/11.6/admin/jobs/job/configure/actions.md @@ -10,7 +10,10 @@ The Actions node uses Enterprise Auditor action modules to take action on collec data. Action can be taken on objects leveraging collected data or analyzed data, for example from a listing of locked-out accounts, an action can be executed to unlock those accounts. -**NOTE:** Action modules are available with a special Enterprise Auditor license. +:::note +Action modules are available with a special Enterprise Auditor license. +::: + ![Action Selection page](/img/product_docs/accessanalyzer/11.6/admin/jobs/job/configure/actionselection.webp) @@ -41,8 +44,11 @@ The Actions section at the top has five options: [Action Modules](/docs/accessanalyzer/11.6/admin/action/overview.md) topic for additional information - **NOTE:** The AutoAction task appears in the Analysis Selection view, not in the Action + :::note + The AutoAction task appears in the Analysis Selection view, not in the Action Selection view. + ::: + - Execute Action – Opens the Action Execution window and starts executing the selected action diff --git a/docs/accessanalyzer/11.6/admin/jobs/job/configure/analysis/analysiscustomizableparameters.md b/docs/accessanalyzer/11.6/admin/jobs/job/configure/analysis/analysiscustomizableparameters.md index c35d68e3d4..b6034bb010 100644 --- a/docs/accessanalyzer/11.6/admin/jobs/job/configure/analysis/analysiscustomizableparameters.md +++ b/docs/accessanalyzer/11.6/admin/jobs/job/configure/analysis/analysiscustomizableparameters.md @@ -16,14 +16,20 @@ Configuration**. The SQL Script Editor opens. **Step 3 –** At the top of the SQL Script Editor, select **Parameters**. -**NOTE:** The image shown is a generic example. Table names and customizable parameters will change +:::note +The image shown is a generic example. Table names and customizable parameters will change based on the Job. +::: + ![SQL Script Editor](/img/product_docs/accessanalyzer/11.6/admin/jobs/job/configure/customizableparameters.webp) **Step 4 –** In the parameters section at the bottom of the editor, find the Value column. -**CAUTION:** Do not change any parameters where the Value states **Created during execution**. +:::warning +Do not change any parameters where the Value states **Created during execution**. +::: + - Double-click on the customizable value and change as desired diff --git a/docs/accessanalyzer/11.6/admin/jobs/job/configure/queries.md b/docs/accessanalyzer/11.6/admin/jobs/job/configure/queries.md index fefc73ba0b..b77a1f7ca1 100644 --- a/docs/accessanalyzer/11.6/admin/jobs/job/configure/queries.md +++ b/docs/accessanalyzer/11.6/admin/jobs/job/configure/queries.md @@ -45,8 +45,11 @@ The Tables section at the top has three options: - Delete Table – Deletes the selected table from the list, all associated query tasks, and the database table if it has already been created. This action does require confirmation. - **CAUTION:** Do not delete the last table in a job’s Query Selection view. Doing so will also + :::warning + Do not delete the last table in a job’s Query Selection view. Doing so will also delete the Messages table. In order to delete the last table, it is necessary to delete the job. + ::: + ## Queries diff --git a/docs/accessanalyzer/11.6/admin/jobs/job/create.md b/docs/accessanalyzer/11.6/admin/jobs/job/create.md index 85fc3bbee3..27bcd5c201 100644 --- a/docs/accessanalyzer/11.6/admin/jobs/job/create.md +++ b/docs/accessanalyzer/11.6/admin/jobs/job/create.md @@ -18,7 +18,10 @@ select **Create Job**. **Step 2 –** Provide a unique, descriptive name for the job. The default name is `NewJob`. Some considerations for naming conventions: -**CAUTION:** Do not end a job name with a space. +:::warning +Do not end a job name with a space. +::: + - There can never be two jobs with the same name. Enterprise Auditor automatically appends a numeral to the end of a job name to avoid duplicates, for example `NewJob1`. diff --git a/docs/accessanalyzer/11.6/admin/jobs/job/disableenable.md b/docs/accessanalyzer/11.6/admin/jobs/job/disableenable.md index 4020b36379..0327e68beb 100644 --- a/docs/accessanalyzer/11.6/admin/jobs/job/disableenable.md +++ b/docs/accessanalyzer/11.6/admin/jobs/job/disableenable.md @@ -23,9 +23,12 @@ task, or executed as part of the job group. Follow the steps to disable a job. **Step 1 –** Select a job group or job. -**NOTE:** When disabling jobs at the job group level, all jobs contained in the job group are +:::note +When disabling jobs at the job group level, all jobs contained in the job group are disabled, but the job group is not disabled. Any additional jobs added to that job group at a later time will be enabled by default. +::: + ![Disable Job from Jobs Tree](/img/product_docs/accessanalyzer/11.6/admin/jobs/job/disablejob.webp) diff --git a/docs/accessanalyzer/11.6/admin/jobs/job/overview.md b/docs/accessanalyzer/11.6/admin/jobs/job/overview.md index 06b3117f54..a264606877 100644 --- a/docs/accessanalyzer/11.6/admin/jobs/job/overview.md +++ b/docs/accessanalyzer/11.6/admin/jobs/job/overview.md @@ -15,9 +15,12 @@ topic for additional information. ![Job structure in the Job's Tree](/img/product_docs/accessanalyzer/11.6/admin/jobs/job/jobnode.webp) -**_RECOMMENDED:_** Use job group organization to spread these tasks across jobs. For example, create +:::info +Use job group organization to spread these tasks across jobs. For example, create a job to run a query and a second job to run analysis or generate a report. Then use the job group structure to run those jobs together in the proper order. +::: + Jobs do not have a Settings node like a job group. Job Properties provide the option to break inheritance on global or job group settings. See the @@ -132,14 +135,15 @@ opens this list of the inherited settings. The following settings can be inherited from a parent: -| Setting | Description | -| --------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Connection profile | The tooltip shows the account name used in the connection profile. Clicking the button opens the parent Connection settings for the selected job. See the [Connection Node](/docs/accessanalyzer/11.6/admin/jobs/group/settings/connection.md) topic for additional information. Clicking the three dots menu on the right part of the button opens the Edit menu. The following options are available: - Edit the Profile – Clicking the link opens the Connection settings for the current profile - Use Default Profile – Clicking the link applies the connection profile set as default on a global level to a job. In this case, this setting will be hidden under the **Show Inherited Settings** button. - List of existing profiles – Allows switching between existing connection profiles and apply a desired one to a job | -| Data Retention Period | The tooltip shows the current value for the data retention period (by default, Never retain previous job data). Clicking the button opens the parent History settings for the selected job. See the [History Node](/docs/accessanalyzer/11.6/admin/jobs/group/settings/history.md) topic for additional information. | -| Log Retention Period | The tooltip shows the current value for the log retention period (by default, Retain previous job log for 7 times). Clicking the button opens the parent History settings for the selected job. See the [History Node](/docs/accessanalyzer/11.6/admin/jobs/group/settings/history.md) topic for additional information. | -| Hosts Lists | The tooltip shows the number and the names of the host lists assigned to this job. If you have more than three host lists assigned to a job, the tooltip shows 3 hosts name and the number of other hosts lists assigned (for example, if 5 hosts are assigned it shows `Host1, Host2, Host3 + 2 more`). Clicking the button opens the parent Host Lists setting for the selected job. See the [Hosts Node](/docs/accessanalyzer/11.6/admin/jobs/job/configure/hosts.md) topic for additional information. | -| Reporting Settings | Clicking the Reporting Settings button opens the parent Reporting settings for the selected job including publishing options, email settings, and roles. See the [Reporting Node](/docs/accessanalyzer/11.6/admin/jobs/group/settings/reporting.md) topic for additional information. | -| Storage Profile | The tooltip shows the current SQL Server instance, database name, user account, and authentication type used for the selected job. See the [Storage Node](/docs/accessanalyzer/11.6/admin/jobs/group/settings/storage.md) topic for additional information. Clicking the three dots menu on the right part of the button opens the Edit menu. The following options are available - Edit This Profile – Clicking the link opens the Storage settings for the current profile - Use Default Profile – Clicking the link applies the storage profile set as default on a global level to a job. In this case, this setting will be hidden under the **Show Inherited Settings** button - List of existing profiles – Allows switching between existing storage profiles and apply a desired one to a job | +| Setting | Description | +| --------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Connection profile | The tooltip shows the account name used in the connection profile. Clicking the button opens the parent Connection settings for the selected job. See the [Connection Node](/docs/accessanalyzer/11.6/admin/jobs/group/settings/connection.md) topic for additional information. Clicking the three dots menu on the right part of the button opens the Edit menu. The following options are available: | +| Data Retention Period | The tooltip shows the current value for the data retention period (by default, Never retain previous job data). Clicking the button opens the parent History settings for the selected job. See the [History Node](/docs/accessanalyzer/11.6/admin/jobs/group/settings/history.md) topic for additional information. | +| Log Retention Period | The tooltip shows the current value for the log retention period (by default, Retain previous job log for 7 times). Clicking the button opens the parent History settings for the selected job. See the [History Node](/docs/accessanalyzer/11.6/admin/jobs/group/settings/history.md) topic for additional information. | +| Hosts Lists | The tooltip shows the number and the names of the host lists assigned to this job. If you have more than three host lists assigned to a job, the tooltip shows 3 hosts name and the number of other hosts lists assigned (for example, if 5 hosts are assigned it shows `Host1, Host2, Host3 + 2 more`). Clicking the button opens the parent Host Lists setting for the selected job. See the [Hosts Node](/docs/accessanalyzer/11.6/admin/jobs/job/configure/hosts.md) topic for additional information. | +| Reporting Settings | Clicking the Reporting Settings button opens the parent Reporting settings for the selected job including publishing options, email settings, and roles. See the [Reporting Node](/docs/accessanalyzer/11.6/admin/jobs/group/settings/reporting.md) topic for additional information. | +| Storage Profile | The tooltip shows the current SQL Server instance, database name, user account, and authentication type used for the selected job. See the [Storage Node](/docs/accessanalyzer/11.6/admin/jobs/group/settings/storage.md) topic for additional information. Clicking the three dots menu on the right part of the button opens the Edit menu. The following options are available | + ### Parameter Configuration @@ -156,8 +160,11 @@ parameters, they will be located under Configuration in the job's Overview secti **Step 2 –** Click on a parameter to open the Parameter Configuration window. -**NOTE:** To view a tool-tip that contains information about the Variable Name and the Task Name +:::note +To view a tool-tip that contains information about the Variable Name and the Task Name that the parameter is associated with, hover the mouse over the parameter. +::: + ![Parameter Configuration Window](/img/product_docs/accessanalyzer/11.6/admin/jobs/job/parameterconfigurationwindow.webp) diff --git a/docs/accessanalyzer/11.6/admin/jobs/job/properties/autoretry.md b/docs/accessanalyzer/11.6/admin/jobs/job/properties/autoretry.md index ddeba4fee3..654b9ef671 100644 --- a/docs/accessanalyzer/11.6/admin/jobs/job/properties/autoretry.md +++ b/docs/accessanalyzer/11.6/admin/jobs/job/properties/autoretry.md @@ -15,8 +15,11 @@ Check the desired Host Status values to generate a retry, and then configure the Retry Options settings. Finally, enter a User name (domain\user) and Password in the Scheduler Authentication section. -**NOTE:** To update the password for an existing account, enter a new password in the Password +:::note +To update the password for an existing account, enter a new password in the Password field. +::: + Click **OK** to save configuration changes and close the Job Properties window. Click **Cancel** if no changes were made. diff --git a/docs/accessanalyzer/11.6/admin/jobs/job/properties/connection.md b/docs/accessanalyzer/11.6/admin/jobs/job/properties/connection.md index c4501df16c..4aacdcfc82 100644 --- a/docs/accessanalyzer/11.6/admin/jobs/job/properties/connection.md +++ b/docs/accessanalyzer/11.6/admin/jobs/job/properties/connection.md @@ -11,10 +11,13 @@ The Connection tab is for configuring the Connection Profile. Choose to use the the system default (the account being used to run Enterprise Auditor), or to select another Connection Profile. -**NOTE:** It is a best practice to set the Connection Profile at the same level where the job’s host +:::note +It is a best practice to set the Connection Profile at the same level where the job’s host list is set. For example, if the host list is set under the job group’s **Settings** node, then that is where the Connection Profile should be configured. If the host list is set under the **[Job]** > **Configure** node, then this is where the Connection Profile should be configured. +::: + ![Connection tab of the Jop Properties](/img/product_docs/accessanalyzer/11.6/admin/jobs/job/properties/viewxml.webp) diff --git a/docs/accessanalyzer/11.6/admin/jobs/job/properties/general.md b/docs/accessanalyzer/11.6/admin/jobs/job/properties/general.md index 2c23986697..6c6f02c873 100644 --- a/docs/accessanalyzer/11.6/admin/jobs/job/properties/general.md +++ b/docs/accessanalyzer/11.6/admin/jobs/job/properties/general.md @@ -29,8 +29,11 @@ The log level feature includes the following options: - Use global setting – use the Application log level feature, configured at the global level. - **NOTE:** By selecting the another option from the drop-down list, you break inheritance for + :::note + By selecting the another option from the drop-down list, you break inheritance for this job. + ::: + - Debug – Records everything that happens during job execution, most verbose level of logging - Records all Info level information @@ -48,8 +51,11 @@ The log level feature includes the following options: - Records errors and the time of occurrence - Records job completion time -**NOTE:** You can switch between log levels. All the levels, including the one that you choose, +:::note +You can switch between log levels. All the levels, including the one that you choose, shall be set for messaging in the application. +::: + ![Log Level Options](/img/product_docs/accessanalyzer/11.6/admin/jobs/job/properties/generalloglevel.webp) diff --git a/docs/accessanalyzer/11.6/admin/jobs/job/properties/performance.md b/docs/accessanalyzer/11.6/admin/jobs/job/properties/performance.md index b3f8e217e9..8a3eb1626e 100644 --- a/docs/accessanalyzer/11.6/admin/jobs/job/properties/performance.md +++ b/docs/accessanalyzer/11.6/admin/jobs/job/properties/performance.md @@ -18,9 +18,12 @@ Adjust the following settings by sliding the needle up and down the line: configured to not respond to PING requests, allowing Enterprise Auditor to scan the target host without a PING response. - **NOTE:** In most cases, it is not recommend to deselect this option, as it causes the job to + :::note + In most cases, it is not recommend to deselect this option, as it causes the job to continue querying offline hosts until the job timeout value is reached, set by default to 20 minutes. + ::: + - PING Timeout – The PING timeout value is the number of seconds before a host is identified as offline for not responding to PING diff --git a/docs/accessanalyzer/11.6/admin/jobs/job/properties/viewxml.md b/docs/accessanalyzer/11.6/admin/jobs/job/properties/viewxml.md index b274701f82..a7d9e8a368 100644 --- a/docs/accessanalyzer/11.6/admin/jobs/job/properties/viewxml.md +++ b/docs/accessanalyzer/11.6/admin/jobs/job/properties/viewxml.md @@ -22,4 +22,7 @@ value of: - 2 for Warning - 3 for Error -**NOTE:** Job analysis configurations are kept in a separate XML file. +:::note +Job analysis configurations are kept in a separate XML file. + +::: diff --git a/docs/accessanalyzer/11.6/admin/jobs/job/results.md b/docs/accessanalyzer/11.6/admin/jobs/job/results.md index a2feebb7bc..cc852a6c1f 100644 --- a/docs/accessanalyzer/11.6/admin/jobs/job/results.md +++ b/docs/accessanalyzer/11.6/admin/jobs/job/results.md @@ -10,9 +10,12 @@ Once a job has been executed, the query populated native data tables, the analys populated materialized tables and views, and the generated reports can be viewed under the job’s Results node. -**NOTE:** Native data tables are only populated by jobs with configured queries. Materialized tables +:::note +Native data tables are only populated by jobs with configured queries. Materialized tables and views are only generated by jobs with configured analysis or action tasks. Reports are only generated by jobs with configured reports. +::: + ![Results Node](/img/product_docs/accessanalyzer/11.6/admin/jobs/job/resultsnode.webp) diff --git a/docs/accessanalyzer/11.6/admin/jobs/job/status.md b/docs/accessanalyzer/11.6/admin/jobs/job/status.md index c14b1aa003..9ac96c8730 100644 --- a/docs/accessanalyzer/11.6/admin/jobs/job/status.md +++ b/docs/accessanalyzer/11.6/admin/jobs/job/status.md @@ -23,11 +23,14 @@ The Status node tables are: global configuration set in the **Settings** > **Application** node. By default, this is set to filter to the most recent data. - **NOTE:** The Job Statistics Retention settings in the **Settings** > **Application** node + :::note + The Job Statistics Retention settings in the **Settings** > **Application** node control how long the job statistics history is kept in the database and displayed Job Stats and Task Stats tables. See the [Application](/docs/accessanalyzer/11.6/admin/settings/application/overview.md) topic for additional information. + ::: + - Messages table – Provides a list of any warning or error messages that occurred during the execution of the job. For example, a frequently generated message is diff --git a/docs/accessanalyzer/11.6/admin/jobs/overview.md b/docs/accessanalyzer/11.6/admin/jobs/overview.md index 02625d36a9..b686fc9fdb 100644 --- a/docs/accessanalyzer/11.6/admin/jobs/overview.md +++ b/docs/accessanalyzer/11.6/admin/jobs/overview.md @@ -111,5 +111,8 @@ the Enterprise Auditor pop-up window to confirm the merge. Changes between releases are tracked. Only jobs that are locked can be upgraded. -**NOTE:** Jobs that are included in Enterprise Auditor are locked and changes cannot be made to +:::note +Jobs that are included in Enterprise Auditor are locked and changes cannot be made to those jobs. + +::: diff --git a/docs/accessanalyzer/11.6/admin/maintenance/backuprecovery.md b/docs/accessanalyzer/11.6/admin/maintenance/backuprecovery.md index 496f28156f..d1b84dae82 100644 --- a/docs/accessanalyzer/11.6/admin/maintenance/backuprecovery.md +++ b/docs/accessanalyzer/11.6/admin/maintenance/backuprecovery.md @@ -11,7 +11,10 @@ Enterprise Auditor Console server. Rather a standard file level back up of a few all that is necessary. This document contains a step-by-step guide for back up and recovery. The choice of back up utility is left to the Enterprise Auditor user. -**NOTE:** This does not cover back up of the Enterprise Auditor database. +:::note +This does not cover back up of the Enterprise Auditor database. +::: + ## Steps to Back Up the Console Server diff --git a/docs/accessanalyzer/11.6/admin/maintenance/bestpractices.md b/docs/accessanalyzer/11.6/admin/maintenance/bestpractices.md index 04df06bf97..7736a2680d 100644 --- a/docs/accessanalyzer/11.6/admin/maintenance/bestpractices.md +++ b/docs/accessanalyzer/11.6/admin/maintenance/bestpractices.md @@ -54,17 +54,37 @@ When the checklist items do not resolve the issue, contact support with as much information as possible from the table below. It is possible that a hot fix may already exist for the product. -| | -| ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| What is the version of the Enterprise Auditor application? Within the Console, navigate to Help > About. The Version number is the build number | -| What is the version of the Solution Set (if applicable)? Within the File System go to %sainstalldir%DC > Find Data Collector DLL > Right-click and go to Properties > Details > File Version | -| What is the version of the Data Collector that has the issue? Within the File System go to %sainstalldir%DC > Find Data Collector DLL > Right-click and go to Properties > Details > File Version | -| What is the version of Analysis Module that has the issue? Within the File System go to %sainstalldir%PrivateAssemblies > Find Analysis Module DLL > Right-click and go to Properties > Details > File Version | -| What is the version of Action Module that has the issue? Within the File System go to %sainstalldir%Actions > Find Action Module DLL > Right-click and go to Properties > Details > File Version | -| What is the Operating System and Version of the Enterprise Auditor Console server? For example: Windows Server 2012 R2 Standard, Server 2016 R2 | -| What is the Operating System and Version of the Target Host? For example: Windows Server 2012 R2 Standard, Server 2016 R2 | -| What is the Application Version (if applicable) i.e. Exchange, SharePoint, etc | -| Did it ever work? Has anything changed? For example” OS Updates, Console Updates, Permission Changes, etc. | -| Use the Export function within Enterprise Auditor to send the job or job group, which includes the Job log and SA_Debug log to the support engineer working the case See the Export Job to Zip Archive Window section for additional instruction. | -| Are there any errors in the Messages Table? Jobs > [Solution] > [Job Group and/or Job] > Status > Messages table | -| Are there any messages in the ConnectStatus Table? Jobs > [Solution] > [Job Group and/or Job] > Status > ConnectStatus table | +**What is the version of the Access Analyzer application?** +Within the Console, navigate to Help > About. The Version number is the build number + +**What is the version of the Solution Set (if applicable)?** +Within the File System go to %sainstalldir%DC > Find Data Collector DLL > Right-click and go to Properties > Details > File Version + +**What is the version of the Data Collector that has the issue** +Within the File System go to %sainstalldir%DC > Find Data Collector DLL > Right-click and go to Properties > Details > File Version + +**What is the version of Analysis Module that has the issue?** +Within the File System go to %sainstalldir%PrivateAssemblies > Find Analysis Module DLL > Right-click and go to Properties > Details > File Version + +**What is the version of Action Module that has the issue?** +Within the File System go to %sainstalldir%Actions > Find Action Module DLL > Right-click and go to Properties > Details > File Version + +**What is the Operating System and Version of the Access Analyzer Console server?** +For example: Windows Server 2012 R2 Standard, Server 2016 R2 + +**What is the Operating System and Version of the Target Host?** +For example: Windows Server 2012 R2 Standard, Server 2016 R2 + +**What is the Application Version (if applicable) i.e. Exchange, SharePoint, etc** + +**Did it ever work? Has anything changed?** +For example” OS Updates, Console Updates, Permission Changes, etc. + +**Use the Export function within Access Analyzer to send the job or job group, which includes the Job log and SA_Debug log to the support engineer working the case** +See the Export Job to Zip Archive Window section for additional instruction. + +**Are there any errors in the Messages Table?** +Jobs > [Solution] > [Job Group and/or Job] > Status > Messages table + +**Are there any messages in the ConnectStatus Table?** +Jobs > [Solution] > [Job Group and/or Job] > Status > ConnectStatus table \ No newline at end of file diff --git a/docs/accessanalyzer/11.6/admin/maintenance/troubleshooting.md b/docs/accessanalyzer/11.6/admin/maintenance/troubleshooting.md index 3c35f69965..3a006c46b0 100644 --- a/docs/accessanalyzer/11.6/admin/maintenance/troubleshooting.md +++ b/docs/accessanalyzer/11.6/admin/maintenance/troubleshooting.md @@ -13,11 +13,11 @@ There are some general things to know when getting started troubleshooting Enter The shortcut opens the installation folder location where the Enterprise Auditor application is installed. The default installation directory is: -C:\Program Files (x86)\STEALTHbits\StealthAUDIT\ +`C:\Program Files (x86)\STEALTHbits\StealthAUDIT\` If the installation directory was customized during installation, it will be: -…\STEALTHbits\StealthAUDIT\ +`…\STEALTHbits\StealthAUDIT\` The Enterprise Auditor install directory has several logs that can be accessed for troubleshooting purposes. This includes: @@ -46,8 +46,8 @@ level to Debug** and restart the application. | Log Name | Log Location | | ------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| SADebug (Enterprise Auditor Console) | `%sainstalldir%SADatabase\Logs\Application` SADebug Logs will be saved in the format: SADebug-[timestamp]-[PID].tsv | -| Job Log (Enterprise Auditor Console) | Windows File Explorer Shortcut: `%sainstalldir%Jobs\Group_Name\Job_Name\Output\nameofjob.tsv` Console Shortcut: **Right click job** > **Explore folder** > `nameofjob.tsv` | +| SADebug (Enterprise Auditor Console) | `%sainstalldir%SADatabase\Logs\Application`
SADebug Logs will be saved in the format:
SADebug-[timestamp]-[PID].tsv | +| Job Log (Enterprise Auditor Console) | Windows File Explorer Shortcut:
`%sainstalldir%Jobs\Group_Name\Job_Name\Output\nameofjob.tsv`
Console Shortcut:
**Right click job** > **Explore folder** > `nameofjob.tsv` | | ExchangePS logs (Enterprise Auditor Console) | `%sainstalldir%PrivateAssemblies\GUID` | | PowerShell Logs (Enterprise Auditor Console) | `%sainstalldir%Jobs\SA_CommonData\PowerShell` | | PowerShell logs (Remote Host): | ` C:\Program Files(x86)\STEALTHbits\StealthAUDIT\Applet\Powershell\GUID` | diff --git a/docs/accessanalyzer/11.6/admin/maintenance/updatepasswords.md b/docs/accessanalyzer/11.6/admin/maintenance/updatepasswords.md index 4dae6858c4..467d1b885d 100644 --- a/docs/accessanalyzer/11.6/admin/maintenance/updatepasswords.md +++ b/docs/accessanalyzer/11.6/admin/maintenance/updatepasswords.md @@ -23,10 +23,13 @@ updated: - [ServiceNow (if enabled)](#servicenow-if-enabled) - [Enterprise Auditor Services](#enterprise-auditor-services) -**NOTE:** When updating passwords in Enterprise Auditor, you should also check the passwords in +:::note +When updating passwords in Enterprise Auditor, you should also check the passwords in Netwrix Activity Monitor. See the Update Credential Passwords topic in the [Netwrix Activity Monitor Documentation](https://helpcenter.netwrix.com/category/activitymonitor) for additional information. +::: + ## Storage Profiles diff --git a/docs/accessanalyzer/11.6/admin/navigate/datagrid.md b/docs/accessanalyzer/11.6/admin/navigate/datagrid.md index 09459f2842..6d54b6246d 100644 --- a/docs/accessanalyzer/11.6/admin/navigate/datagrid.md +++ b/docs/accessanalyzer/11.6/admin/navigate/datagrid.md @@ -120,8 +120,11 @@ a ‘count’ of records within each group. Expand the group to view the data. Multiple columns can be dragged into the Group By area to form tiered groupings. -**NOTE:** Sorting by the FQDN column is an easy way to see if there are two entries for the same +:::note +Sorting by the FQDN column is an easy way to see if there are two entries for the same host. +::: + ![Column Header](/img/product_docs/accessanalyzer/11.6/admin/navigate/datagridfunctionality11.webp) diff --git a/docs/accessanalyzer/11.6/admin/navigate/pane.md b/docs/accessanalyzer/11.6/admin/navigate/pane.md index caec32e160..bc8c755394 100644 --- a/docs/accessanalyzer/11.6/admin/navigate/pane.md +++ b/docs/accessanalyzer/11.6/admin/navigate/pane.md @@ -130,8 +130,11 @@ topic for additional information on these actions. The Job tree primary nodes have the following right-click menu items: -**NOTE:** These menu items apply to a Jobs Tree, Job Group, and a Job. Depending on the chosen +:::note +These menu items apply to a Jobs Tree, Job Group, and a Job. Depending on the chosen selection, some menu items are grayed out. +::: + | ![Jobs Tree Primary Nodes](/img/product_docs/accessanalyzer/11.6/admin/navigate/navigationpane4.webp) | ![Jobs Tree Primary Nodes](/img/product_docs/accessanalyzer/11.6/admin/navigate/navigationpane5.webp) | ![Jobs Tree Primary Nodes](/img/product_docs/accessanalyzer/11.6/admin/navigate/navigationpane6.webp) | | --------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------- | @@ -169,15 +172,21 @@ Menu items include: - Copy – Copies the selected job group or job (Ctrl+C) - Paste – Pastes a copied/cut job group or job to the selected location (Ctrl+V) - **CAUTION:** Delete Group/Job will also delete all tables that match the job’s naming convention + :::warning + Delete Group/Job will also delete all tables that match the job’s naming convention from the database. + ::: + - Delete Group/Job – Deletes the selected job group or job. See the [Report Cleanup when Deleting a Job or Job Group](/docs/accessanalyzer/11.6/admin/report/cleanup.md) topic for additional information. - **CAUTION:** Rename Group/Job will rename all tables that match the job’s naming convention + :::warning + Rename Group/Job will rename all tables that match the job’s naming convention within the database. + ::: + - Rename Group/Job – Opens a textbox over the selected job group or job to rename - Export – Zips the selected job group or job. Options allow for including the job, the reports, @@ -294,7 +303,10 @@ The [Job] > Configure node right-click menu items are: [Instant Job Wizard](/docs/accessanalyzer/11.6/admin/jobs/instantjobs/overview.md) - Create Job – Creates a new job at the same location as the selected job group or job (Ctrl+Alt+A) - **NOTE:** This right-click menu is also opened at the Configure > Hosts node. + :::note + This right-click menu is also opened at the Configure > Hosts node. + ::: + #### [Job] > Configure > [Configuration] Nodes diff --git a/docs/accessanalyzer/11.6/admin/navigate/top.md b/docs/accessanalyzer/11.6/admin/navigate/top.md index abfee757a4..03c7e9f120 100644 --- a/docs/accessanalyzer/11.6/admin/navigate/top.md +++ b/docs/accessanalyzer/11.6/admin/navigate/top.md @@ -28,8 +28,11 @@ The Menu Bar options are: [Instant Job Wizard](/docs/accessanalyzer/11.6/admin/jobs/instantjobs/overview.md) section for information on installing instant solutions from the Enterprise Auditor Library. - **CAUTION:** Delete Job will also delete all data tables with the job’s base naming + :::warning + Delete Job will also delete all data tables with the job’s base naming convention from the SQL database. + ::: + - Delete Job – Deletes the selected job from the Jobs tree - Properties – Opens the Job Properties window for the selected job. See the @@ -45,8 +48,11 @@ The Menu Bar options are: - Paste – Pastes (Ctrl+V) a copied job group or job to the selected job group folder (or into the Jobs tree) - **CAUTION:** Delete will also delete all data tables with the job’s base naming convention + :::warning + Delete will also delete all data tables with the job’s base naming convention from the SQL database. + ::: + - Delete – Deletes the job group or job at the selected location within the Jobs tree @@ -66,13 +72,19 @@ The Menu Bar options are: section for information on installing instant solutions from the Enterprise Auditor Library. - Create Job – Creates a new job (Ctrl + Alt + A) at the selected location within the Jobs tree - **CAUTION:** Delete Job will also delete all data tables with the job’s base naming + :::warning + Delete Job will also delete all data tables with the job’s base naming convention from the SQL database. + ::: + - Delete Job – Deletes the selected job from the Jobs tree - **CAUTION:** Rename Job will also rename all data tables with the job’s base naming + :::warning + Rename Job will also rename all data tables with the job’s base naming convention within the SQL database. + ::: + - Rename Job – Renames the selected job - Properties – Opens the Job Properties window for the selected job. See the diff --git a/docs/accessanalyzer/11.6/admin/report/cleanup.md b/docs/accessanalyzer/11.6/admin/report/cleanup.md index 01e2888705..064f7a29ec 100644 --- a/docs/accessanalyzer/11.6/admin/report/cleanup.md +++ b/docs/accessanalyzer/11.6/admin/report/cleanup.md @@ -10,7 +10,10 @@ When deleting a job or job group, the Delete Job and Delete Group wizards allow published reports contained in the jobs that are being deleted. Follow the steps to delete a job or job group that contains published reports. -**CAUTION:** Deleted objects cannot be restored. +:::warning +Deleted objects cannot be restored. +::: + ![Delete Group on right-click menu](/img/product_docs/accessanalyzer/11.6/admin/report/jobstree.webp) @@ -22,7 +25,10 @@ job group that contains published reports. **Step 2 –** On the Delete Job/Group page of the wizard, confirm it shows the correct job or group that you want to delete, then click **Next**. -**NOTE:** If there are no published reports, clicking **Next** starts the deletion (skip to step 4). +:::note +If there are no published reports, clicking **Next** starts the deletion (skip to step 4). +::: + ![Delete Published Reports wizard page](/img/product_docs/accessanalyzer/11.6/admin/report/reporttree.webp) diff --git a/docs/accessanalyzer/11.6/admin/report/create.md b/docs/accessanalyzer/11.6/admin/report/create.md index 716a7e8b9e..6419837b24 100644 --- a/docs/accessanalyzer/11.6/admin/report/create.md +++ b/docs/accessanalyzer/11.6/admin/report/create.md @@ -15,9 +15,12 @@ You can add additional reports by the following methods: - [Create a Custom Report](#create-a-custom-report) - [Copy an Existing Report](#copy-an-existing-report) -**NOTE:** It is important to consider whether a report should be added to an existing job, or a new +:::note +It is important to consider whether a report should be added to an existing job, or a new job created to generate the report. Contact [Netwrix Support](https://www.netwrix.com/support.html) for additional information on report outputs. +::: + ## Create a Custom Report @@ -64,9 +67,12 @@ vertical ellipsis menu in the header row of the Reports table and select Paste. The copy of the report is added to the Reports table. Reports that are copied maintain the same configuration settings as the original report. -**NOTE:** If the report copied to the job’s Reports node has the same name as an existing report, +:::note +If the report copied to the job’s Reports node has the same name as an existing report, the copied report adds a numerical value to the name sequentially. For example if the existing report is named Exceptions Summary, then the new report is named `Exceptions Summary1`. +::: + **Step 3 –** (Optional) Click the **Configure** button next to the report. Use the Report Configuration wizard to modify the reports settings. See the diff --git a/docs/accessanalyzer/11.6/admin/report/interactivegrids/copyingcells.md b/docs/accessanalyzer/11.6/admin/report/interactivegrids/copyingcells.md index 3f855bcec5..bdb8fed59b 100644 --- a/docs/accessanalyzer/11.6/admin/report/interactivegrids/copyingcells.md +++ b/docs/accessanalyzer/11.6/admin/report/interactivegrids/copyingcells.md @@ -14,5 +14,8 @@ under a column can be selected and copied to the clipboard. To copy a cell, select the cell, then right-click on it and select **Copy Cell Data**. -**NOTE:** You may need to allow programmatic clipboard access for your browser the first time you +:::note +You may need to allow programmatic clipboard access for your browser the first time you attempt to copy a cell. + +::: diff --git a/docs/accessanalyzer/11.6/admin/report/interactivegrids/grouping.md b/docs/accessanalyzer/11.6/admin/report/interactivegrids/grouping.md index 8a93aa3d4b..1c562c7b59 100644 --- a/docs/accessanalyzer/11.6/admin/report/interactivegrids/grouping.md +++ b/docs/accessanalyzer/11.6/admin/report/interactivegrids/grouping.md @@ -9,8 +9,11 @@ sidebar_position: 10 If grouping is enabled, the **Group by** field provides a drop-down list of categories by which the data can be grouped. -**NOTE:** Grouping and filtering cannot be enabled at the same time. If grouping is enabled, the +:::note +Grouping and filtering cannot be enabled at the same time. If grouping is enabled, the Filter icon is disabled in the report. +::: + The following example shows an interactive grid in which grouping has been enabled. See the [Grid](/docs/accessanalyzer/11.6/admin/report/wizard/widgets.md#grid) diff --git a/docs/accessanalyzer/11.6/admin/report/interactivegrids/paging.md b/docs/accessanalyzer/11.6/admin/report/interactivegrids/paging.md index 0366c8cb69..43ef692b79 100644 --- a/docs/accessanalyzer/11.6/admin/report/interactivegrids/paging.md +++ b/docs/accessanalyzer/11.6/admin/report/interactivegrids/paging.md @@ -13,8 +13,11 @@ Paging is enabled by default. See the [Grid](/docs/accessanalyzer/11.6/admin/report/wizard/widgets.md#grid) topic for additional information. -**NOTE:** Paging and grouping cannot be enabled at the same time. When Paging is enabled, the +:::note +Paging and grouping cannot be enabled at the same time. When Paging is enabled, the Grouping options are disabled for the report. +::: + ![Paging](/img/product_docs/accessanalyzer/11.6/admin/report/interactivegrids/paging.webp) diff --git a/docs/accessanalyzer/11.6/admin/report/interactivegrids/searchfilter.md b/docs/accessanalyzer/11.6/admin/report/interactivegrids/searchfilter.md index 87ae66360c..3f5292aee1 100644 --- a/docs/accessanalyzer/11.6/admin/report/interactivegrids/searchfilter.md +++ b/docs/accessanalyzer/11.6/admin/report/interactivegrids/searchfilter.md @@ -9,8 +9,11 @@ sidebar_position: 20 When dealing with large sets of data, it may be useful to search for a desired attribute. This can be done using the Filter icon. -**NOTE:** Searching and grouping cannot be enabled at the same time. If grouping is enabled, the +:::note +Searching and grouping cannot be enabled at the same time. If grouping is enabled, the Search icon is disabled in the report. +::: + The following example shows an interactive grid in which searching has been enabled. See the [Grid](/docs/accessanalyzer/11.6/admin/report/wizard/widgets.md#grid) diff --git a/docs/accessanalyzer/11.6/admin/report/view.md b/docs/accessanalyzer/11.6/admin/report/view.md index 8f5f819ea4..766ee7d9f9 100644 --- a/docs/accessanalyzer/11.6/admin/report/view.md +++ b/docs/accessanalyzer/11.6/admin/report/view.md @@ -54,7 +54,10 @@ within tables, both interactive grid and plain HTML tables. See the [Grid](/docs/accessanalyzer/11.6/admin/report/wizard/widgets.md#grid) topic for additional information. -**NOTE:** Any browser used to access the Web Console must have JavaScript allowed for the site. See +:::note +Any browser used to access the Web Console must have JavaScript allowed for the site. See the [Configure JavaScript Settings for the Web Console](/docs/accessanalyzer/11.6/admin/settings/reporting.md#configure-javascript-settings-for-the-web-console) topic for additional information. + +::: diff --git a/docs/accessanalyzer/11.6/admin/report/wizard/authoring.md b/docs/accessanalyzer/11.6/admin/report/wizard/authoring.md index 74cb34f4cd..6b23557223 100644 --- a/docs/accessanalyzer/11.6/admin/report/wizard/authoring.md +++ b/docs/accessanalyzer/11.6/admin/report/wizard/authoring.md @@ -17,7 +17,7 @@ Configure the following settings as required: - Name – The name used for the report in the Enterprise Auditor console and Web Console. -Header Options +**Header Options** ![header](/img/product_docs/accessanalyzer/11.6/admin/report/wizard/header.webp) @@ -30,7 +30,7 @@ Header Options - Description – A description of the report content. It is displayed beneath the report Title in the generated report. -Publish Options +**Publish Options** - Publish Report – Select an option to configure if the report should be published to the Web Console when it is generated. diff --git a/docs/accessanalyzer/11.6/admin/report/wizard/email.md b/docs/accessanalyzer/11.6/admin/report/wizard/email.md index 7ce929cf3e..e200fbffa9 100644 --- a/docs/accessanalyzer/11.6/admin/report/wizard/email.md +++ b/docs/accessanalyzer/11.6/admin/report/wizard/email.md @@ -20,10 +20,13 @@ and topics for additional information). If you want to keep the default, then you can skip this page of the wizard by clicking **Next**. -**NOTE:** In order for reports to be emailed, the SMTP server information must be configured in the +:::note +In order for reports to be emailed, the SMTP server information must be configured in the **Settings** > **Notification** node. See the [Notification](/docs/accessanalyzer/11.6/admin/settings/notification.md) topic for additional information. +::: + To configure the setting for the report, use the Settings drop-down menu to select one of the following options: diff --git a/docs/accessanalyzer/11.6/admin/report/wizard/layout.md b/docs/accessanalyzer/11.6/admin/report/wizard/layout.md index 80fee61174..5a728069fe 100644 --- a/docs/accessanalyzer/11.6/admin/report/wizard/layout.md +++ b/docs/accessanalyzer/11.6/admin/report/wizard/layout.md @@ -33,5 +33,8 @@ The maximum number of elements allowed by the correctly selected layout is speci the editor. Select the checkboxes next to the title of all the configured widgets you want to keep up to this limit, then click **OK**. Any widgets not selected will be removed from the report. -**NOTE:** You can click **Cancel** to return to the layout page to select a different layout with +:::note +You can click **Cancel** to return to the layout page to select a different layout with more elements. + +::: diff --git a/docs/accessanalyzer/11.6/admin/report/wizard/overview.md b/docs/accessanalyzer/11.6/admin/report/wizard/overview.md index 243f450e43..58f219e24f 100644 --- a/docs/accessanalyzer/11.6/admin/report/wizard/overview.md +++ b/docs/accessanalyzer/11.6/admin/report/wizard/overview.md @@ -15,7 +15,10 @@ topics for additional information. Follow the steps to configure a report using the wizard. -**NOTE:** Skip any sections or pages that do not require changes to the existing configuration. +:::note +Skip any sections or pages that do not require changes to the existing configuration. +::: + **Step 1 –** Create a new report or open the Report Configuration wizard for an existing report. diff --git a/docs/accessanalyzer/11.6/admin/report/wizard/publishsecurity.md b/docs/accessanalyzer/11.6/admin/report/wizard/publishsecurity.md index 2ee1b2afcc..cda3991b5d 100644 --- a/docs/accessanalyzer/11.6/admin/report/wizard/publishsecurity.md +++ b/docs/accessanalyzer/11.6/admin/report/wizard/publishsecurity.md @@ -9,10 +9,13 @@ sidebar_position: 30 The Publish Security page of the Report Configuration wizard contains the account names of users with inherited permissions to view the generated report. -**NOTE:** This page is only enabled if Role Based Access is configured for the Enterprise Auditor +:::note +This page is only enabled if Role Based Access is configured for the Enterprise Auditor Console. See the [Role Based Access](/docs/accessanalyzer/11.6/admin/settings/access/rolebased/overview.md) topic for additional information. +::: + ![Publish Security page](/img/product_docs/accessanalyzer/11.6/admin/report/wizard/publishsecurity.webp) @@ -37,5 +40,8 @@ then click **OK**. The selected account is added to the list with a Role of Report Viewer. -**NOTE:** The permission for accounts that are not Inherited can also be removed using the wizard. +:::note +The permission for accounts that are not Inherited can also be removed using the wizard. To remove an account, select it and then click **Remove**. + +::: diff --git a/docs/accessanalyzer/11.6/admin/report/wizard/widgets.md b/docs/accessanalyzer/11.6/admin/report/wizard/widgets.md index 4704e17c51..54a9257632 100644 --- a/docs/accessanalyzer/11.6/admin/report/wizard/widgets.md +++ b/docs/accessanalyzer/11.6/admin/report/wizard/widgets.md @@ -53,7 +53,7 @@ The section contains the following options: - Element Title – Enter a title for the element in the text box. This will be displayed in the element's header on the generated report. -DataSource Options +**DataSource Options** In order to generate results, a location must first be selected as the source of the data. @@ -68,9 +68,12 @@ In order to generate results, a location must first be selected as the source of - Limit maximum number of displayed rows to [number] – Limits the number of rows of data displayed to less than or equal to the number chosen. By default it is set to **1000**. - **NOTE:** Limits that are larger than the default may slow down the run time. + :::note + Limits that are larger than the default may slow down the run time. + ::: -Export CSV Options + +**Export CSV Options** You can configure the table to allow the data to be exported as a CSV file. @@ -103,12 +106,15 @@ There are two types of grid displays: - Non Interactive grid – Creates a report with fixed settings and stationary elements. This option disables all the fields within the Table Properties section. - **NOTE:** In order to view user configured Grouping in emailed reports, the report must be + :::note + In order to view user configured Grouping in emailed reports, the report must be emailed as a **Non Interactive Grid**. + ::: + The following settings are available when Interactive grid is selected: -Grid Properties +**Grid Properties** - Treat interactive grid contents as plain text (not HTML) – Enables interactive grid functionality. This option is selected by default. @@ -118,12 +124,15 @@ Grid Properties [Paging](/docs/accessanalyzer/11.6/admin/report/interactivegrids/paging.md) topic for additional information. -Column Properties +**Column Properties** - Group Column – Arranges the table to be grouped by the attributes of the selected column - **NOTE:** Paging and grouping are not compatible. When Paging is enabled, the Grouping options + :::note + Paging and grouping are not compatible. When Paging is enabled, the Grouping options are disabled in the Table Properties section and in the generated report. + ::: + - Enum Column – Groups the data in tables based on the selected column - Color Column – Colors a column data displayed on the report’s table section @@ -164,7 +173,7 @@ The section contains the following options: - Element Title – Enter a title for the element in the text box. This will be displayed in the element's header on the generated report. -DataSource Options +**DataSource Options** In order to generate results, a location must first be selected as the source of the data. @@ -179,7 +188,10 @@ In order to generate results, a location must first be selected as the source of - Limit maximum number of displayed rows to [number] – Limits the number of rows of data displayed to less than or equal to the number chosen. By default it is set to **1000**. - **NOTE:** Limits that are larger than the default may slow down the run time. + :::note + Limits that are larger than the default may slow down the run time. + ::: + ### Chart Properties @@ -199,7 +211,10 @@ The following options are the available in the Chart Properties: column can be numeric or string, but the second column should always be numeric. - Stacked – Consolidated bar chart for comparing values - **NOTE:** Negative numbers cannot be plotted. + :::note + Negative numbers cannot be plotted. + ::: + - Show Data Labels – Displays the column name for each section within a chart - Enum Column – Groups the data in chart by the selected column name @@ -258,7 +273,10 @@ When you first configure a new text element, a dialog displays allowing you to s Text Editor. On this dialog, select either the Basic or Advanced Text Editor and click **Open Editor**. The selected editor then opens. -**NOTE:** Once a Text Editor is selected for a Text element, it cannot be changed. +:::note +Once a Text Editor is selected for a Text element, it cannot be changed. +::: + ### Basic Text Editor diff --git a/docs/accessanalyzer/11.6/admin/schedule/wizard.md b/docs/accessanalyzer/11.6/admin/schedule/wizard.md index 06110c7a67..3a9409a732 100644 --- a/docs/accessanalyzer/11.6/admin/schedule/wizard.md +++ b/docs/accessanalyzer/11.6/admin/schedule/wizard.md @@ -100,7 +100,10 @@ Choose the desired setting from the following options: - Use Profile from Job – A default setting and applies the Connection Profile designated at the job or job group level - **_RECOMMENDED:_** In most cases, this is the recommended setting + :::info + In most cases, this is the recommended setting + ::: + - Use the Windows account that the application is run with (System default) – Applies the account used to open the Enterprise Auditor Console diff --git a/docs/accessanalyzer/11.6/admin/settings/access/restapi/assignappaccess.md b/docs/accessanalyzer/11.6/admin/settings/access/restapi/assignappaccess.md index d355a41b44..2a4fec7311 100644 --- a/docs/accessanalyzer/11.6/admin/settings/access/restapi/assignappaccess.md +++ b/docs/accessanalyzer/11.6/admin/settings/access/restapi/assignappaccess.md @@ -38,8 +38,11 @@ Application Access page. Click Next to proceed. -**NOTE:** Only select items that the application needs to access. Type in the **Filter objects by +:::note +Only select items that the application needs to access. Type in the **Filter objects by name** box to filter the list of objects by the characters entered. +::: + ![Application Details page of the Access Role Wizard](/img/product_docs/accessanalyzer/11.6/admin/settings/access/restapi/applicationdetails.webp) diff --git a/docs/accessanalyzer/11.6/admin/settings/access/restapi/getdata.md b/docs/accessanalyzer/11.6/admin/settings/access/restapi/getdata.md index 8d84a7a2a7..0795d56eb1 100644 --- a/docs/accessanalyzer/11.6/admin/settings/access/restapi/getdata.md +++ b/docs/accessanalyzer/11.6/admin/settings/access/restapi/getdata.md @@ -11,27 +11,132 @@ tables provide additional information on retrieving data. ## ROWS -This table provides information on how to call the REST API to retrieve data from a named table or +This information shows how to call the REST API to retrieve data from a named table or view definition. -| | Description | -| ------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| URL STRUCTURE | `/api/v1/data//rows` `/api/v1/data//rows` | -| DESCRIPTION | Allows the caller to retrieve data from a table or view. | -| METHOD | GET, POST | -| PARAMETERS | **object-name** – Required value that specifies the unique object name. **alias-name** – Required value that specifies the unique alias associated with the table, available as a more thoughtfully designed namespace. **jobRuntimeKey**(Optional) – The execution to retrieve information for. If this is omitted the latest report is provided. **filters** (Optional) – A filter to be applied prior to returning data, multiple filters are applied with `and` operators. If an array is specified for the value field for a filter, the filter returns any successful match from the array of values. String comparisons are case insensitive. A list of the available functions is below. Filter functions: - equals - not_equals - greater (greater_equal) - less (less_equal) - contains - starts_with **columns** (Optional) – A list of columns to be returned. When not specified all columns are returned. The columns specified by the **groupby** parameter should be omitted from this array. **groupby** (Optional) – A list of columns to group each row by, resulting in a JSON object that contains those keys followed by an array of entries. Sample JSON request: `{     jobRuntimeKey: "2018-11-05T13:15:30",     columns: [ "url", "trusteeName", "rights" ],     groupby: [ "hostName" ],     filters: [         {             column: "hostName",             function: "equals",             value: "ENGINEERING01",         },         {             column: "trusteeName",             function: "equals",             value: [ "Pete Smith", "Jake Roberts" ]         }     ] }` | -| RETURNS | A JSON array representation of the underlying table. Sample JSON response: `[     {         hostName: "ENGINEERING01",         groupItems: [             {                 url: "https://site/list",                 trusteeName: "Pete Smith",                 rights: "Read"             }         ]     } ]` | -| ERRORS | 400 One or more the parameters passed in are invalid. 404 The object requested does not exist. | +**URL STRUCTURE** +`/api/v1/data//rows` +`/api/v1/data//rows` + +**DESCRIPTION** +Allows the caller to retrieve data from a table or view. + +**METHOD** +GET, POST + +**PARAMETERS** +- **object-name** – Required value that specifies the unique object name. +- **alias-name** – Required value that specifies the unique alias associated with the table, available as a more thoughtfully designed namespace. +- **jobRuntimeKey**(Optional) – The execution to retrieve information for. If this is omitted the latest report is provided. +- **filters** (Optional) – A filter to be applied prior to returning data, multiple filters are applied with `and` operators. If an array is specified for the value field for a filter, the filter returns any successful match from the array of values. String comparisons are case insensitive. A list of the available functions is below. Filter functions: + - equals + - not_equals + - greater (greater_equal) + - less (less_equal) + - contains + - starts_with +- **columns** (Optional) – A list of columns to be returned. When not specified all columns are returned. The columns specified by the **groupby** parameter should be omitted from this array. +- **groupby** (Optional) – A list of columns to group each row by, resulting in a JSON object that contains those keys followed by an array of entries. + +Sample JSON request: + ```json + {      + jobRuntimeKey: "2018-11-05T13:15:30",      + columns: [ "url", "trusteeName", "rights" ], + groupby: [ "hostName" ],      + filters: [          + {              + column: "hostName",              + function: "equals",              + value: "ENGINEERING01",          + },          + {              + column: "trusteeName",              + function: "equals",              + value: [ "Pete Smith", "Jake Roberts" ]         +  }      + ] +} + ``` + +**RETURNS** +A JSON array representation of the underlying table. + +Sample JSON response: + +```json +[      + {          + hostName: "ENGINEERING01",          + groupItems: [              + {                  + url: "https://site/list",                  + trusteeName: "Pete Smith",                  + rights: "Read"              + }          + ]      + } +] +``` + +**ERRORS** +- 400 One or more the parameters passed in are invalid. +- 404 The object requested does not exist. + ## PROC -This table provides information on how to call the REST API to execute a stored procedure. +This information shows how to call the REST API to execute a stored procedure. + +**URL STRUCTURE** +`/api/v1/data//proc` +`/api/v1/data//proc` + +**DESCRIPTION** +Allows the caller to execute stored procedure and retrieve data. + +**METHOD** +POST + +**PARAMETERS** +- **object-name** – Required value that specifies the unique object name. +- **groupby**(Optional) – A list of columns to group each row by, resulting in a JSON object that contains those keys followed by an array of entries. The parameters passed in here are passed to the stored procedure untouched. Arrays are mapped to a user defined table type, currently only single value arrays are supported. + +Sample JSON request: + +```json + {      + parameters: {          + hostName: "SBNJENGINEERING01",          + userName: "DOMAIN\\pete.smith",          + files: [              + { name: "puppets.xls" },              + { name: "groups.pdf" }          + ]      + }      + groupby: [ "HostName" ] +} + ``` + +**RETURNS** +A JSON array representation of the underlying result data. + +Sample JSON request: + +```json +{      + parameters: {          + hostName: "SBNJENGINEERING01",          + userName: "DOMAIN\\pete.smith",          + files: [              + { name: "puppets.xls" },              + { name: "groups.pdf" }          + ]      + }      + groupby: [ "HostName" ] +} +``` -| | Description | -| ------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| URL STRUCTURE | `/api/v1/data//proc` `/api/v1/data//proc` | -| DESCRIPTION | Allows the caller to execute stored procedure and retrieve data. | -| METHOD | POST | -| PARAMETERS | **object-name** – Required value that specifies the unique object name. **groupby**(Optional) – A list of columns to group each row by, resulting in a JSON object that contains those keys followed by an array of entries. The parameters passed in here are passed to the stored procedure untouched. Arrays are mapped to a user defined table type, currently only single value arrays are supported. Sample JSON request: `{     parameters: {         hostName: "SBNJENGINEERING01",         userName: "DOMAIN\\pete.smith",         files: [             { name: "puppets.xls" },             { name: "groups.pdf" }         ]     }     groupby: [ "HostName" ] }` | -| RETURNS | A JSON array representation of the underlying result data. Sample JSON request: `{     parameters: {         hostName: "SBNJENGINEERING01",         userName: "DOMAIN\\pete.smith",         files: [             { name: "puppets.xls" },             { name: "groups.pdf" }         ]     }     groupby: [ "HostName" ] }` | -| ERRORS | 400 One or more the parameters passed in are invalid. 404 The object requested does not exist. | +**ERRORS** +- 400 One or more the parameters passed in are invalid. +- 404 The object requested does not exist. \ No newline at end of file diff --git a/docs/accessanalyzer/11.6/admin/settings/access/restapi/obtaintoken.md b/docs/accessanalyzer/11.6/admin/settings/access/restapi/obtaintoken.md index 67e4a6ffad..7f000d9066 100644 --- a/docs/accessanalyzer/11.6/admin/settings/access/restapi/obtaintoken.md +++ b/docs/accessanalyzer/11.6/admin/settings/access/restapi/obtaintoken.md @@ -30,10 +30,13 @@ grant_type=client_credentials &client_secret=xxxxxxxxxx ``` -**_RECOMMENDED:_** Tokens contain sensitive information and should be stored securely. See the +:::info +Tokens contain sensitive information and should be stored securely. See the Microsoft [ConvertTo-SecureString](https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.security/convertto-securestring?view=powershell-7.4) article for additional information. +::: + If the token does not have the ability to perform this request, is invalid, or the specific resource has been blocked from access remotely, an HTTP status code of 401 is returned. diff --git a/docs/accessanalyzer/11.6/admin/settings/access/restapi/powershellcommands.md b/docs/accessanalyzer/11.6/admin/settings/access/restapi/powershellcommands.md index 4e89a009da..eb33afabe5 100644 --- a/docs/accessanalyzer/11.6/admin/settings/access/restapi/powershellcommands.md +++ b/docs/accessanalyzer/11.6/admin/settings/access/restapi/powershellcommands.md @@ -24,10 +24,13 @@ $access_token = $content.access_token; $refresh_token = $content.refresh_token; ``` -**_RECOMMENDED:_** Tokens contain sensitive information and should be stored securely. See the +:::info +Tokens contain sensitive information and should be stored securely. See the Microsoft [ConvertTo-SecureString](https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.security/convertto-securestring?view=powershell-7.4) article for additional information. +::: + ## Retrieve Data from a Table or View diff --git a/docs/accessanalyzer/11.6/admin/settings/access/rolebased/assignroles.md b/docs/accessanalyzer/11.6/admin/settings/access/rolebased/assignroles.md index 9386e1e7ac..9f459d4ffb 100644 --- a/docs/accessanalyzer/11.6/admin/settings/access/rolebased/assignroles.md +++ b/docs/accessanalyzer/11.6/admin/settings/access/rolebased/assignroles.md @@ -61,7 +61,8 @@ requiring local Administrator rights. | | | | ----------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| ![Permissions - This folder only](/img/product_docs/accessanalyzer/11.6/admin/settings/access/rolebased/permissionsfolder.webp) | ![Permissions - Subfolders and files only](/img/product_docs/accessanalyzer/11.6/admin/settings/access/rolebased/permissionssubfolderfiles.webp) | +| ![Permissions This folder only](/img/product_docs/accessanalyzer/11.6/admin/settings/access/rolebased/permissionsfolder.webp) | ![Permissions Subfolders and files only](/img/product_docs/accessanalyzer/11.6/admin/settings/access/rolebased/permissionssubfolderfiles.webp) | + There are two separate sets of permissions: @@ -100,8 +101,11 @@ Follow the steps to delete a user from having access to the Enterprise Auditor C **Step 1 –** On the Access page, select the desired user and click **Delete Role Member**. The selected user will be removed from the list. -**NOTE:** No confirmation will be requested. However the changes will not be finalized until Step 3 +:::note +No confirmation will be requested. However the changes will not be finalized until Step 3 is completed. +::: + **Step 2 –** Repeat Step 1 to remove other users as desired. diff --git a/docs/accessanalyzer/11.6/admin/settings/access/rolebased/configureroles.md b/docs/accessanalyzer/11.6/admin/settings/access/rolebased/configureroles.md index 7c50ef2023..993e7b3136 100644 --- a/docs/accessanalyzer/11.6/admin/settings/access/rolebased/configureroles.md +++ b/docs/accessanalyzer/11.6/admin/settings/access/rolebased/configureroles.md @@ -22,10 +22,13 @@ This is a three-part process: - Edit Role Members’ Responsibilities - Delete Role Members -**NOTE:** This configuration process is not required if only using Role Based Access to secure +:::note +This configuration process is not required if only using Role Based Access to secure Published Reports. See the [Securing Published Reports Only](/docs/accessanalyzer/11.6/admin/settings/access/rolebased/securereports.md) topic for additional information. +::: + ## Configure the Installation Account @@ -60,9 +63,12 @@ the Enterprise Auditor roles. This approach involves creating custom database ro assigned rights and privileges. Then, individual domain user accounts must be assigned to these roles. -**NOTE:** For any SQL Server version prior to 2012, Windows groups cannot be used because SQL Server +:::note +For any SQL Server version prior to 2012, Windows groups cannot be used because SQL Server does not allow the assignment of default schemas to Windows groups. Enterprise Auditor requires the default schema of [dbo] to function properly. +::: + ### Create SQL Server Database Roles @@ -145,7 +151,10 @@ Right-click on the **Security** > **Users** node and select **New User**. - User Name – Display name given to the user which is shown under the user’s folder. - **_RECOMMENDED:_** Use a descriptive name. + :::info + Use a descriptive name. + ::: + - Login name – Qualified domain name of the user: `[DOMAIN]\[Username]` - Default Schema – Should be set to `dbo` diff --git a/docs/accessanalyzer/11.6/admin/settings/access/rolebased/faq.md b/docs/accessanalyzer/11.6/admin/settings/access/rolebased/faq.md index 940a67d613..de92a9199f 100644 --- a/docs/accessanalyzer/11.6/admin/settings/access/rolebased/faq.md +++ b/docs/accessanalyzer/11.6/admin/settings/access/rolebased/faq.md @@ -9,16 +9,19 @@ sidebar_position: 90 This topic lists some commonly asked questions about Role Based Access functionality in Enterprise Auditor. -How do locked jobs affect the role functionality? +**How do locked jobs affect the role functionality?** A lock on a job represents the approval by the Job Approver, and is therefore deemed acceptable to execute. Once a job is locked, Job Builders can no longer modify the job configuration. Furthermore, only locked jobs can be run. Therefore, the Job Initiator can only run or schedule jobs which have already been locked. -**NOTE:** Locked jobs do not affect the functionality of the Administrator role. See the +:::note +Locked jobs do not affect the functionality of the Administrator role. See the [Role Definitions](/docs/accessanalyzer/11.6/admin/settings/access/rolebased/roledefinitions.md) topic for more information. +::: + How can I make sure that a lock on a job will not get tampered with through the associated XML file? @@ -28,12 +31,15 @@ credentials specified in the Scheduling Service Account will be used to apply th the Job Approver no longer needs access to the Jobs folder and cannot manually remove or tamper with the associated XML file. -**NOTE:** If using a Job Initiator’s credentials for a Schedule Service Account, all jobs must be +:::note +If using a Job Initiator’s credentials for a Schedule Service Account, all jobs must be locked in order for them to be executed. See the [Role Definitions](/docs/accessanalyzer/11.6/admin/settings/access/rolebased/roledefinitions.md) and [Roles & the Schedule Service Account](/docs/accessanalyzer/11.6/admin/settings/access/rolebased/scheduleserviceaccount.md) topics for more information. +::: + Why can the Host Management Administrator not manage settings for the Host Discovery and Host Inventory nodes under Settings? @@ -41,10 +47,13 @@ Inventory nodes under Settings? The Host Management Administrator role is designed specifically to access the Host Management node. Therefore, this role does not grant access to the global settings menu under the Settings node. -**NOTE:** In order to access this node, the user must have either the Administrator or the Global +:::note +In order to access this node, the user must have either the Administrator or the Global Options Administrator role. See the [Role Definitions](/docs/accessanalyzer/11.6/admin/settings/access/rolebased/roledefinitions.md) topic for more information. +::: + What rights do I need to give the user on the local machine in order to use Enterprise Auditor? @@ -61,11 +70,14 @@ effect. This is also true if a user has been given an additional role or removed membership. The capabilities of the new role will not come into effect until the Enterprise Auditor application has been restarted. -**NOTE:** See the +:::note +See the [Edit Role Members' Responsibilities](/docs/accessanalyzer/11.6/admin/settings/access/rolebased/assignroles.md#edit-role-members-responsibilities) and [Delete Role Member](/docs/accessanalyzer/11.6/admin/settings/access/rolebased/assignroles.md#delete-role-member) topics for more information. +::: + I locked a job, but when going back to it, it appears to be unlocked. Why? @@ -76,13 +88,16 @@ Role Based Access. Thus, if a locked job is modified by an Administrator, the jo unlocked. This event will be logged as a job-change related event by Administrator in the Enterprise Auditor Event Log. -**NOTE:** If using a Job Initiator’s credentials for the Schedule Service Account, all jobs must be +:::note +If using a Job Initiator’s credentials for the Schedule Service Account, all jobs must be locked in order for them to execute. See the [Role Definitions](/docs/accessanalyzer/11.6/admin/settings/access/rolebased/roledefinitions.md), [Workflow with Role Based Access Enabled](/docs/accessanalyzer/11.6/admin/settings/access/rolebased/workflow.md), and [Roles and the Event Log](/docs/accessanalyzer/11.6/admin/settings/access/rolebased/eventlog.md) topics for more information. +::: + What should be the group type when assigning Role Based Access to an AD group in a multi-domain environment? diff --git a/docs/accessanalyzer/11.6/admin/settings/access/rolebased/overview.md b/docs/accessanalyzer/11.6/admin/settings/access/rolebased/overview.md index c661addad0..08533e3f5a 100644 --- a/docs/accessanalyzer/11.6/admin/settings/access/rolebased/overview.md +++ b/docs/accessanalyzer/11.6/admin/settings/access/rolebased/overview.md @@ -21,14 +21,20 @@ access model to the Enterprise Auditor Console. See the [Securing Published Reports Only](/docs/accessanalyzer/11.6/admin/settings/access/rolebased/securereports.md) topic for additional information. -**NOTE:** The least privileged access model to the Enterprise Auditor Console does not work in +:::note +The least privileged access model to the Enterprise Auditor Console does not work in conjunction with the Exchange Solution. Role Based Access can be enabled, but the Administrator role is required to run the Exchange Solution jobs. +::: -**CAUTION:** Please use caution when enabling Role Based Access, as it is a very powerful tool + +:::warning +Please use caution when enabling Role Based Access, as it is a very powerful tool within the console designed to be difficult to disable once activated. If Role Based Access is enabled by accident, please contact [Netwrix Support](https://www.netwrix.com/support.html) for assistance in disabling it. +::: + The account used to perform the initial Enterprise Auditor installation, as well as to change Storage Profile settings after installation, require additional rights in order to query objects in diff --git a/docs/accessanalyzer/11.6/admin/settings/access/rolebased/roledefinitions.md b/docs/accessanalyzer/11.6/admin/settings/access/rolebased/roledefinitions.md index 2f93a27f6f..06dd148fab 100644 --- a/docs/accessanalyzer/11.6/admin/settings/access/rolebased/roledefinitions.md +++ b/docs/accessanalyzer/11.6/admin/settings/access/rolebased/roledefinitions.md @@ -10,8 +10,11 @@ The following is a list of all roles leveraged within Enterprise Auditor once Ro enabled, including their intended functionality. A user may have more than one role assigned to them. -**NOTE:** When a job is moved or copied to a separate job group, it inherits the assigned roles at +:::note +When a job is moved or copied to a separate job group, it inherits the assigned roles at the parent and global level from the new job group. Any previous role inheritance is overwritten. +::: + - OS Administrator – Used only for installation purposes @@ -23,9 +26,12 @@ the parent and global level from the new job group. Any previous role inheritanc - Rights to view all reports, tags, and report permissions within the Web Console - Rights to preform an upgrade on Enterprise Auditor -**NOTE:** In order to use Role Base Access with the Exchange Solution, all Exchange users must be +:::note +In order to use Role Base Access with the Exchange Solution, all Exchange users must be assigned the Administrator role. This is because the solution requires local Administrator rights on the Enterprise Auditor Console server. +::: + - Power User @@ -168,11 +174,11 @@ This table identifies the rights granted to users who have access to the Enterpr | Install / Uninstall Data Collectors (or other tool components) | Yes | No | No | No | No | No | | Upgrade Enterprise Auditor Console | No | No | No | No | No | No | -\*When jobs are unlocked +**\*When jobs are unlocked** \*\*When jobs are locked -\*\*\*When jobs are locked and have no actions +**\*\*\*When jobs are locked and have no actions** ## Web Console Roles & Rights @@ -184,7 +190,7 @@ This table identifies the rights granted to users who have access only to the We | View Report Tags within the Web Console | Yes | Yes\* | | View Report Permissions within the Web Console | Yes | No | -\*According to where the role is assigned +**\*According to where the role is assigned** ## SQL Server Database Roles & Rights diff --git a/docs/accessanalyzer/11.6/admin/settings/access/rolebased/scheduleserviceaccount.md b/docs/accessanalyzer/11.6/admin/settings/access/rolebased/scheduleserviceaccount.md index ecbf12de14..2f44f82dc7 100644 --- a/docs/accessanalyzer/11.6/admin/settings/access/rolebased/scheduleserviceaccount.md +++ b/docs/accessanalyzer/11.6/admin/settings/access/rolebased/scheduleserviceaccount.md @@ -10,7 +10,7 @@ Once Role-Based Access is enabled, a user or group with the appropriate access r to schedule a job or job group as a Schedule Service Account at the **Settings** > **Schedule** node. Multiple accounts can be added as needed. -Who Configures This Account? +**Who Configures This Account?** - Administrator role - Power User role @@ -24,9 +24,12 @@ Whose Credentials Should Be Used as the Schedule Service Account? - Power User role - Job Initiator role -**NOTE:** In order to run or schedule a Host Inventory query, the Schedule Service Account must have +:::note +In order to run or schedule a Host Inventory query, the Schedule Service Account must have an Administrator, Power User, or Host Management Administrator role. Therefore, if the account has the Job Initiator role assigned, it must have the Host Management Administrator role as well. +::: + The Schedule Service Account is used to access the Task folders when scheduling tasks and to apply locks on jobs. @@ -46,8 +49,11 @@ locks on jobs. - Apply Locks - **NOTE:** If the Enterprise Auditor user whose credentials are used has the role of Job + :::note + If the Enterprise Auditor user whose credentials are used has the role of Job Initiator, the job must be locked in order for it to execute successfully. + ::: + - These credentials are used to apply locks on jobs, enabling the Job Approver to have fewer rights on the Jobs directory. Therefore, the credentials specified must at least have the @@ -68,5 +74,7 @@ See the [Schedule](/docs/accessanalyzer/11.6/admin/settings/schedule.md) topic for additional instructions on configuring the Schedule Service Account. -_Remember,_ these credentials must be for a user with local Administrator privileges or rights to +:::tip +Remember, these credentials must be for a user with local Administrator privileges or rights to the Windows Task Folder and the System 32 Task folder on the Enterprise Auditor Console server. +::: diff --git a/docs/accessanalyzer/11.6/admin/settings/access/rolebased/securereports.md b/docs/accessanalyzer/11.6/admin/settings/access/rolebased/securereports.md index 3ed5c76daa..0833367368 100644 --- a/docs/accessanalyzer/11.6/admin/settings/access/rolebased/securereports.md +++ b/docs/accessanalyzer/11.6/admin/settings/access/rolebased/securereports.md @@ -47,9 +47,12 @@ ellipsis (**…**) to browse for accounts with the Select User or Group window. **Step 5 –** Select a role for the group or user from the Role list. Click **Finish**. The group or user and role is added to the Role Membership list in the Roles view. -**CAUTION:** The first role or set of roles saved must include the Administrator role. Clicking Save +:::warning +The first role or set of roles saved must include the Administrator role. Clicking Save for the first role or set or roles without including the Administrator generates an error message in the Enterprise Auditor Console. +::: + **Step 6 –** Repeat Steps 2-4 to assign the Administrator, Web Administrator, and Report Viewer roles to other groups or users. diff --git a/docs/accessanalyzer/11.6/admin/settings/access/rolebased/workflow.md b/docs/accessanalyzer/11.6/admin/settings/access/rolebased/workflow.md index 071f8c8b86..01aeabc269 100644 --- a/docs/accessanalyzer/11.6/admin/settings/access/rolebased/workflow.md +++ b/docs/accessanalyzer/11.6/admin/settings/access/rolebased/workflow.md @@ -37,7 +37,10 @@ approved by the grayed-out **Unlock Job** option in the right-click menu. group. When applied at the job group level, all nested jobs are disabled and do not run. However, any new job added to that group is enabled by default. - **NOTE:** The Job initiator can also publish the reports already generated by the job. + :::note + The Job initiator can also publish the reports already generated by the job. + ::: + - Publish – To publish reports which have already been generated to the Web Console @@ -52,9 +55,12 @@ the job under the job’s Status and Results node, or in the Web Console. See th [Viewing Generated Reports](/docs/accessanalyzer/11.6/admin/report/view.md) topic for additional information. -**NOTE:** The Job Builder, Job Approver, and Job Initiator may also view these results within the +:::note +The Job Builder, Job Approver, and Job Initiator may also view these results within the Enterprise Auditor Console. Additionally, users with these roles can view reports within the Web Console. +::: + ## Other Console Roles @@ -70,13 +76,18 @@ The Web Administrator can view all reports within the Web Console. In addition to viewing report content, Web Administrators can view tags and report permissions. -_Remember,_ a user with only the Web Administrator role is unable to access the Enterprise Auditor +:::tip +Remember, a user with only the Web Administrator role is unable to access the Enterprise Auditor Console. +::: + ### Report Viewer The Report Viewer can view reports within the Web Console according to where the user’s role was assigned: global, job group, job, or report configuration. -_Remember,_ a user with only the Report Viewer role is unable to access the Enterprise Auditor +:::tip +Remember, a user with only the Report Viewer role is unable to access the Enterprise Auditor Console. +::: diff --git a/docs/accessanalyzer/11.6/admin/settings/application/overview.md b/docs/accessanalyzer/11.6/admin/settings/application/overview.md index b767c6f371..1f29830fef 100644 --- a/docs/accessanalyzer/11.6/admin/settings/application/overview.md +++ b/docs/accessanalyzer/11.6/admin/settings/application/overview.md @@ -11,7 +11,7 @@ Auditor Console functions. ![Application](/img/product_docs/accessanalyzer/11.6/admin/settings/application/application.webp) -Application Log +**Application Log** The Enterprise Auditor Application Log section determines what information is stored in the Enterprise Auditor application log. @@ -47,14 +47,17 @@ include: - Records errors and the time of occurrence - Records job completion time -**_RECOMMENDED:_** Set the log level to **Warning**. +:::info +Set the log level to **Warning**. +::: + The other log levels are designed to assist with troubleshooting job execution issues. The Debug level is only recommended when experiencing problems. After the problem is fixed or the Application log has been sent to [Netwrix Support](https://www.netwrix.com/support.html), reduce the logging level to **Warning** or **Info**. -Profile Security +**Profile Security** The Profile Security section provides the option to enable an enhanced method of encryption to various credentials stored by the Enterprise Auditor application. @@ -68,7 +71,7 @@ There are two options available in the Profiles stored with drop-down menu: [Vault](/docs/accessanalyzer/11.6/admin/settings/application/vault.md) topic for requirements and additional information. -Usage Statistics +**Usage Statistics** The Usage Statistics section allows you to select whether to send usage statistics data to Netwrix to help us improve our product. @@ -88,7 +91,7 @@ to help us improve our product. - If cleared, no usage statistics are collected or sent to Netwrix -Host Target Options +**Host Target Options** The Host Target Options section provides radio buttons to select the source that Enterprise Auditor should use to connect to hosts. @@ -100,7 +103,7 @@ Select from the following two options: - Use host name - Prefer DNS name if available -Grid View Parameters +**Grid View Parameters** The Grid View Parameters section controls how the data grids display within the Enterprise Auditor Console. @@ -112,7 +115,10 @@ Console. - Automatically correct invalid column names – Checks for and corrects column names which contain characters SQL cannot handle - **_RECOMMENDED:_** Leave both options selected. + :::info + Leave both options selected. + ::: + - Save filters and grouping on data grids – Maintains filters configured for a data grid for the next viewing. If not selected, filtered data grids reset between viewings. @@ -129,7 +135,7 @@ available for every data grid maintains a list of recent filters. See the [Data Grid Functionality](/docs/accessanalyzer/11.6/admin/navigate/datagrid.md) topic for additional information. -Cleanup +**Cleanup** The Cleanup section is designed to conserve space in the SQL Database Transaction Log. It only works when the database is configured to use Simple Recovery Model. @@ -139,16 +145,22 @@ when the database is configured to use Simple Recovery Model. - Compact Database Transaction Log – If selected, every time the Enterprise Auditor application is closed, the Database Transaction Log is compacted - **_RECOMMENDED:_** In most environments, it is recommended to leave this option selected. If a + :::info + In most environments, it is recommended to leave this option selected. If a scheduled task ends while multiple tasks are still running, the process of compacting the database freezes it and causes the running tasks to fail. + ::: + - Run Post Processing SQL Script to Set Host Status – If selected, this option ascribes the values of SUCCESS, WARNING, or ERROR to indicate what happened on that host during job execution - **_RECOMMENDED:_** It is recommended that this option be left selected. + :::info + It is recommended that this option be left selected. + ::: + -Application Exit Options +**Application Exit Options** The Application Exit Options section controls whether or not a confirmation is displayed when the Enterprise Auditor application is closed. diff --git a/docs/accessanalyzer/11.6/admin/settings/application/vault.md b/docs/accessanalyzer/11.6/admin/settings/application/vault.md index 84efe86b9b..9107a65b52 100644 --- a/docs/accessanalyzer/11.6/admin/settings/application/vault.md +++ b/docs/accessanalyzer/11.6/admin/settings/application/vault.md @@ -33,10 +33,13 @@ be met in the order listed: [Access](/docs/accessanalyzer/11.6/admin/settings/access/overview.md) topic for additional information on Role Based Access - **NOTE:** Once the vault has been enabled, it is not possible to disable Role Based Access + :::note + Once the vault has been enabled, it is not possible to disable Role Based Access without first disabling the vault. Please contact [Netwrix Support](https://www.netwrix.com/support.html) for assistance in disabling Role Based Access. + ::: + - The Profile Security section of the Application node must be set to **Vault** diff --git a/docs/accessanalyzer/11.6/admin/settings/connection/create/aws.md b/docs/accessanalyzer/11.6/admin/settings/connection/create/aws.md index 9f1432e933..061939f00f 100644 --- a/docs/accessanalyzer/11.6/admin/settings/connection/create/aws.md +++ b/docs/accessanalyzer/11.6/admin/settings/connection/create/aws.md @@ -32,9 +32,12 @@ A new connection profile will need to be created to be leveraged in the AWS Solu **Step 3 –** Input the Access Key ID into the Username section, and the Secret Access Key into the Access Token section. -_Remember,_ these are obtained from AWS when the permissions are configured. See the -[Configure AWS for Scans](/docs/accessanalyzer/11.6/requirements/aws/aws_2.md) +:::tip +Remember, these are obtained from AWS when the permissions are configured. See the +[Configure AWS for Scans](/docs/accessanalyzer/11.6/requirements/aws/configurescans.md) topic for additional information. +::: + **Step 4 –** Click OK in the User Credentials modal, name the Connection Profile, and click Save. diff --git a/docs/accessanalyzer/11.6/admin/settings/connection/create/create.md b/docs/accessanalyzer/11.6/admin/settings/connection/create/create.md index 21c8b713a6..2aa018bf04 100644 --- a/docs/accessanalyzer/11.6/admin/settings/connection/create/create.md +++ b/docs/accessanalyzer/11.6/admin/settings/connection/create/create.md @@ -17,9 +17,12 @@ Follow the steps to create a Connection Profile. **Step 2 –** A new profile displays in the list with a generic name. Provide a unique, descriptive name in the Connection profile name textbox. -**NOTE:** A good profile name should be chosen so that it does not need to be changed at a later +:::note +A good profile name should be chosen so that it does not need to be changed at a later time. If the profile name is changed after being applied to job groups or jobs, it requires the user to go back through all of those job groups or jobs and re-apply the Connection Profile. +::: + ![Add User Credential](/img/product_docs/accessanalyzer/11.6/admin/settings/connection/profile/addusercredential.webp) @@ -47,8 +50,11 @@ See the individual account type sections for information on the fields. Then cli ![Error Message for Password](/img/product_docs/accessanalyzer/11.6/admin/settings/connection/profile/passworddifferserror.webp) -**NOTE:** If the entered passwords are not the same, an error message will pop-up after clicking OK +:::note +If the entered passwords are not the same, an error message will pop-up after clicking OK on the User Credentials window. Click OK on the error message and re-type the passwords. +::: + ![User Credentials](/img/product_docs/accessanalyzer/11.6/admin/settings/connection/profile/usercredentialslist.webp) @@ -61,9 +67,12 @@ through the User Credentials list. It will first match to all credentials listed domain, and then proceed through all other credentials until authentication is successful or there are no more credentials to try. -**_RECOMMENDED:_** Limit the User Credentials list to a minimal number per profile, especially when +:::info +Limit the User Credentials list to a minimal number per profile, especially when considering that a successful authentication does not automatically mean that particular credential has the appropriate level of permissions in order for the data collection to occur. +::: + ![Arrange Priority](/img/product_docs/accessanalyzer/11.6/admin/settings/connection/profile/moveupdown.webp) @@ -76,7 +85,10 @@ Enterprise Auditor runs with before trying the user credentials above option. Th Connection Profile. If checked, Enterprise Auditor applies the local login credentials prior to any of the credentials saved to the Connection Profile. -**NOTE:** If a data collector utilizes an applet, this option must be unchecked. +:::note +If a data collector utilizes an applet, this option must be unchecked. +::: + **Step 7 –** When the user credentials have been added and ordered, click Save and then OK to confirm the changes to the Connection Profile. diff --git a/docs/accessanalyzer/11.6/admin/settings/connection/create/localwindows.md b/docs/accessanalyzer/11.6/admin/settings/connection/create/localwindows.md index d86dda1dd9..f6473b9b88 100644 --- a/docs/accessanalyzer/11.6/admin/settings/connection/create/localwindows.md +++ b/docs/accessanalyzer/11.6/admin/settings/connection/create/localwindows.md @@ -25,9 +25,12 @@ The required credentials for the Local Windows Account are: topic for additional information. The password fields do not apply for CyberArk password storage. - **NOTE:** If using the CyberArk option, then the associated Connection Profile can only have + :::note + If using the CyberArk option, then the associated Connection Profile can only have one user credential in it. Multiple user credentials are not supported with the CyberArk integration when using local Windows accounts. + ::: + - Password – Type the password - Confirm – Re-type the password diff --git a/docs/accessanalyzer/11.6/admin/settings/connection/create/sql.md b/docs/accessanalyzer/11.6/admin/settings/connection/create/sql.md index c870713d11..cff9f9ea2b 100644 --- a/docs/accessanalyzer/11.6/admin/settings/connection/create/sql.md +++ b/docs/accessanalyzer/11.6/admin/settings/connection/create/sql.md @@ -9,8 +9,11 @@ sidebar_position: 40 This information applies to **Select Account Type** > **SQL Authentication** in the User Credentials window. -**NOTE:** SQL Authentication credentials are used in the Connection Profiles for the SQL, MySQL, and +:::note +SQL Authentication credentials are used in the Connection Profiles for the SQL, MySQL, and PostgreSQL Solutions. +::: + ![User Credentials - SQL Authentication](/img/product_docs/accessanalyzer/11.6/admin/settings/connection/profile/sqlauthentication.webp) diff --git a/docs/accessanalyzer/11.6/admin/settings/connection/cyberarkintegration.md b/docs/accessanalyzer/11.6/admin/settings/connection/cyberarkintegration.md index 91d3823715..fe5fd68c0c 100644 --- a/docs/accessanalyzer/11.6/admin/settings/connection/cyberarkintegration.md +++ b/docs/accessanalyzer/11.6/admin/settings/connection/cyberarkintegration.md @@ -38,8 +38,11 @@ Password Vault, the following prerequisites must be completed: ..\CyberArk\ApplicationPasswordProvider\Utils\NETAimGetAppInfo.exe GetHash /AppExecutablesPattern \PrivateAssemblies\Stealthbits.StealthAUDIT.Console.dll ``` - **_RECOMMENDED:_** Pipe the output hash value to a file to easily copy and paste it to the + :::info + Pipe the output hash value to a file to easily copy and paste it to the CyberArk application. + ::: + See the CyberArk [Generate an application hash value](https://docs.cyberark.com/credential-providers/Latest/en/Content/CP%20and%20ASCP/Generating-Application-Hash-Value.htm) article @@ -82,7 +85,10 @@ Follow the steps to customize the CyberArk Application Id within Enterprise Audi **Step 1 –** Navigate to the `GlobalOptions.xml` file. Open it with a text editor, for example Notepad. -**CAUTION:** Ensure Enterprise Auditor is closed when modifying this file. +:::warning +Ensure Enterprise Auditor is closed when modifying this file. +::: + ![GlobalOptions.xml file in Notepad](/img/product_docs/accessanalyzer/11.6/admin/settings/connection/globaloptions.webp) @@ -163,7 +169,10 @@ should be populated with: | Safe | Safe | Vault managing the privileged accounts | Test | | Folder | Folder | Folder within Safe | Root | -**_RECOMMENDED:_** Only use one Local Windows Account credential with CyberArk password storage in a +:::info +Only use one Local Windows Account credential with CyberArk password storage in a Connection Profile. As part of the Enterprise Auditor to CyberArk integration, the Enterprise Auditor job is stopped immediately if the query from Enterprise Auditor to CyberArk for the credential fails. Therefore, a second credential within the Connection Profile would not be queried. + +::: diff --git a/docs/accessanalyzer/11.6/admin/settings/connection/gmsa.md b/docs/accessanalyzer/11.6/admin/settings/connection/gmsa.md index 13ec1bbc04..f0f3fec9ad 100644 --- a/docs/accessanalyzer/11.6/admin/settings/connection/gmsa.md +++ b/docs/accessanalyzer/11.6/admin/settings/connection/gmsa.md @@ -22,8 +22,11 @@ To run a job or scheduled task with a gMSA/MSA account, the following prerequisi - The Data Collector used must support unicode characters in the Connection Profile's credential password to retrieve the gMSA account password -**NOTE:** For FSAA, remote scans using gMSA credentials need to use the Windows Service launch +:::note +For FSAA, remote scans using gMSA credentials need to use the Windows Service launch mechanism in the query configuration. +::: + See the Microsoft [Group Managed Service Accounts](https://learn.microsoft.com/en-us/windows-server/security/group-managed-service-accounts/group-managed-service-accounts-overview) diff --git a/docs/accessanalyzer/11.6/admin/settings/exchange.md b/docs/accessanalyzer/11.6/admin/settings/exchange.md index 5c508e404f..8bab0887e1 100644 --- a/docs/accessanalyzer/11.6/admin/settings/exchange.md +++ b/docs/accessanalyzer/11.6/admin/settings/exchange.md @@ -53,8 +53,11 @@ on which version of Exchange is audited. Exchange CAS where both Remote PowerShell and Windows Authentication on the PowerShell Virtual Directory have been enabled. -**_RECOMMENDED:_** Once the Exchange Connection Settings have been properly configured for the +:::info +Once the Exchange Connection Settings have been properly configured for the version of Exchange to be audited, it is strongly recommended that the settings be tested. +::: + In the Test Exchange Connection Settings section: diff --git a/docs/accessanalyzer/11.6/admin/settings/history.md b/docs/accessanalyzer/11.6/admin/settings/history.md index 251f0cadb4..e430089f47 100644 --- a/docs/accessanalyzer/11.6/admin/settings/history.md +++ b/docs/accessanalyzer/11.6/admin/settings/history.md @@ -27,10 +27,13 @@ Set the Data Retention Period at the global level to **Never retain previous job for more control over the quantity of data by applying history retention at the job group or job level. All jobs run with this default setting only keep the most current record set. -**CAUTION:** It is important to understand that some pre-configured jobs require history retention +:::warning +It is important to understand that some pre-configured jobs require history retention while others do not support it. Changing the history retention settings at the global level can cause issues with data analysis and reporting on jobs that don't support it. See the relevant job group and job descriptions for additional information. +::: + The Diagnostics Retention Period settings determine how long this data is retained for all jobs that do not have an explicit setting. Setting the retention period for a specific job overrides the diff --git a/docs/accessanalyzer/11.6/admin/settings/hostdiscovery.md b/docs/accessanalyzer/11.6/admin/settings/hostdiscovery.md index ac8f3a33ef..3b7e9eff66 100644 --- a/docs/accessanalyzer/11.6/admin/settings/hostdiscovery.md +++ b/docs/accessanalyzer/11.6/admin/settings/hostdiscovery.md @@ -55,9 +55,12 @@ The log levels are: - Error – Records all errors which occur during the host discovery process - **_RECOMMENDED:_** Set the Log Level to Error. The default setting is Info, but it is + :::info + Set the Log Level to Error. The default setting is Info, but it is recommended that the setting for daily use be set to Error. The other log levels are designed to assist with troubleshooting host discovery and host inventory issues. + ::: + The **Cancel** and **Save** buttons are in the lower-right corner of the Host Discovery view. These buttons become enabled when modifications are made to the Host Discovery global settings. Whenever diff --git a/docs/accessanalyzer/11.6/admin/settings/hostinventory.md b/docs/accessanalyzer/11.6/admin/settings/hostinventory.md index b4b2c00a14..819bef6d9c 100644 --- a/docs/accessanalyzer/11.6/admin/settings/hostinventory.md +++ b/docs/accessanalyzer/11.6/admin/settings/hostinventory.md @@ -24,9 +24,12 @@ collected properties correspond to the columns in the Host Management tables. De prevents that information from being collected for target hosts. However, some solutions require this information. -**_RECOMMENDED:_** Leave the default setting of all the groups selected. Consult with +:::info +Leave the default setting of all the groups selected. Consult with [Netwrix Support](https://www.netwrix.com/support.html) prior to turning off any of these property groups. +::: + In the Performance Tuning section, there are five settings which allocate console resources to the host inventory process: diff --git a/docs/accessanalyzer/11.6/admin/settings/notification.md b/docs/accessanalyzer/11.6/admin/settings/notification.md index df90d9b02e..ecbf29f049 100644 --- a/docs/accessanalyzer/11.6/admin/settings/notification.md +++ b/docs/accessanalyzer/11.6/admin/settings/notification.md @@ -36,7 +36,10 @@ provided. Provide the following information to enable notifications from Enterprise Auditor. -**NOTE:** Check with your Messaging Team if you are unsure of this information. +:::note +Check with your Messaging Team if you are unsure of this information. +::: + - Mail Server – Enter the organization’s SMTP Server name - Encryption – Allows Enterprise Auditor users to enable notification encryption according to the @@ -111,9 +114,12 @@ A message displays stating that the test e-mail was sent successfully. ![Test email error message example](/img/product_docs/accessanalyzer/11.6/admin/settings/testerror.webp) -**NOTE:** If there are any problems with the information, an error message will appear during the +:::note +If there are any problems with the information, an error message will appear during the Test Email settings process. Correct the Notification settings until the test email is sent successfully. +::: + ![Netwrix Enterprise Auditor test e-mail](/img/product_docs/accessanalyzer/11.6/admin/settings/testemail.webp) diff --git a/docs/accessanalyzer/11.6/admin/settings/reporting.md b/docs/accessanalyzer/11.6/admin/settings/reporting.md index edb22c0f28..e73f06e1c8 100644 --- a/docs/accessanalyzer/11.6/admin/settings/reporting.md +++ b/docs/accessanalyzer/11.6/admin/settings/reporting.md @@ -42,10 +42,13 @@ secured, this address must be manually updated: https://[Fully Qualified Domain Name of the StealthAUDIT Console server]:[Port Number] -**NOTE:** Any browser used to access the Web Console must have JavaScript allowed for the site. See +:::note +Any browser used to access the Web Console must have JavaScript allowed for the site. See the [Configure JavaScript Settings for the Web Console](#configure-javascript-settings-for-the-web-console) topic for additional information. +::: + ## Publish Option @@ -68,20 +71,29 @@ inheritance is broken at the job group, job, or report level. Separate multiple semicolon. If commas are used as delimiters for email addresses, they will be converted into semicolons when the settings are saved. -**_RECOMMENDED:_** Configure email reporting at a specific level to ensure recipients only receive +:::info +Configure email reporting at a specific level to ensure recipients only receive reports which apply to them. +::: + -**NOTE:** Email reports does not work unless Enterprise Auditor has been configured to send email +:::note +Email reports does not work unless Enterprise Auditor has been configured to send email notifications through the **Notification** node. See the [Notification](/docs/accessanalyzer/11.6/admin/settings/notification.md) topic for additional information. +::: + The **Do Not Email Report If Blank** checkbox prevents reports from being sent via email if all elements are blank when generated. A blank report can occur if there is an error in data collection or if the report is configured for data which might not always be present (for example, new computer objects created since last scan). -**_RECOMMENDED:_** Enable the **Do Not Email Report If Blank** option. +:::info +Enable the **Do Not Email Report If Blank** option. +::: + The report can be sent using the desired **Email Content** option: @@ -117,7 +129,10 @@ under All permissions. **Step 3 –** Click **Add** in the Allow section. On the Add a site window, enter the URL for the Web Console and click **Add**. -**NOTE:** If the global Allowed option is selected, you do not need to specifically add the Web +:::note +If the global Allowed option is selected, you do not need to specifically add the Web Console as an allowed site. +::: + The Web Console's URL is added to the Allow list and JavaScript is enabled for the Web Console. diff --git a/docs/accessanalyzer/11.6/admin/settings/schedule.md b/docs/accessanalyzer/11.6/admin/settings/schedule.md index 08dce786c9..1fe5eefc8f 100644 --- a/docs/accessanalyzer/11.6/admin/settings/schedule.md +++ b/docs/accessanalyzer/11.6/admin/settings/schedule.md @@ -19,11 +19,14 @@ schedule jobs in the Schedule Wizard. See the [Schedules](/docs/accessanalyzer/11.6/admin/schedule/overview.md) topic for additional information. -**CAUTION:** On Windows 2016 servers, the Schedule Service Account cannot be signed into an active +:::warning +On Windows 2016 servers, the Schedule Service Account cannot be signed into an active session when the time comes for a scheduled task to start. Windows blocks the starting or running of scheduled tasks using an account that is logged into the server. +::: -Password Storage Options + +**Password Storage Options** The password for the credential provided can be stored in the Enterprise Auditor application or the Enterprise Auditor Vault. @@ -33,7 +36,7 @@ configured in the **Settings** > **Application** node. See the [Application](/docs/accessanalyzer/11.6/admin/settings/application/overview.md) topic for additional information. -Permissions +**Permissions** Regardless of the account type, any account used to schedule tasks must have credentials with at least the following to meet Least Privileged specifications: @@ -96,17 +99,23 @@ Use one of the following options for the Schedule Service Account: - The account can be either a domain account or a local Windows account - A local Windows account is a specific account and not the default local system account -_Remember,_ the Schedule Service Account cannot be signed into an active session on the Enterprise +:::tip +Remember, the Schedule Service Account cannot be signed into an active session on the Enterprise Auditor Console server when the time comes for a scheduled task to start when it has a Windows 2016 operating system. +::: + ## Create a Schedule Service Account Follow the steps to create a Schedule Service Account. -_Remember,_ the Schedule Service Account cannot be signed into an active session on the Enterprise +:::tip +Remember, the Schedule Service Account cannot be signed into an active session on the Enterprise Auditor Console server when the time comes for a scheduled task to start when it has a Windows 2016 operating system. +::: + ![Add User credential option in the Schedule view](/img/product_docs/accessanalyzer/11.6/admin/settings/addusercredential.webp) @@ -194,9 +203,12 @@ Enterprise Auditor can now schedule tasks with this Scheduled Service Account. Follow the steps to edit a Schedule Service Account credentials. -_Remember,_ the Schedule Service Account cannot be signed into an active session on the Enterprise +:::tip +Remember, the Schedule Service Account cannot be signed into an active session on the Enterprise Auditor Console server when the time comes for a scheduled task to start when it has a Windows 2016 operating system. +::: + ![Edit option in the Schedule view](/img/product_docs/accessanalyzer/11.6/admin/settings/edit.webp) diff --git a/docs/accessanalyzer/11.6/admin/settings/sensitivedata/overview.md b/docs/accessanalyzer/11.6/admin/settings/sensitivedata/overview.md index a3b47c56dc..4f924a6b09 100644 --- a/docs/accessanalyzer/11.6/admin/settings/sensitivedata/overview.md +++ b/docs/accessanalyzer/11.6/admin/settings/sensitivedata/overview.md @@ -11,10 +11,13 @@ positive exclusion filters. These settings require the Sensitive Data Discovery [Sensitive Data Discovery Add-On](/docs/accessanalyzer/11.6/sensitivedatadiscovery/overview.md) topic for additional information. -**NOTE:** Sensitive data exclusion filters can only be applied to the +:::note +Sensitive data exclusion filters can only be applied to the [File System Solution](/docs/accessanalyzer/11.6/solutions/filesystem/overview.md) and the [SharePoint Solution](/docs/accessanalyzer/11.6/solutions/sharepoint/overview.md). +::: + ![Sensitive Data settings](/img/product_docs/accessanalyzer/11.6/admin/settings/sensitivedata/sensitivedata.webp) diff --git a/docs/accessanalyzer/11.6/admin/settings/storage/add.md b/docs/accessanalyzer/11.6/admin/settings/storage/add.md index 26b2c367ea..55572850f3 100644 --- a/docs/accessanalyzer/11.6/admin/settings/storage/add.md +++ b/docs/accessanalyzer/11.6/admin/settings/storage/add.md @@ -33,10 +33,13 @@ queries running for that amount of time. **Step 5 –** Select the radio button for the appropriate authentication mode. If using **SQL Server authentication** , provide a **User name** and **Password** in the textboxes. -**_RECOMMENDED:_** When possible, use Windows Authentication. Windows Authentication is more secure +:::info +When possible, use Windows Authentication. Windows Authentication is more secure than SQL Server Authentication. See the Microsoft [Choose an authentication mode](https://learn.microsoft.com/en-us/sql/relational-databases/security/choose-an-authentication-mode) article for additional information. +::: + | ![Good connection test](/img/product_docs/accessanalyzer/11.6/admin/settings/storage/addprofilegoodconnection.webp) | ![Bad connection test](/img/product_docs/accessanalyzer/11.6/admin/settings/storage/addprofilebadconnection.webp) | | ----------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------- | diff --git a/docs/accessanalyzer/11.6/admin/settings/storage/delete.md b/docs/accessanalyzer/11.6/admin/settings/storage/delete.md index ca2517e53c..0ecb346792 100644 --- a/docs/accessanalyzer/11.6/admin/settings/storage/delete.md +++ b/docs/accessanalyzer/11.6/admin/settings/storage/delete.md @@ -8,8 +8,11 @@ sidebar_position: 40 Follow the steps to delete a Storage Profile. -**NOTE:** This procedure does not delete databases from the SQL Server. It only removes the selected +:::note +This procedure does not delete databases from the SQL Server. It only removes the selected Storage Profile from this Enterprise Auditor Console. +::: + ![Delete Storage Profile option](/img/product_docs/accessanalyzer/11.6/admin/settings/storage/delete.webp) diff --git a/docs/accessanalyzer/11.6/admin/settings/storage/overview.md b/docs/accessanalyzer/11.6/admin/settings/storage/overview.md index eea0378747..3d1aab44e0 100644 --- a/docs/accessanalyzer/11.6/admin/settings/storage/overview.md +++ b/docs/accessanalyzer/11.6/admin/settings/storage/overview.md @@ -32,16 +32,22 @@ Each Storage Profile consists of the following parts: connect with an account configured with the DBO role (database owner rights) and provisioned to use DBO Schema. - **_RECOMMENDED:_** When possible, use Windows Authentication. Windows Authentication is more + :::info + When possible, use Windows Authentication. Windows Authentication is more secure than SQL Server Authentication. See the Microsoft [Choose an authentication mode](https://learn.microsoft.com/en-us/sql/relational-databases/security/choose-an-authentication-mode) article for additional information. + ::: + - Windows authentication – Leverages the account used to run the Enterprise Auditor Console - **NOTE:** This option affects the credentials used for Schedule Service Accounts. See the + :::note + This option affects the credentials used for Schedule Service Accounts. See the [Schedule](/docs/accessanalyzer/11.6/admin/settings/schedule.md) topic for additional information. + ::: + - SQL Server authentication – Leverages the account provided in the **User name** and **Password** textboxes @@ -70,7 +76,10 @@ At the Storage view, the following operations are available: [Delete a Storage Profile](/docs/accessanalyzer/11.6/admin/settings/storage/delete.md) topic for additional information. -**NOTE:** A green checkmark in the Storage Profiles list indicates the default Storage Profile. +:::note +A green checkmark in the Storage Profiles list indicates the default Storage Profile. +::: + The **Cancel** and **Save** buttons are in the lower-right corner of the Storage view. These buttons become enabled when modifications are made to the Storage global setting. Whenever changes are made diff --git a/docs/accessanalyzer/11.6/cdsa/job.md b/docs/accessanalyzer/11.6/cdsa/job.md index c069cbc617..ac0977cae4 100644 --- a/docs/accessanalyzer/11.6/cdsa/job.md +++ b/docs/accessanalyzer/11.6/cdsa/job.md @@ -29,7 +29,10 @@ The CDSA job generates three PowerPoint files: - The **Netwrix_CDSA_A4_Presentation.pptx** file is designed to be given to the customer for self-review as a PDF file -**CAUTION:** Do not send any these presentations to a customer in PowerPoint format. +:::warning +Do not send any these presentations to a customer in PowerPoint format. +::: + The printable assets can be converted to PDFs or printed booklet style at a professional print shop (suggested) if desired. @@ -54,7 +57,10 @@ are two presentation options for the live slide show: Use the Custom Slide Show drop-down menu on the Slide Show ribbon in PowerPoint to select the appropriate presentation. -**NOTE:** Slide 17 is hidden by default as same information is available on Slides 18-20. +:::note +Slide 17 is hidden by default as same information is available on Slides 18-20. +::: + Netwrix University includes a training module with details on the key talking points for a live delivery of the slide shows. Check out the **315 – Getting Started with Credential & Data Security @@ -83,7 +89,10 @@ Follow the steps to create the appropriate custom PDF. The presentation is converted to a PDF with only the applicable slides included. -**NOTE:** Slide 16 is hidden by default as same information is available on Slides 17-19. +:::note +Slide 16 is hidden by default as same information is available on Slides 17-19. +::: + ## Custom Slide Show Alignment diff --git a/docs/accessanalyzer/11.6/gettingstarted.md b/docs/accessanalyzer/11.6/gettingstarted.md index 3d0994d5be..84dfec2e1c 100644 --- a/docs/accessanalyzer/11.6/gettingstarted.md +++ b/docs/accessanalyzer/11.6/gettingstarted.md @@ -64,16 +64,22 @@ The other global Settings provide additional options for impacting how Enterpris – Enable and configure Role Based Access for a least privileged application of Enterprise Auditor and report viewing or the enable the REST API - **NOTE:** If Role Based Access is enabled by accident, contact + :::note + If Role Based Access is enabled by accident, contact [Netwrix Support](https://www.netwrix.com/support.html) for assistance in disabling it. + ::: + - [Application](/docs/accessanalyzer/11.6/admin/settings/application/overview.md) – Configure additional settings not included in the other nodes - [Exchange](/docs/accessanalyzer/11.6/admin/settings/exchange.md) – Configure Microsoft® Exchange Server connections -**CAUTION:** Do not configure data retention at the global level without ensuring History is +:::warning +Do not configure data retention at the global level without ensuring History is supported by ALL solutions to be run. +::: + - [History](/docs/accessanalyzer/11.6/admin/settings/history.md) – Configure data retention and log retention settings diff --git a/docs/accessanalyzer/11.6/index.md b/docs/accessanalyzer/11.6/index.md index 35d83e8df1..d27a560bab 100644 --- a/docs/accessanalyzer/11.6/index.md +++ b/docs/accessanalyzer/11.6/index.md @@ -180,7 +180,10 @@ See the [Dropbox Solution](/docs/accessanalyzer/11.6/solutions/dropbox/overview.md) topic for additional information. -**NOTE:** Sensitive data auditing requires the Sensitive Data Discovery Add-on. +:::note +Sensitive data auditing requires the Sensitive Data Discovery Add-on. +::: + ### Exchange Solution @@ -193,7 +196,10 @@ See the [Exchange Solution](/docs/accessanalyzer/11.6/solutions/exchange/overview.md) topic for additional information. -**NOTE:** Sensitive data auditing requires the Sensitive Data Discovery Add-on. +:::note +Sensitive data auditing requires the Sensitive Data Discovery Add-on. +::: + ### File Systems Solution @@ -207,8 +213,11 @@ See the [File System Solution](/docs/accessanalyzer/11.6/solutions/filesystem/overview.md) topic for additional information. -**NOTE:** Activity auditing requires the Activity Monitor. Sensitive data auditing requires the +:::note +Activity auditing requires the Activity Monitor. Sensitive data auditing requires the Sensitive Data Discovery Add-on. +::: + ### SharePoint Solution @@ -220,7 +229,10 @@ See the [SharePoint Solution](/docs/accessanalyzer/11.6/solutions/sharepoint/overview.md) topic for additional information. -**NOTE:** Sensitive data auditing requires the Sensitive Data Discovery Add-on. +:::note +Sensitive data auditing requires the Sensitive Data Discovery Add-on. +::: + ### Unix Solution diff --git a/docs/accessanalyzer/11.6/install/application/database/database.md b/docs/accessanalyzer/11.6/install/application/database/database.md index 99976d9f78..b49934324b 100644 --- a/docs/accessanalyzer/11.6/install/application/database/database.md +++ b/docs/accessanalyzer/11.6/install/application/database/database.md @@ -28,8 +28,11 @@ The account configured in the storage profile to be used by Enterprise Auditor t database should have the necessary rights to Add, Alter, Create, Drop, Select, and Update. These rights are critical to normal Enterprise Auditor operations and functionality. -**_RECOMMENDED:_** The account used by Enterprise Auditor should have database owner (DBO) level +:::info +The account used by Enterprise Auditor should have database owner (DBO) level access to the database. +::: + If database owner rights cannot be obtained, the following SQL script can be executed by a database administrator (DBA) against the Enterprise Auditor database to grant the necessary permissions to @@ -151,7 +154,10 @@ node and choose **New Database**. **Step 2 –** Set the **Database name**. Set any other desired data files configuration per company standards. Click **OK** on the New Database window. -**_RECOMMENDED:_** Enter Enterprise Auditor as the Database name. +:::info +Enter Enterprise Auditor as the Database name. +::: + ![SQL Server Management Studio create New Login](/img/product_docs/accessanalyzer/11.6/install/application/newlogin.webp) @@ -172,8 +178,11 @@ authentication. - **_RECOMMENDED:_** If **SQL Server authentication** is desired, use a login name called Enterprise Auditor. -**NOTE:** Set the **Default Database** as Enterprise Auditor (or the desired Enterprise Auditor +:::note +Set the **Default Database** as Enterprise Auditor (or the desired Enterprise Auditor database) and choose English as the **Default Language**. +::: + ![SQL Server Management Studio New Login User Mapping](/img/product_docs/accessanalyzer/11.6/install/application/loginusermapping.webp) @@ -187,9 +196,12 @@ Console. **Step 7 –** Configure the Enterprise Auditor Console to access the assigned database using the newly secured login account. -**NOTE:** This step requires the completion of the Enterprise Auditor installation. See the +:::note +This step requires the completion of the Enterprise Auditor installation. See the [Enterprise Auditor Core Installation](/docs/accessanalyzer/11.6/install/application/wizard.md) topic for instructions. +::: + ![Storage Profile configuration page](/img/product_docs/accessanalyzer/11.6/install/application/storageprofile.webp) @@ -210,9 +222,12 @@ topic for instructions. ![Change storage profile dialog](/img/product_docs/accessanalyzer/11.6/install/application/changestorageprofile.webp) -**NOTE:** If previously connected to another database which already had the Enterprise Auditor DB +:::note +If previously connected to another database which already had the Enterprise Auditor DB schema applied, then a prompt should appear to merge the host management data. Choose the appropriate options and then click **OK** to migrate data. +::: + **Step 9 –** Make sure to close and re-open the Enterprise Auditor Console before continuing to configure or use Enterprise Auditor if a new database Storage Profile was chosen as the default. diff --git a/docs/accessanalyzer/11.6/install/application/database/otherlanguages.md b/docs/accessanalyzer/11.6/install/application/database/otherlanguages.md index 29bce7b515..77c50b3d39 100644 --- a/docs/accessanalyzer/11.6/install/application/database/otherlanguages.md +++ b/docs/accessanalyzer/11.6/install/application/database/otherlanguages.md @@ -17,7 +17,7 @@ The following collation requirements need to be met prior to the Enterprise Audi The collation settings at the database level must match what is set at the server level. -Symptoms +**Symptoms** Common errors that occur are: @@ -28,14 +28,14 @@ Common errors that occur are: - Cannot resolve the collation conflict between **SQL_Latin1_General_CP1_CI_AS** and **French_CI_AS** in the equal to operation. -Cause +**Cause** These errors occur because the Enterprise Auditor solutions use many temporary functions and procedures which in turn use the collation at the server level. Temporary tables created within a stored procedure use the TEMPDB database’s collation instead of the current user database’s collation. Therefore, there will be issues in analysis due to the mismatch. -Resolution +**Resolution** The following is a work-around which we use to avoid collation errors. However, when making changes at the SQL Server level, use caution as it actually rebuilds all user/system database objects. If @@ -90,13 +90,13 @@ Now that the collations match, proceed with Enterprise Auditor installation. Enterprise Auditor does not support case sensitive collation settings. Case insensitive collations are notated by having **CI** in the collation, for example **Latin1_General_CI_AS**. -Cause +**Cause** For example, `SYS.INDEXES` will be unable to be found if there was an English install of SQL Server but a Turkish collation which is case sensitive. So `'SYS.INDEXES != 'sys.indexes' `in the environment. -Resolution +**Resolution** All collation settings must be case insensitive. @@ -127,11 +127,14 @@ SELECT * FROM TestTab WHERE CharCol = CharCol2 SELECT * FROM TestTab WHERE CharCol = CharCol2 COLLATE Albanian_CI_AI ``` -**NOTE:** Explicit collation (Albanian_CI_AI) is not one of any column, but after that it will +:::note +Explicit collation (Albanian_CI_AI) is not one of any column, but after that it will complete successfully. The collation of two columns have not been matched, instead the third rule of collation precedence was implemented. See the Microsoft [Collation Precedence](https://learn.microsoft.com/en-us/sql/t-sql/statements/collation-precedence-transact-sql) article for additional information. +::: + ### Resources diff --git a/docs/accessanalyzer/11.6/install/application/firstlaunch.md b/docs/accessanalyzer/11.6/install/application/firstlaunch.md index 0579a9980c..291258104a 100644 --- a/docs/accessanalyzer/11.6/install/application/firstlaunch.md +++ b/docs/accessanalyzer/11.6/install/application/firstlaunch.md @@ -24,10 +24,13 @@ continue. **Step 3 –** On the Version Selection page, select the **I have no previous versions to migrate data from** and click **Next** to continue. -**NOTE:** If you are upgrading from a previous version of Enterprise Auditor, select **Choose a +:::note +If you are upgrading from a previous version of Enterprise Auditor, select **Choose a StealthAUDIT root folder path to copy from**. See the [Enterprise Auditor Console Upgrade](/docs/accessanalyzer/11.6/install/application/upgrade/overview.md) topic for additional information. +::: + ![SQL Server Settings page](/img/product_docs/accessanalyzer/11.6/install/application/sqlserver.webp) @@ -115,11 +118,14 @@ continue. **Step 8 –** After the Enterprise Auditor Configuration Wizard finishes configuring your installation, click **Finish** to open the Enterprise Auditor Console. -**NOTE:** To view the log for the setup process, click **View Log** to open it. If you need to view +:::note +To view the log for the setup process, click **View Log** to open it. If you need to view the log after exiting the wizard, it is located in the installation directory at `..\STEALTHbits\StealthAUDIT\SADatabase\Logs`. See the [Troubleshooting](/docs/accessanalyzer/11.6/admin/maintenance/troubleshooting.md) topic for more information about logs. +::: + ![Netwrix Acces Governance Settings Node](/img/product_docs/accessanalyzer/11.6/install/application/settingsnode.webp) diff --git a/docs/accessanalyzer/11.6/install/application/reports/adfs.md b/docs/accessanalyzer/11.6/install/application/reports/adfs.md index 2c188d4dde..ed6ed74b3a 100644 --- a/docs/accessanalyzer/11.6/install/application/reports/adfs.md +++ b/docs/accessanalyzer/11.6/install/application/reports/adfs.md @@ -12,8 +12,11 @@ Active Directory Federation Services (ADFS). Follow the steps to configure the Web Console to use ADFS authentication: -**NOTE:** A certificate from the ADFS server is required. Confer with a PKI administrator to +:::note +A certificate from the ADFS server is required. Confer with a PKI administrator to determine which certificate method will conform to the organization's security policies. +::: + **Step 1 –** Import the certificate for the ADFS server onto the hosting server using the Certificate Management MMC snap-in. diff --git a/docs/accessanalyzer/11.6/install/application/reports/domains.md b/docs/accessanalyzer/11.6/install/application/reports/domains.md index d34a97ffcc..c544fd9be8 100644 --- a/docs/accessanalyzer/11.6/install/application/reports/domains.md +++ b/docs/accessanalyzer/11.6/install/application/reports/domains.md @@ -10,8 +10,11 @@ When the `AuthenticationDomains` parameter in the **WebServer.exe.config** file domain users from the domain where the Enterprise Auditor Console resides can access the Web Console. Access can be granted from other domains when specified within this parameter. -**NOTE:** Once another domain is added, then it is necessary to also add the domain where the +:::note +Once another domain is added, then it is necessary to also add the domain where the Enterprise Auditor Console resides. +::: + All domains provided or enumerated must have a trust relationship with the domain where Enterprise Auditor resides. Follow the steps to allow access to the Web Console from other domains. @@ -40,7 +43,10 @@ service. The Web Console can now be accessed from multiple domains. -**NOTE:** In order for the AIC to be accessed from these domains, this must also be configured for +:::note +In order for the AIC to be accessed from these domains, this must also be configured for the AIC. See the Multiple Domains topic in the [Netwrix Access Information Center Documentation](https://helpcenter.netwrix.com/category/accessinformationcenter) for additional information. + +::: diff --git a/docs/accessanalyzer/11.6/install/application/reports/entraidsso.md b/docs/accessanalyzer/11.6/install/application/reports/entraidsso.md index f44fe14304..13cdbb4885 100644 --- a/docs/accessanalyzer/11.6/install/application/reports/entraidsso.md +++ b/docs/accessanalyzer/11.6/install/application/reports/entraidsso.md @@ -78,10 +78,13 @@ Microsoft Entra ID SSO in the web server config file. To enable Microsoft Entra ID SSO for the Web Console, the web server config file needs to be updated with values from Microsoft Entra ID. Follow the steps to enable the SSO. -_Remember,_ Enabling Entra ID SSO requires SSL to already have been enabled for the web server. See +:::tip +Remember, Enabling Entra ID SSO requires SSL to already have been enabled for the web server. See the [Securing the Web Console](/docs/accessanalyzer/11.6/install/application/reports/secure.md) topic for additional information. +::: + **Step 1 –** Open the **WebServer.exe.config** file with a text editor, for example Notepad. It is located within the Web folder of the Enterprise Auditor installation directory. diff --git a/docs/accessanalyzer/11.6/install/application/reports/kerberosencryption.md b/docs/accessanalyzer/11.6/install/application/reports/kerberosencryption.md index 6dd0958cc9..85a13d354c 100644 --- a/docs/accessanalyzer/11.6/install/application/reports/kerberosencryption.md +++ b/docs/accessanalyzer/11.6/install/application/reports/kerberosencryption.md @@ -23,7 +23,7 @@ System.Security.SecurityException: The encryption type requested is not supporte This error will be logged in the following location: -%SAINSTALLDIR%\SADatabase\Logs\Web\service.log +**%SAINSTALLDIR%\SADatabase\Logs\Web\service.log** While it is not required to configure these settings, this section provides the locations and steps necessary to configure encryption methods in Local and Group policies to allow Kerberos for the diff --git a/docs/accessanalyzer/11.6/install/application/reports/okta.md b/docs/accessanalyzer/11.6/install/application/reports/okta.md index 86025242dc..55b629d00f 100644 --- a/docs/accessanalyzer/11.6/install/application/reports/okta.md +++ b/docs/accessanalyzer/11.6/install/application/reports/okta.md @@ -31,7 +31,7 @@ Retrieve the Values to Paste into the Enterprise Auditor WebServer.exe.config Fi **Step 2 –** Right click on the **Identity Provider metadata** link and select **Copy Link Address** to get the value for the WSFederationMetadata URL. - +**** **Step 3 –** Click on the General tab to copy the value for the **Realm**. This value will be unique per tenant. @@ -40,7 +40,7 @@ per tenant. **Step 4 –** Construct the ReplytoURL using the FQDN of your Enterprise Auditor server: -https://FQDNofaccessanalyzerserver.com:8082/federation +**https://FQDNofaccessanalyzerserver.com:8082/federation** Edit the WebServer.exe.config File @@ -60,8 +60,11 @@ located in the Web folder within the Enterprise Auditor installation. **Step 3 –** Update the following values in the **WebServer.exe.config** file with the values retrieved from the Enterprise Auditor Okta application. -**CAUTION:** These values are case sensitive. The values used here must match the values in the +:::warning +These values are case sensitive. The values used here must match the values in the Enterprise Auditor Okta application. +::: + - `WSFederationMetadata` – Paste the copied link address into the **WebServer.exe.config** file as: @@ -84,7 +87,7 @@ Enterprise Auditor Okta application. **Step 4 –** Restart the Enterprise Auditor Web Server. -Configure the App Settings for the StealthAUDIT Application +**Configure the App Settings for the StealthAUDIT Application** **Step 1 –** In the Enterprise Auditor application, navigate to the General Tab and click **Edit** to populate the following fields. @@ -124,7 +127,10 @@ Click the **Edit Profile** button for the Enterprise Auditor application. - upn - department -**NOTE:** The case of the attributes in bold must match the case used in the custom attribute. +:::note +The case of the attributes in bold must match the case used in the custom attribute. +::: + Click **Save** to save the attribute details and close the Add Attribute window. To add another attribute, click **Save and Add Another**. diff --git a/docs/accessanalyzer/11.6/install/application/reports/overview.md b/docs/accessanalyzer/11.6/install/application/reports/overview.md index 407d139726..bf0b930291 100644 --- a/docs/accessanalyzer/11.6/install/application/reports/overview.md +++ b/docs/accessanalyzer/11.6/install/application/reports/overview.md @@ -17,21 +17,27 @@ The Enterprise Auditor installer places a Web folder at the root of the Enterpri directory. This folder contains the Enterprise Auditor Web Server (WebServer.exe) that runs on the Enterprise Auditor Console upon installation. -**NOTE:** The Enterprise Auditor Web Server service must run as an account that has access to the +:::note +The Enterprise Auditor Web Server service must run as an account that has access to the Enterprise Auditor database. This may be a different account than the one used to connect Enterprise Auditor to the database. If the Enterprise Auditor Vault service is running, the account running the Web Server service must be an Enterprise Auditor Administrator. See the [Vault](/docs/accessanalyzer/11.6/admin/settings/application/vault.md) topic for additional information. +::: + The Web folder that the Enterprise Auditor installer places at the root of the Enterprise Auditor directory also contains a `WebServer.exe.config` file. This file contains configurable parameters. -**CAUTION:** If encryption methods have been configured for Kerberos on the Enterprise Auditor +:::warning +If encryption methods have been configured for Kerberos on the Enterprise Auditor server but not on the service account running the Enterprise Auditor Web Server service, then users will not be able to log-in to the Web Console and will receive an error message. See the [Manage Kerberos Encryption Warning for the Web Console](/docs/accessanalyzer/11.6/install/application/reports/kerberosencryption.md) topic for additional information on configuring security polices to allow Kerberos encryption. +::: + ## Log into the Web Console @@ -46,7 +52,10 @@ role grant access to the published reports. See the [Role Based Access](/docs/accessanalyzer/11.6/admin/settings/access/rolebased/overview.md) topic for addition information. -**NOTE:** Access to the AIC and other Netwrix products is controlled from within those products. +:::note +Access to the AIC and other Netwrix products is controlled from within those products. +::: + The address to the Web Console can be configured within the Enterprise Auditor Console (**Settings** > **Reporting**). The default address is `http://[hostname.domain.com]:8082`. From the @@ -56,10 +65,13 @@ localhost with the name of the Enterprise Auditor Console. See the [Update Website URLs](/docs/accessanalyzer/11.6/install/application/reports/secure.md#update-website-urls) topic for additional information. -**NOTE:** Any browser used to access the Web Console must have JavaScript allowed for the site. See +:::note +Any browser used to access the Web Console must have JavaScript allowed for the site. See the [Configure JavaScript Settings for the Web Console](/docs/accessanalyzer/11.6/admin/settings/reporting.md#configure-javascript-settings-for-the-web-console) topic for additional information. +::: + Follow the steps to login to the Web Console. @@ -68,12 +80,13 @@ Follow the steps to login to the Web Console. - From the Enterprise Auditor Console server – Click the Published Reports desktop icon (`http://localhost:8082`) - For remote access – Enter one of the following URLs into a web browser: + - `http://[machinename]:8082` + - `https://[machinename]:8082` - http://[machinename]:8082 - - https://[machinename]:8082 +:::note +The URL that is used may need to be added to the browser’s list of trusted sites. +::: -**NOTE:** The URL that is used may need to be added to the browser’s list of trusted sites. ![Web Console Login page](/img/product_docs/accessanalyzer/11.6/install/application/reports/webconsolelogin.webp) diff --git a/docs/accessanalyzer/11.6/install/application/reports/secure.md b/docs/accessanalyzer/11.6/install/application/reports/secure.md index f8939edb0d..7ecf97ca79 100644 --- a/docs/accessanalyzer/11.6/install/application/reports/secure.md +++ b/docs/accessanalyzer/11.6/install/application/reports/secure.md @@ -22,9 +22,12 @@ Additional configuration options for enhanced security include: [Enable Single Sign-On](/docs/accessanalyzer/11.6/install/application/reports/sso.md) topic for additional information. - **NOTE:** The Web Console also supports using Microsoft Entra ID single sign-on. See the + :::note + The Web Console also supports using Microsoft Entra ID single sign-on. See the [Microsoft Entra ID Single Sign-On](/docs/accessanalyzer/11.6/install/application/reports/entraidsso.md) topic for additional information. + ::: + These parameters can be configured within the **WebServer.exe.config** file in the Web folder of the Enterprise Auditor installation directory `…\STEALTHbits\StealthAUDIT\Web`. @@ -37,24 +40,33 @@ necessary to bind a certificate to the port. See the information. Follow the steps on the server where Enterprise Auditor is installed to enable SSL for the Web Console. -**NOTE:** The following steps require a certificate to be available. Organizations typically have +:::note +The following steps require a certificate to be available. Organizations typically have one or more system administrators responsible for Public Key Infrastructure (PKI) and certificates. To continue with this configuration it will first be necessary to confer with the PKI administrator to determine which certificate method will conform to the organization’s security policies. Optionally, see [Use a Self-Signed Certificate for SSL](#use-a-self-signed-certificate-for-ssl) for an Administrator PowerShell command which will both create and import a self-signed certificate. +::: + **Step 1 –** Import the certificate to the hosting server using the Certificate Management MMC snap-in. -**NOTE:** If using a self-signed certificate, it will also need to be imported. +:::note +If using a self-signed certificate, it will also need to be imported. +::: + **Step 2 –** Create an SSL binding. It is necessary to use the certificate’s **Hash** value for the `$certHash` value: -**NOTE:** The following Administrator PowerShell dir command can be run on the certificate's “drive” +:::note +The following Administrator PowerShell dir command can be run on the certificate's “drive” to find the **Hash** value of a certificate which was already created and the output will include the Thumbprint (**Hash**) value and the certificate name: +::: + ``` dir cert:\localmachine\my @@ -93,10 +105,13 @@ located within the Web folder of the Enterprise Auditor installation directory. **Step 6 –** Navigate to Services (`services.msc`). Restart the Netwrix Enterprise Auditor Web Server service. -**NOTE:** If also using the AIC, then SSL needs to be enabled for the AIC using this certificate. +:::note +If also using the AIC, then SSL needs to be enabled for the AIC using this certificate. See the Securing the AIC section of the [Netwrix Access Information Center Documentation](https://helpcenter.netwrix.com/category/accessinformationcenter) for additional information. +::: + The Web Console has been enabled for SSL communication. Access it using the server’s fully qualified domain name and the HTTPS port (`https://[hostname.domain.com]:8082`). If a self-signed certificate @@ -112,7 +127,7 @@ Website URL must be updated to match the new value in the following places: - Enterprise Auditor's Reporting node (**Settings** > **Reporting**) - Enterprise Auditor's Published Reports Desktop icon properties -Update the Website URL in the Reporting Node +**Update the Website URL in the Reporting Node** Follow the steps to update the Website URL in the **Settings** > **Reporting** node. diff --git a/docs/accessanalyzer/11.6/install/application/reports/sso.md b/docs/accessanalyzer/11.6/install/application/reports/sso.md index 1c0df36d51..db29c8bd22 100644 --- a/docs/accessanalyzer/11.6/install/application/reports/sso.md +++ b/docs/accessanalyzer/11.6/install/application/reports/sso.md @@ -11,9 +11,12 @@ Console according to the user’s current login session. When opening a session domain, the user will be prompted for credentials from a pop-up windows. After authenticating, the user will be automatically logged in the Web Console. -**NOTE:** The Web Console also supports using Microsoft Entra ID single sign-on. See the +:::note +The Web Console also supports using Microsoft Entra ID single sign-on. See the [Microsoft Entra ID Single Sign-On](/docs/accessanalyzer/11.6/install/application/reports/entraidsso.md) topic for additional information. +::: + Follow the steps to enable single sign-on for the Web Console. @@ -67,5 +70,8 @@ qualified domain name is in the following format: `https://..com Authentication will now pass through Windows Authentication and bypass SSO configuration Prompts for credentials via Browser pop-up -**NOTE:** A list of allowed authentication servers can also be configured using the +:::note +A list of allowed authentication servers can also be configured using the AuthServerAllowList policy. + +::: diff --git a/docs/accessanalyzer/11.6/install/application/reports/timeout.md b/docs/accessanalyzer/11.6/install/application/reports/timeout.md index 5eb6f73ffe..17ee445f8a 100644 --- a/docs/accessanalyzer/11.6/install/application/reports/timeout.md +++ b/docs/accessanalyzer/11.6/install/application/reports/timeout.md @@ -10,7 +10,7 @@ The Web Console is configured with a default timeout parameter of 15 minutes. Th within the **WebServer.exe.config** file in the Web folder of the Enterprise Auditor installation directory: -…\STEALTHbits\StealthAUDIT\Web +**…\STEALTHbits\StealthAUDIT\Web** Follow the steps to modify the timeout parameter for the Web Console. diff --git a/docs/accessanalyzer/11.6/install/application/updatelicense.md b/docs/accessanalyzer/11.6/install/application/updatelicense.md index c379082f04..15aaa2ff9a 100644 --- a/docs/accessanalyzer/11.6/install/application/updatelicense.md +++ b/docs/accessanalyzer/11.6/install/application/updatelicense.md @@ -51,7 +51,7 @@ When the path to the file is visible in the text box, click **Next**. The licens license. It also displays the name of the organization which owns the license, the expiration date, and the host limit. These are the features that will be installed. Click **Next**. -![Setup Wizard Ready to change page](/img/product_docs/accessanalyzer/11.6/install/application/ready.webp) +![Setup Wizard Ready to change page](/img/product_docs/accessanalyzer/11.6/install/application/ready_1.webp) **Step 7 –** On the Ready to Change Enterprise Auditor page, click **Change** to begin the update. diff --git a/docs/accessanalyzer/11.6/install/application/upgrade/overview.md b/docs/accessanalyzer/11.6/install/application/upgrade/overview.md index a4e250356d..9a678c5d63 100644 --- a/docs/accessanalyzer/11.6/install/application/upgrade/overview.md +++ b/docs/accessanalyzer/11.6/install/application/upgrade/overview.md @@ -10,11 +10,14 @@ Enterprise Auditor 11.6 uses the Upgrade Wizard. For upgrades from versions of E that are no longer supported, contact [Netwrix Support](https://www.netwrix.com/support.html) for assistance. -**NOTE:** If any customizations have been done by a Netwrix Engineer, please ensure custom work is +:::note +If any customizations have been done by a Netwrix Engineer, please ensure custom work is not lost during the upgrade process. While using the Upgrade Wizard, customizations are archived prior to solution upgrades. These archives are available after the solution upgrades have been completed. Contact [Netwrix Support](https://www.netwrix.com/support.html) for additional information. +::: + The purpose of this document is to provide the basic steps needed for upgrading Enterprise Auditor and the stock solutions. Contact [Netwrix Support](https://www.netwrix.com/support.html) for @@ -25,7 +28,7 @@ release information. ## Considerations -Multiple Enterprise Auditor Consoles Connecting to the Same Database +**Multiple Enterprise Auditor Consoles Connecting to the Same Database** In environments where multiple Enterprise Auditor Consoles are using the same SQL Server database, every console using the database must also be updated. The act of connecting a Enterprise Auditor @@ -33,7 +36,7 @@ Console with a newer version to a database updates the database’s schema pursu definition. If a Enterprise Auditor Console with an older version connects to the same database after the schema has been updated, corruption to Enterprise Auditor’s system tables can result. -SQL Server Supported Version Change for the Enterprise Auditor Database +**SQL Server Supported Version Change for the Enterprise Auditor Database** With the release of Enterprise Auditor v11.6, SQL Server 2016 through SQL Server 2022 are the supported versions for the Enterprise Auditor database. @@ -44,7 +47,7 @@ version of the Enterprise Auditor Console, see the [Update License Key](/docs/accessanalyzer/11.6/install/application/updatelicense.md) topic for instructions. -License Key Changes +**License Key Changes** The following changes in licensing requires the organization needing a new key: diff --git a/docs/accessanalyzer/11.6/install/application/upgrade/solutionconsiderations.md b/docs/accessanalyzer/11.6/install/application/upgrade/solutionconsiderations.md index f8569a0df9..8a31b95840 100644 --- a/docs/accessanalyzer/11.6/install/application/upgrade/solutionconsiderations.md +++ b/docs/accessanalyzer/11.6/install/application/upgrade/solutionconsiderations.md @@ -8,17 +8,20 @@ sidebar_position: 10 The following items must be taken into consideration for upgrades: -Access Information Center +**Access Information Center** - Should be upgraded at the same time as Enterprise Auditor. - **NOTE:** The Enterprise Auditor upgrade should be completed first. + :::note + The Enterprise Auditor upgrade should be completed first. + ::: + See the Upgrade Procedure for Enterprise Auditor topic in the [Netwrix Access Information Center Documentation](https://helpcenter.netwrix.com/category/accessinformationcenter)[ ](https://www.stealthbits.com/jdownloads/Documentation%20User%20Guides%20PDF/Stealthbits_AIC_InstallConfigGuide.pdf)for instructions. -Sensitive Data Discovery Add-on +**Sensitive Data Discovery Add-on** - Needs to be updated on all servers where it was installed. See the [Upgrade Sensitive Data Discovery Add-on](/docs/accessanalyzer/11.6/install/sensitivedatadiscovery/upgrade.md) @@ -32,14 +35,14 @@ default in all solution sets. See the [Configure Global Sensitive Data Settings](#configure-global-sensitive-data-settings) for additional information. -Active Directory Solution Considerations +**Active Directory Solution Considerations** - For Activity – Ensure the Netwrix Activity Monitor is a compatible version. See the Upgrade Instructions in the [Netwrix Activity Monitor Documentation](https://helpcenter.netwrix.com/category/activitymonitor) for additional information. -File System Solution Considerations +**File System Solution Considerations** - For Proxy Mode as a Service – File System Proxy Service needs to be updated on the proxy servers. See the @@ -50,7 +53,7 @@ File System Solution Considerations [Netwrix Activity Monitor Documentation](https://helpcenter.netwrix.com/category/activitymonitor) for additional information. -SharePoint Solution Considerations +**SharePoint Solution Considerations** - For SharePoint Agent – Enterprise Auditor SharePoint Agent needs to be updated on the SharePoint server where it was installed. See the @@ -86,9 +89,12 @@ topic for additional information. ## Configure Global Sensitive Data Settings -**CAUTION:** The new global Settings will overwrite any previously configured criteria. Make a note +:::warning +The new global Settings will overwrite any previously configured criteria. Make a note of any configured Sensitive Data Criteria before commencing the upgrade Enterprise Auditor. Sensitive Data Criteria must be reconfigured after an upgrade. +::: + If Sensitive Data Criteria are configured differently for each solution, re-configure the criteria selection at the solution level. See the diff --git a/docs/accessanalyzer/11.6/install/application/upgrade/wizard.md b/docs/accessanalyzer/11.6/install/application/upgrade/wizard.md index 20207fed98..2eabb8d9c5 100644 --- a/docs/accessanalyzer/11.6/install/application/upgrade/wizard.md +++ b/docs/accessanalyzer/11.6/install/application/upgrade/wizard.md @@ -6,23 +6,32 @@ sidebar_position: 20 # Enterprise Auditor Core Upgrade Instructions -**CAUTION:** If Role Based Access has been enabled, a user with the Administrator role must perform +:::warning +If Role Based Access has been enabled, a user with the Administrator role must perform the upgrade. Other user roles do not have the necessary permissions to perform upgrades. +::: + Follow the steps to upgrade to Enterprise Auditor 11.6 on the same server where an older version of Enterprise Auditor is installed. -**NOTE:** If any customizations have been done by a Netwrix Engineer, please ensure the custom work +:::note +If any customizations have been done by a Netwrix Engineer, please ensure the custom work is not lost during the upgrade process. While using the Upgrade Wizard, customizations are archived prior to solution upgrades. These archives are available after the solution upgrades have been completed. Contact [Netwrix Support](https://www.netwrix.com/support.html) for additional information. +::: + -**CAUTION:** The new global Settings will overwrite any previously configured Sensitive Data +:::warning +The new global Settings will overwrite any previously configured Sensitive Data criteria. Make a note of any configured Sensitive Data Criteria before upgrading Enterprise Auditor. Sensitive Data Criteria must be reconfigured after an upgrade. See the [Configure Global Sensitive Data Settings](/docs/accessanalyzer/11.6/install/application/upgrade/solutionconsiderations.md#configure-global-sensitive-data-settings) topic for additional information. +::: + ![Windows Control Panel Uninstall or change a program window](/img/product_docs/accessanalyzer/11.6/install/application/controlpaneluninstall.webp) @@ -34,7 +43,7 @@ files, and reports remain in the installation directory after the uninstall proc folder of the installation directory. Any custom application settings contained in this file are kept as part of this upgrade process. -![Setup Wizard Welcome page](/img/product_docs/accessanalyzer/11.6/install/application/upgrade/welcome.webp) +![Setup Wizard Welcome page](/img/product_docs/accessanalyzer/11.6/install/application/welcome.webp) **Step 2 –** Install Enterprise Auditor 11.6. See the [Enterprise Auditor Core Installation](/docs/accessanalyzer/11.6/install/application/wizard.md) @@ -88,8 +97,11 @@ upgrade is complete. Conflict resolution can be done on the Changes window by un customization. However, if the conflict is undone prior to a solution upgrade, then the customization will not be archived. -**CAUTION:** If Role Based Access has been enabled, a user with the Administrator role must perform +:::warning +If Role Based Access has been enabled, a user with the Administrator role must perform the upgrade. Other user roles do not have the necessary permissions to perform upgrades. +::: + Follow the steps to use the Upgrade Wizard. @@ -100,15 +112,21 @@ Enterprise Auditor icon on the desktop. **Step 2 –** The Enterprise Auditor Configuration Wizard opens. Click **Next** to continue. -**NOTE:** When Enterprise Auditor11.6 is installed on a server where a previous version of +:::note +When Enterprise Auditor11.6 is installed on a server where a previous version of Enterprise Auditor had been installed, the Version Selection page of the Configuration Wizard will not appear. +::: + ![Configuration Wizard Solution Set Files page with conflicts](/img/product_docs/accessanalyzer/11.6/install/application/upgrade/solutionsetfiles.webp) **Step 3 –** On the Solution Set Files page, only upgrade conflicts are displayed by default. -**_RECOMMENDED:_** Investigate the changes where conflicts have been identified before proceeding. +:::info +Investigate the changes where conflicts have been identified before proceeding. +::: + **Step 4 –** (Optional) Select an item with the Conflict State and click **View conflicts** to open the Changes window. diff --git a/docs/accessanalyzer/11.6/install/application/wizard.md b/docs/accessanalyzer/11.6/install/application/wizard.md index 04d2abcc88..440555d58f 100644 --- a/docs/accessanalyzer/11.6/install/application/wizard.md +++ b/docs/accessanalyzer/11.6/install/application/wizard.md @@ -10,11 +10,17 @@ Save the organization’s Enterprise Auditor license key, received from your Net Representative, to the server where Enterprise Auditor is to be installed. Then follow the steps to install Enterprise Auditor. -**NOTE:** The process explained in this topic assumes that both the downloaded binary and the +:::note +The process explained in this topic assumes that both the downloaded binary and the license (.lic) file are located on the server which will become the Enterprise Auditor Console. +::: -**CAUTION:** If User Account Control (UAC) is enabled on the server, ensure the installation package + +:::warning +If User Account Control (UAC) is enabled on the server, ensure the installation package is run in Administrative/privilege mode. +::: + **Step 1 –** Run the **Netwrixaccessanalyzer.exe** executable to open the Enterprise Auditor Setup Wizard. @@ -42,8 +48,11 @@ install Enterprise Auditor. The default destination folder is **Step 5 –** On the License File page, click **Browse** and navigate to your **StealthAUDIT.lic** file. When the path to the file is visible in the textbox, click **Next**. -**NOTE:** The license file must be stored on the Enterprise Auditor Console server before the +:::note +The license file must be stored on the Enterprise Auditor Console server before the installation begins. +::: + ![License Features page](/img/product_docs/accessanalyzer/11.6/install/application/licensefeatures.webp) diff --git a/docs/accessanalyzer/11.6/install/filesystemproxy/configuredatacollector.md b/docs/accessanalyzer/11.6/install/filesystemproxy/configuredatacollector.md index ea334d3e9e..2a0f9c1358 100644 --- a/docs/accessanalyzer/11.6/install/filesystemproxy/configuredatacollector.md +++ b/docs/accessanalyzer/11.6/install/filesystemproxy/configuredatacollector.md @@ -27,6 +27,9 @@ See the [FSAA Query Configuration](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/overview.md#fsaa-query-configuration) topic for additional information. -**_RECOMMENDED:_** When choosing to use proxy mode as a service for any of the File System Solution +:::info +When choosing to use proxy mode as a service for any of the File System Solution **…System Scans** jobs, set proxy mode as a service for all of the **…System Scans** jobs that are scheduled to run together. + +::: diff --git a/docs/accessanalyzer/11.6/install/filesystemproxy/overview.md b/docs/accessanalyzer/11.6/install/filesystemproxy/overview.md index 9f2d42dd0f..24f99aa0f7 100644 --- a/docs/accessanalyzer/11.6/install/filesystemproxy/overview.md +++ b/docs/accessanalyzer/11.6/install/filesystemproxy/overview.md @@ -50,8 +50,11 @@ completed. Proxy scanning architecture supports large deployments or widely disp A proxy server is any server that can be leveraged to process data collection against target hosts. -**CAUTION:** The File System Proxy Service cannot be installed on the same server as Enterprise +:::warning +The File System Proxy Service cannot be installed on the same server as Enterprise Auditor. +::: + Two options are available for implementing the proxy scanning architecture: @@ -119,11 +122,14 @@ be possible without proxy servers. This provides a clear benefit in scalability The proxy functionality for the FSAA Data Collector provides security and reliability. -_Remember,_ It is recommended that the File System Proxy Service is installed on the proxy server +:::tip +Remember, It is recommended that the File System Proxy Service is installed on the proxy server before running File System scans in proxy mode as a service. Once installed, the FileSystemAccess (FSAA) Data Collector must be configured to use the service. See the [File System Data Collection Configuration for Proxy as a Service](/docs/accessanalyzer/11.6/install/filesystemproxy/configuredatacollector.md) topic for additional information. +::: + ## Sensitive Data Discovery Auditing Consideration @@ -134,8 +140,11 @@ Enterprise Auditor Console server. See the [Sensitive Data Discovery Add-On Installation](/docs/accessanalyzer/11.6/install/sensitivedatadiscovery/overview.md) topic for additional information. -**NOTE:** If running Sensitive Data Discovery (SDD) scans, it will be necessary to increase the +:::note +If running Sensitive Data Discovery (SDD) scans, it will be necessary to increase the minimum amount of RAM. Each thread requires a minimum of 2 additional GB of RAM per host. By default, SDD scans are configured to run two concurrent threads. For example, if the job is configured to scan 8 hosts at a time with two concurrent SDD threads, then an extra 32 GB of RAM are required (8x2x2=32). + +::: diff --git a/docs/accessanalyzer/11.6/install/filesystemproxy/silentinstall.md b/docs/accessanalyzer/11.6/install/filesystemproxy/silentinstall.md index 2e6c16b13e..55b9bd0a51 100644 --- a/docs/accessanalyzer/11.6/install/filesystemproxy/silentinstall.md +++ b/docs/accessanalyzer/11.6/install/filesystemproxy/silentinstall.md @@ -9,10 +9,13 @@ sidebar_position: 30 It is possible to use one of the following methods to complete a silent installation of the File System Proxy Service. -**CAUTION:** For all Active Directory versions, aside from Windows 2012 R2, the silent installer +:::warning +For all Active Directory versions, aside from Windows 2012 R2, the silent installer does not prompt an error message if a duplicate SPN value exists in the targeted domain for [Option 1: Run as LocalSystem](#option-1-run-as-localsystem). Having duplicate SPN’s in the targeted Active Directory environment prohibits connection to the proxy service, resulting in a failed scan. +::: + If a desired SPN already exists in a Windows 2012 R2 domain, the silent installer displays the following message: diff --git a/docs/accessanalyzer/11.6/install/filesystemproxy/troubleshooting.md b/docs/accessanalyzer/11.6/install/filesystemproxy/troubleshooting.md index a20156d77d..d2bd218720 100644 --- a/docs/accessanalyzer/11.6/install/filesystemproxy/troubleshooting.md +++ b/docs/accessanalyzer/11.6/install/filesystemproxy/troubleshooting.md @@ -14,11 +14,12 @@ The following are potential errors that may occur during installation and how to The following are potential errors that may occur during File System scans and how to resolve each. -| Error Message | Resolution | -| --------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Failed to launch SDD client (2): The system cannot find the file specified. | This indicates the Sensitive Data Discovery Add-On is not installed on the proxy server. | -| Error creating DLP components. Error:Error initializing DLP communications, received invalid pipe handle. | This indicates the Sensitive Data Discovery Add-On is not installed on the proxy server. | -| Unable to start scan: Could not initialize scan session with any proxy host supplied | This can indicate a few things and is a broad error: - The Enterprise Auditor Console cannot reach the proxy server via the network. - Network communications are blocked for TCP on port 8766 – possibly by the Windows Firewall on the Enterprise Auditor Console server or proxy server, or by another firewall in the network (it is possible for this port to be customized through the FSAA Data Collector query configuration). - The Netwrix Enterprise Auditor FSAA Proxy Scanner service is not running or is not installed on the target proxy server. | +| Error Message | Resolution | +| --------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Failed to launch SDD client (2): The system cannot find the file specified. | This indicates the Sensitive Data Discovery Add-On is not installed on the proxy server. | +| Error creating DLP components. Error:Error initializing DLP communications, received invalid pipe handle. | This indicates the Sensitive Data Discovery Add-On is not installed on the proxy server. | +| Unable to start scan: Could not initialize scan session with any proxy host supplied | This can indicate a few things and is a broad error:
  • The Enterprise Auditor Console cannot reach the proxy server via the network.
  • Network communications are blocked for TCP on port 8766 – possibly by the Windows Firewall on the Enterprise Auditor Console server or proxy server, or by another firewall in the network (it is possible for this port to be customized through the FSAA Data Collector query configuration).
  • The Netwrix Enterprise Auditor FSAA Proxy Scanner service is not running or is not installed on the target proxy server.
| + ## Verbose Logging diff --git a/docs/accessanalyzer/11.6/install/filesystemproxy/uninstall.md b/docs/accessanalyzer/11.6/install/filesystemproxy/uninstall.md index b110555a6f..d1b895823f 100644 --- a/docs/accessanalyzer/11.6/install/filesystemproxy/uninstall.md +++ b/docs/accessanalyzer/11.6/install/filesystemproxy/uninstall.md @@ -15,10 +15,13 @@ uninstalling of the Enterprise Auditor File System Scanning Proxy program. **Step 2 –** Select Netwrix Enterprise Auditor File System Scanning Proxy and click **Uninstall**. -**NOTE:** If the installation was configured to use the LocalSystem account to run the RPC service +:::note +If the installation was configured to use the LocalSystem account to run the RPC service the two SPN values are removed for that machine in Active Directory. If the service is running with a supplied account, the SPN values would need to be manually removed for that machine in Active Directory (unless the uninstall was completed as part of the [Upgrade Proxy Service Procedure](/docs/accessanalyzer/11.6/install/filesystemproxy/upgrade.md)). +::: + When the uninstall process is complete, this program is removed from the list. diff --git a/docs/accessanalyzer/11.6/install/filesystemproxy/upgrade.md b/docs/accessanalyzer/11.6/install/filesystemproxy/upgrade.md index f9694cfc5e..d6e52c01b3 100644 --- a/docs/accessanalyzer/11.6/install/filesystemproxy/upgrade.md +++ b/docs/accessanalyzer/11.6/install/filesystemproxy/upgrade.md @@ -13,9 +13,12 @@ This upgrade can be done in two ways: - Automatically – An instant job within the Enterprise Auditor Console - Manually – On each server hosting the proxy service -**CAUTION:** When upgrading the Proxy Service to 11.6 from a previous version for the first time, +:::warning +When upgrading the Proxy Service to 11.6 from a previous version for the first time, you must manually uninstall the previous version and follow the [Manual Upgrade](#manual-upgrade) steps below. Subsequent 11.6 upgrades can be done using the automatic upgrade option. +::: + ## Automatic Upgrade diff --git a/docs/accessanalyzer/11.6/install/filesystemproxy/wizard.md b/docs/accessanalyzer/11.6/install/filesystemproxy/wizard.md index da334d79b1..32df29e9c9 100644 --- a/docs/accessanalyzer/11.6/install/filesystemproxy/wizard.md +++ b/docs/accessanalyzer/11.6/install/filesystemproxy/wizard.md @@ -61,8 +61,11 @@ radio buttons. Then, click **Next**. **Step 7 –** When the installation completes, click **Finish** to exit the wizard. -**NOTE:** If the File System Proxy Service is installed on multiple servers, then a custom host list +:::note +If the File System Proxy Service is installed on multiple servers, then a custom host list of proxy servers should also be created in Netwrix Enterprise Auditor. +::: + Once the File System Proxy Service has been installed on any proxy server, it is necessary to configure the File System Solution certificate exchange method for Proxy Mode as a Service. See the @@ -74,7 +77,7 @@ topic for additional information. The port and priority parameters can be modified for the File System Proxy Service on the registry key: -HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\StealthAUDITFSAA\ImagePath +**HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\StealthAUDITFSAA\ImagePath** - Port parameter – Only needs to be added to the registry key value if a custom port is used. The default port of 8766 does not need to be set as a parameter @@ -84,10 +87,16 @@ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\StealthAUDITFSAA\ImagePath - Append `-r 0` to the ImagePath key value - **NOTE:** If both parameters are added, there is no required order. + :::note + If both parameters are added, there is no required order. + ::: + - **_RECOMMENDED:_** Stop the Netwrix Enterprise Auditor FSAA Proxy Scanner service before + :::info + Stop the Netwrix Enterprise Auditor FSAA Proxy Scanner service before modifying the registry key. + ::: + Follow the steps to configure these service parameters. @@ -101,7 +110,7 @@ Scanner service and select **Stop**. **Step 2 –** Open Registry Editor (`regedit`) and navigate to the following registry key: -HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\StealthAUDITFSAA\ImagePath +**HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\StealthAUDITFSAA\ImagePath** **Step 3 –** Right-click on the **ImagePath** key and select **Modify**. The Value data was set during installation according to the installation directory location selected. @@ -114,9 +123,12 @@ during installation according to the installation directory location selected. Example with Port number 1234: - C:\Program Files (x86)\STEALTHbits\StealthAUDIT\FSAA\StealthAUDITRPC.EXEFSAASrv.DLL -e 1234 +**C:\Program Files (x86)\STEALTHbits\StealthAUDIT\FSAA\StealthAUDITRPC.EXEFSAASrv.DLL -e 1234** + + :::note + The port number needs to be added to the path only if a custom port is used. + ::: - **NOTE:** The port number needs to be added to the path only if a custom port is used. **Step 4 –** Click **OK** and close Registry Editor. @@ -129,9 +141,12 @@ Proxy Scanner service. Close the Services Management Console. **[Job]** > **Configure** > **Queries** node and open the File System Access Auditor Data Collector Wizard. On the Applet Settings wizard page, change the **Port number** to the custom port. -**NOTE:** See the +:::note +See the [File System Data Collection Configuration for Proxy as a Service](/docs/accessanalyzer/11.6/install/filesystemproxy/configuredatacollector.md) section for additional configurations required to run scans in proxy mode as a service. +::: + **Step 7 –** Repeat the previous step for each of the **FileSystem** > **0.Collection** jobs to employ this proxy service. diff --git a/docs/accessanalyzer/11.6/install/sensitivedatadiscovery/wizard.md b/docs/accessanalyzer/11.6/install/sensitivedatadiscovery/wizard.md index a188573b7b..99459c5737 100644 --- a/docs/accessanalyzer/11.6/install/sensitivedatadiscovery/wizard.md +++ b/docs/accessanalyzer/11.6/install/sensitivedatadiscovery/wizard.md @@ -27,7 +27,10 @@ Remember, the following additional considerations: [SharePoint Agent Installation](/docs/accessanalyzer/11.6/install/sharepointagent/overview.md) topic for additional information. -**NOTE:** Before running the installation package, please close the Enterprise Auditor application. +:::note +Before running the installation package, please close the Enterprise Auditor application. +::: + The Enterprise Auditor license file is needed during installation. It can be imported from the Enterprise Auditor installation directory when the add-on is installed on the Enterprise Auditor @@ -35,7 +38,10 @@ Console server. Follow the steps to install the Sensitive Data Discovery Add-On. **Step 1 –** Run the `SensitiveDataAddon.exe` executable. -_Remember,_ +:::tip +Remember, +::: + - Install the Sensitive Data Add-on – FSAA & SPAA Agentless (or x86) version of the Sensitive Data Discovery Add-On on the Enterprise Auditor Console Server. @@ -61,8 +67,11 @@ will target the license key within the Enterprise Auditor installation directory the SharePoint Agent server or the File System Proxy server, use the Browse button to navigate to the license file. Click **Next**. -**NOTE:** The Enterprise Auditor license file needs to be locally accessible during the installation +:::note +The Enterprise Auditor license file needs to be locally accessible during the installation process. +::: + ![SDD Add-on Setup Wizard Ready to install page](/img/product_docs/accessanalyzer/11.6/install/sensitivedatadiscovery/ready.webp) diff --git a/docs/accessanalyzer/11.6/install/sharepointagent/overview.md b/docs/accessanalyzer/11.6/install/sharepointagent/overview.md index 4d40b496c1..dbe8e6037c 100644 --- a/docs/accessanalyzer/11.6/install/sharepointagent/overview.md +++ b/docs/accessanalyzer/11.6/install/sharepointagent/overview.md @@ -39,10 +39,13 @@ been installed on the SharePoint server. This requirement is in addition to havi Data Discovery Add-on installed on the Enterprise Auditor Console server. Sensitive Data Discovery Auditing scans also require .NET Framework 4.7.2 or later. -**NOTE:** If running Sensitive Data Discovery (SDD) scans, it will be necessary to increase the +:::note +If running Sensitive Data Discovery (SDD) scans, it will be necessary to increase the minimum amount of RAM. Each thread requires a minimum of 2 additional GB of RAM per host. For example, if the job is configured to scan 8 hosts at a time , then an extra 16 GB of RAM are required (8x2=16). +::: + See the [Sensitive Data Discovery Add-On Installation](/docs/accessanalyzer/11.6/install/sensitivedatadiscovery/overview.md) diff --git a/docs/accessanalyzer/11.6/install/sharepointagent/wizard.md b/docs/accessanalyzer/11.6/install/sharepointagent/wizard.md index e19f93d670..3a3a53a909 100644 --- a/docs/accessanalyzer/11.6/install/sharepointagent/wizard.md +++ b/docs/accessanalyzer/11.6/install/sharepointagent/wizard.md @@ -15,11 +15,14 @@ the Enterprise Auditor Console. See the [SharePoint Scan Options](/docs/accessanalyzer/11.6/requirements/sharepoint/scanoptions/scanoptions.md) topic for detailed permission information. -**NOTE:** If utilizing the SharePoint Agent to scan for Sensitive Data, the 64-bit +:::note +If utilizing the SharePoint Agent to scan for Sensitive Data, the 64-bit `SensitiveDataAddon.msi` needs to be installed after the SharePoint Agent has been installed on the SharePoint server. See the [Sensitive Data Discovery Add-On Installation](/docs/accessanalyzer/11.6/install/sensitivedatadiscovery/overview.md) topic for additional information. +::: + Follow the steps to install the SharePoint Agent on the application server which hosts the Central Administration component of the targeted SharePoint farms. diff --git a/docs/accessanalyzer/11.6/install/stealthauditmapicdoinstallation/appendix.md b/docs/accessanalyzer/11.6/install/stealthauditmapicdoinstallation/appendix.md index ad75763fc4..bad1b6fcac 100644 --- a/docs/accessanalyzer/11.6/install/stealthauditmapicdoinstallation/appendix.md +++ b/docs/accessanalyzer/11.6/install/stealthauditmapicdoinstallation/appendix.md @@ -6,8 +6,11 @@ sidebar_position: 10 # Appendix for the StealthAUDIT MAPI CDO Installation Guide -**CAUTION:** The Enterprise Auditor MAPI CDO must be installed first before installing the Microsoft +:::warning +The Enterprise Auditor MAPI CDO must be installed first before installing the Microsoft Exchange MAPI CDO. +::: + Before installing either binary, close the Enterprise Auditor application and ensure the following requirements have been met: @@ -23,8 +26,11 @@ Follow these steps to install the Microsoft Exchange MAPI CDO. **Step 1 –** Download and run the ExchangeMapiCDO application from Microsoft. -**NOTE:** The steps may be slightly different than the following. See Microsoft’s website for +:::note +The steps may be slightly different than the following. See Microsoft’s website for additional detail. +::: + ![appendix_for_the_stealthaudit](/img/product_docs/accessanalyzer/11.6/stealthaudit/install_guides/mapi_cdo_install/appendix_for_the_stealthaudit.webp) diff --git a/docs/accessanalyzer/11.6/install/stealthauditmapicdoinstallation/stealthaudit_mapi_cdo_installation.md b/docs/accessanalyzer/11.6/install/stealthauditmapicdoinstallation/stealthaudit_mapi_cdo_installation.md index 0375ef69e7..5ca3b6abf6 100644 --- a/docs/accessanalyzer/11.6/install/stealthauditmapicdoinstallation/stealthaudit_mapi_cdo_installation.md +++ b/docs/accessanalyzer/11.6/install/stealthauditmapicdoinstallation/stealthaudit_mapi_cdo_installation.md @@ -21,8 +21,11 @@ Microsoft Exchange MAPI CDO can be downloaded directly from Microsoft. See the [Appendix for the StealthAUDIT MAPI CDO Installation Guide](/docs/accessanalyzer/11.6/install/stealthauditmapicdoinstallation/appendix.md) for requirements and installation steps to install the Microsoft Exchange MAPI CDO. -**CAUTION:** The Enterprise Auditor MAPI CDO must be installed first before installing the Microsoft +:::warning +The Enterprise Auditor MAPI CDO must be installed first before installing the Microsoft Exchange MAPI CDO. +::: + Before installing either binary, close the Enterprise Auditor application and ensure the following requirements have been met: diff --git a/docs/accessanalyzer/11.6/requirements/activedirectory/activedirectory.md b/docs/accessanalyzer/11.6/requirements/activedirectory/activedirectory.md index 58c830d66b..960b926772 100644 --- a/docs/accessanalyzer/11.6/requirements/activedirectory/activedirectory.md +++ b/docs/accessanalyzer/11.6/requirements/activedirectory/activedirectory.md @@ -24,7 +24,7 @@ topic for target environment requirements. ## Active Directory Solution Requirements on the Enterprise Auditor Console -RAM, CPU, and Disk Space +**RAM, CPU, and Disk Space** These are dependent upon the size of the target environment: @@ -37,7 +37,7 @@ These are dependent upon the size of the target environment: ## Active Directory Solution Requirements on the SQL Server -RAM, CPU, and Disk Space +**RAM, CPU, and Disk Space** These are dependent upon the size of the target environment. diff --git a/docs/accessanalyzer/11.6/requirements/activedirectory/activedirectory/access.md b/docs/accessanalyzer/11.6/requirements/activedirectory/activedirectory/access.md index ff773c6188..e77af39406 100644 --- a/docs/accessanalyzer/11.6/requirements/activedirectory/activedirectory/access.md +++ b/docs/accessanalyzer/11.6/requirements/activedirectory/activedirectory/access.md @@ -12,18 +12,21 @@ Directory versions as targets: - Windows Server 2016 and later - Windows 2003 Forest level or higher -**NOTE:** See the Microsoft +:::note +See the Microsoft [Windows Server end of support and Microsoft 365 Apps](https://learn.microsoft.com/en-us/deployoffice/endofsupport/windows-server-support) article for additional information. +::: -Domain Controller Requirements + +**Domain Controller Requirements** The following are requirements for the domain controllers to be scanned: - .NET Framework 4.5+ installed - WINRM Service installed -Data Collectors +**Data Collectors** Successful use of the Enterprise Auditor Active Directory solution requires the necessary settings and permissions in a Microsoft® Active Directory® environment described in this topic and its @@ -47,8 +50,11 @@ The majority of jobs in the Active Directory solutions rely on tables with queri data collectors mentioned above to perform analysis and generate reports. The remaining jobs utilize data collectors to scan environments, and require additional permissions on the target host. -**_RECOMMENDED:_** Use Domain/Local Administrator privileges to run Enterprise Auditor against an +:::info +Use Domain/Local Administrator privileges to run Enterprise Auditor against an Active Directory domain controller. +::: + There is a least privilege model for scanning your domain. See the [Least Privilege Model](#least-privilege-model) topic for additional information. @@ -57,41 +63,41 @@ There is a least privilege model for scanning your domain. See the The following firewall ports are needed: -For ADInventory Data Collector +**For ADInventory Data Collector** - TCP 389 - TCP 135-139 - Randomly allocated high TCP ports -For ActiveDirectory Data Collector +**For ActiveDirectory Data Collector** - TCP 389/636 - TCP 135-139 - Randomly allocated high TCP ports -For ADActivity Data Collector +**For ADActivity Data Collector** - TCP 4494 (configurable within the Netwrix Activity Monitor) -For GroupPolicy Data Collector +**For GroupPolicy Data Collector** - TCP 389 - TCP 135-139 - Randomly allocated high TCP ports -For LDAP Data Collector +**For LDAP Data Collector** - TCP 389 -For PasswordSecurity Collector +**For PasswordSecurity Collector** - TCP 389/636 -For PowerShell Data Collector +**For PowerShell Data Collector** - Randomly allocated high TCP ports -For Registry Data Collector +**For Registry Data Collector** - TCP 135-139 - Randomly allocated high TCP ports @@ -102,7 +108,7 @@ A least privilege model can be configured based on your auditing needs and the d you will be using. The following jobs and their corresponding data collectors can be run with a least privilege permissions model. -1-AD_Scan Job Permissions +**1-AD_Scan Job Permissions** The ADInventory Data Collector in the .Active Directory Inventory > 1-AD_Scan Job has the following minimum requirements, which must be configured at the Domain level in Active Directory: @@ -110,13 +116,16 @@ minimum requirements, which must be configured at the Domain level in Active Dir - Read access to directory tree - List Contents & Read Property on the Deleted Objects Container - **NOTE:** See the Microsoft + :::note + See the Microsoft [Searching for Deleted Objects](https://technet.microsoft.com/en-us/library/cc978013.aspx) article and the Microsoft [Dsacls](https://technet.microsoft.com/en-us/library/cc771151(v=ws.11).aspx) article for additional information. + ::: + -AD_WeakPasswords Job Permissions +**AD_WeakPasswords Job Permissions** The PasswordSecurity Data Collector in the 2.Users > AD_WeakPasswords Job has the following minimum requirements: @@ -129,7 +138,7 @@ requirements: - Replicating Directory Changes in a Filtered Set - Replication Synchronization -AD_CPassword Job Permissions +**AD_CPassword Job Permissions** While the PowerShell Data Collector typically requires Domain Administrator permissions when targeting a domain controller, that level of access is not required to run the 4.Group Policy > @@ -137,7 +146,7 @@ AD_CPasswords job. The minimum requirements for running this job are: - Read access to SYSVOL on the targeted Domain Controller(s) and all of its children -AD_GroupPolicy Job Permissions +**AD_GroupPolicy Job Permissions** While the GroupPolicy Data Collector typically requires Domain Administrator permissions when targeting a domain controller, that level of access is not required to run the 4.Group Policy > @@ -145,7 +154,7 @@ AD_GroupPolicy Job. The minimum requirements for running this job are: - Requires Read permissions on Group Policy Objects -AD_PasswordPolicies Job Permissions +**AD_PasswordPolicies Job Permissions** While the LDAP Data Collector typically requires Domain Administrator permissions when targeting a domain controller, that level of access is not required to run the 4.Group Policy > @@ -153,7 +162,7 @@ AD_PasswordPolicies Job. The minimum requirements for running this job are: - Requires Read permissions on the Password Settings Container -AD_DomainControllers Job Permissions +**AD_DomainControllers Job Permissions** While the LDAP Data Collector and Active Directory Data Collector typically requires Domain Administrator permissions when targeting a domain controller, that level of access is not required @@ -167,7 +176,7 @@ this job are: See the [Variable Definitions](#variable-definitions) for variable definitions. -AD_DSRM Job Permissions +**AD_DSRM Job Permissions** While the Registry Data Collector typically requires Domain Administrator permissions when targeting a domain controller, that level of access is not required to run the 5.Domains > 0.Collection > @@ -176,7 +185,7 @@ AD_DSRM Job. The minimum requirements for running this job are: - Requires read access to the following Registry key and its children: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa -AD_TimeSync Job Permissions +**AD_TimeSync Job Permissions** While the Registry Data Collector typically requires Domain Administrator permissions when targeting a domain controller, that level of access is not required to run the 5.Domains > 0.Collection > @@ -185,7 +194,7 @@ AD_TimeSync Job. The minimum requirements for running this job are: - Requires Read access to the following Registry keys and its children: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time -AD_DomainInfo Job Permissions +**AD_DomainInfo Job Permissions** While the LDAP Data Collector and Active Directory Data Collector typically requires Domain Administrator permissions when targeting a domain controller, that level of access is not required @@ -199,7 +208,7 @@ be configured at the Domain level in Active Directory, are: See the [Variable Definitions](#variable-definitions) for variable definitions. -AD_ActivityCollection Job Permission +**AD_ActivityCollection Job Permission** The ADActivity Data Collector in the 6.Activity > 0.Collection > AD_ActivityCollection Job has the following minimum requirements: diff --git a/docs/accessanalyzer/11.6/requirements/activedirectory/activedirectory/activity/activity.md b/docs/accessanalyzer/11.6/requirements/activedirectory/activedirectory/activity/activity.md index 9c5b296782..add0db729a 100644 --- a/docs/accessanalyzer/11.6/requirements/activedirectory/activedirectory/activity/activity.md +++ b/docs/accessanalyzer/11.6/requirements/activedirectory/activedirectory/activity/activity.md @@ -23,8 +23,11 @@ In this method, you will be deploying two agents: - First, deploy an Activity Agent to a Windows server that will act as the API server. This is a non-domain controller server. - **_RECOMMENDED:_** Deploy the API Server to the same server where the Activity Monitor Console + :::info + Deploy the API Server to the same server where the Activity Monitor Console resides. + ::: + - Next, deploy the AD Agent to all domain controllers in the target domain. @@ -60,8 +63,11 @@ API server. - Copy the Client ID value to a text file. - Click **Copy** and save the Client Secret value to a text file. - **CAUTION:** It is not possible to retrieve the value after closing the Add or edit + :::warning + It is not possible to retrieve the value after closing the Add or edit API client window. It must be copied first. + ::: + - By default, the **Secret Expires** in 3 days. That means it must be used in the Enterprise Auditor Connection Profile within 72 hours or a new secret will need to be generated. Modify @@ -93,8 +99,11 @@ controller. - The **User name** and **User password** fields only need to be filled in if the account used to install the agent does not have access to this share. - _Remember,_ The account used to install the agent on a domain controller is a Domain + :::tip + Remember, The account used to install the agent on a domain controller is a Domain Administrator account. + ::: + - Click **Test** to ensure a successful connection to the network share. @@ -135,9 +144,12 @@ Enterprise Auditor now has access to the agent log files for this domain. Follow the steps to configure the Connection Profile in Enterprise Auditor. -_Remember,_ the Client ID and Client Secret were generated by the API server and copied to a text +:::tip +Remember, the Client ID and Client Secret were generated by the API server and copied to a text file. If the secret expired before the Connection Profile is configured, it will need to be re-generated. +::: + **Step 1 –** On the **Settings** > **Connection** node of the Enterprise Auditor Console, select the Connection Profile for the Active Directory solution. If you haven't yet created a Connection @@ -171,8 +183,11 @@ The Connection Profile will now be used for AD Activity collection. The Enterprise Auditor requires additional configurations in order to collect domain activity data. Follow the steps to configure the **AD_ActivityCollection** Job. -**NOTE:** Ensure that the **.Active Directory Inventory** Job Group has been successfully run +:::note +Ensure that the **.Active Directory Inventory** Job Group has been successfully run against the target domain. +::: + **Step 1 –** Navigate to the **Jobs** > **Active Directory** > **6.Activity** > **0.Collection** > **AD_ActivityCollection** Job. Select the **Configure** > **Queries** node. @@ -207,10 +222,13 @@ last step. - Relative Timespan – Set the number of days of activity logs to collect when the scan is run - Absolute Timespan – Set the date range for activity logs to collect when the scan is run -**_RECOMMENDED:_** The threshold should be set to ensure the logs are collected before the Activity +:::info +The threshold should be set to ensure the logs are collected before the Activity Monitor domain output log retention expires. For example, if Enterprise Auditor runs the **AD_ActivityCollection** Job once a week (every 7 days), then the Activity Monitor output should be configured to retain at least 10 days of log files. +::: + **Step 10 –** Set the Retention period as desired. This is the number of days Enterprise Auditor keeps the collected data in the SQL Server database. diff --git a/docs/accessanalyzer/11.6/requirements/activedirectory/activedirectory/activity/filearchive.md b/docs/accessanalyzer/11.6/requirements/activedirectory/activedirectory/activity/filearchive.md index 9f2af37a26..851e011ffc 100644 --- a/docs/accessanalyzer/11.6/requirements/activedirectory/activedirectory/activity/filearchive.md +++ b/docs/accessanalyzer/11.6/requirements/activedirectory/activedirectory/activity/filearchive.md @@ -10,7 +10,7 @@ As an alternative to using an API Server, Netwrix Activity Monitor can be confi archived logs to a network share. This option requires all of the domain logs to be stored in the same share location in order for Enterprise Auditor to collect the AD Activity data. -Prerequisite +**Prerequisite** Deploy the AD Agent to each domain controller in the target domain. @@ -18,8 +18,11 @@ Deploy the AD Agent to each domain controller in the target domain. Follow the steps to configure the agent deployed to the domain controller. -**NOTE:** These steps assume the network share where the activity log files will be archived already +:::note +These steps assume the network share where the activity log files will be archived already exists. +::: + **Step 1 –** On the Agents tab of the Activity Monitor Console, select an agent deployed to domain controller. @@ -34,10 +37,13 @@ controller. - The **User name** and **User password** fields only need to be filled in if the account used to install the agent does not have access to this share. - _Remember,_ The account used to install the agent on a domain controller is a Domain + :::tip + Remember, The account used to install the agent on a domain controller is a Domain Administrator account. This is typically the credential that will be used in the Netwrix Enterprise Auditor Connection Profile. However, a least privilege option is a domain user account with Read access to this share. + ::: + - Click **Test** to ensure a successful connection to the network share. @@ -116,8 +122,11 @@ The Connection Profile will now be used for AD Activity collection. The Enterprise Auditor requires additional configurations in order to collect domain activity data. Follow the steps to configure the **AD_ActivityCollection** Job. -**NOTE:** Ensure that the .Active Directory Inventory Job Group has been successfully run against +:::note +Ensure that the .Active Directory Inventory Job Group has been successfully run against the target domain. +::: + **Step 1 –** Navigate to the **Jobs** > **Active Directory** > **6.Activity** > **0.Collection** > **AD_ActivityCollection** Job. Select the **Configure** > **Queries** node. @@ -144,10 +153,13 @@ Click **Next**. - Relative Timespan – Set the number of days of activity logs to collect when the scan is run - Absolute Timespan – Set the date range for activity logs to collect when the scan is run -**_RECOMMENDED:_** The threshold should be set to ensure the logs are collected before the Activity +:::info +The threshold should be set to ensure the logs are collected before the Activity Monitor domain output log retention expires. For example, if Enterprise Auditor runs the **AD_ActivityCollection** Job once a week (every 7 days), then the Activity Monitor output should be configured to retain at least 10 days of log files. +::: + **Step 7 –** Set the Retention period as desired. This is the number of days Enterprise Auditor keeps the collected data in the SQL Server database. diff --git a/docs/accessanalyzer/11.6/requirements/activedirectory/activedirectory/activity/threatprevention.md b/docs/accessanalyzer/11.6/requirements/activedirectory/activedirectory/activity/threatprevention.md index 195e6c829d..9bf711d9c7 100644 --- a/docs/accessanalyzer/11.6/requirements/activedirectory/activedirectory/activity/threatprevention.md +++ b/docs/accessanalyzer/11.6/requirements/activedirectory/activedirectory/activity/threatprevention.md @@ -11,14 +11,20 @@ policies can be provided to Netwrix Enterprise Auditor for Active Directory Acti is accomplished by configuring Threat Prevention to send data to Netwrix Activity Monitor, which in turn creates the activity log files that Enterprise Auditor collects. -**NOTE:** Threat Prevention can only be configured to send event data to one Netwrix application, +:::note +Threat Prevention can only be configured to send event data to one Netwrix application, either Netwrix Activity Monitor or Netwrix Threat Manager but not both. However, the Activity Monitor can be configured with outputs for Enterprise Auditor and Threat Manager +::: + Follow these steps to configure this integration. -**_RECOMMENDED:_** It is a best practice to use the API Server option of the Activity Monitor for +:::info +It is a best practice to use the API Server option of the Activity Monitor for this integration between Threat Prevention and Enterprise Auditor. +::: + **Step 1 –** In the Threat Prevention Administration Console, click **Configuration** > **Netwrix Threat Manager Configuration** on the menu. The Netwrix Threat Manager Configuration window opens. diff --git a/docs/accessanalyzer/11.6/requirements/activedirectory/activedirectory/overview.md b/docs/accessanalyzer/11.6/requirements/activedirectory/activedirectory/overview.md index f4aa7c5a3d..8c17dbdcdf 100644 --- a/docs/accessanalyzer/11.6/requirements/activedirectory/activedirectory/overview.md +++ b/docs/accessanalyzer/11.6/requirements/activedirectory/activedirectory/overview.md @@ -28,11 +28,14 @@ topic for additional information. ## Activity Auditing Permissions -**NOTE:** Active Directory domain activity events can also be monitored through Netwrix Threat +:::note +Active Directory domain activity events can also be monitored through Netwrix Threat Prevention. This requires integration between it and Netwrix Activity Monitor to enable access to the data for Enterprise Auditor Active Directory Activity scans. See the [Getting Data from NTP for AD Activity Reporting](/docs/accessanalyzer/11.6/requirements/activedirectory/activedirectory/activity/threatprevention.md) topic for additional information. +::: + Requirements to Deploy the AD Agent on the Domain Controller @@ -44,19 +47,22 @@ server: - Membership in the Domain Administrators group - READ and WRITE access to the archive location for Archiving feature only -**NOTE:** For monitoring an Active Directory domain, the AD Agent must be installed on all domain +:::note +For monitoring an Active Directory domain, the AD Agent must be installed on all domain controllers within the domain to be monitored. +::: + For integration between the Activity Monitor and Enterprise Auditor, the credential used by Enterprise Auditor to read the activity log files must have also have this permission. -Activity Monitor Archive Location +**Activity Monitor Archive Location** If the activity log files are being archived, configurable within the Netwrix Activity Monitor Console, then the credential used by Enterprise Auditor to read the activity log files must also have READ and WRITE permissions on the archive location. -Integration with Enterprise Auditor +**Integration with Enterprise Auditor** See the [Active Directory Activity Auditing Configuration](/docs/accessanalyzer/11.6/requirements/activedirectory/activedirectory/activity/activity.md) diff --git a/docs/accessanalyzer/11.6/requirements/activedirectorypermissionsanalyzer/activedirectorypermissionsanalyzer.md b/docs/accessanalyzer/11.6/requirements/activedirectorypermissionsanalyzer/activedirectorypermissionsanalyzer.md index c29571cbad..6ae3688d3f 100644 --- a/docs/accessanalyzer/11.6/requirements/activedirectorypermissionsanalyzer/activedirectorypermissionsanalyzer.md +++ b/docs/accessanalyzer/11.6/requirements/activedirectorypermissionsanalyzer/activedirectorypermissionsanalyzer.md @@ -12,12 +12,12 @@ Server, and Access Information Center. See the topic for the core requirements. See the -[Domain Target Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/activedirectorypermissionsanalyzer/activedirectorypermissionsanalyzer_1.md) +[Domain Target Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/activedirectorypermissionsanalyzer/target.md) topic for target environment requirements. ## Active Directory Permissions Analyzer Solution Requirements on the Enterprise Auditor Console -RAM, CPU, and Disk Space +**RAM, CPU, and Disk Space** These are dependent upon the size of the target environment: @@ -30,7 +30,7 @@ These are dependent upon the size of the target environment: ## Active Directory Permissions Analyzer Solution Requirements on the SQL Server -RAM, CPU, and Disk Space +**RAM, CPU, and Disk Space** These are dependent upon the size of the target environment. diff --git a/docs/accessanalyzer/11.6/requirements/activedirectorypermissionsanalyzer/activedirectorypermissionsanalyzer_1.md b/docs/accessanalyzer/11.6/requirements/activedirectorypermissionsanalyzer/target.md similarity index 90% rename from docs/accessanalyzer/11.6/requirements/activedirectorypermissionsanalyzer/activedirectorypermissionsanalyzer_1.md rename to docs/accessanalyzer/11.6/requirements/activedirectorypermissionsanalyzer/target.md index a3fd99602c..9cf97cac6b 100644 --- a/docs/accessanalyzer/11.6/requirements/activedirectorypermissionsanalyzer/activedirectorypermissionsanalyzer_1.md +++ b/docs/accessanalyzer/11.6/requirements/activedirectorypermissionsanalyzer/target.md @@ -12,18 +12,21 @@ following Active Directory versions as targets: - Windows Server 2016 and later - Windows 2003 Forest level or higher -**NOTE:** See the Microsoft +:::note +See the Microsoft [Windows Server end of support and Microsoft 365 Apps](https://learn.microsoft.com/en-us/deployoffice/endofsupport/windows-server-support) article for additional information. +::: -Domain Controller Requirements + +**Domain Controller Requirements** The following are requirements for the domain controllers to be scanned: - .NET Framework 4.5+ installed - WINRM Service installed -Data Collectors +**Data Collectors** Successful use of the Enterprise Auditor Active Directory Permissions Analyzer solution requires the necessary settings and permissions in a Microsoft® Active Directory® environment described in this @@ -42,13 +45,13 @@ topic and its subtopics. This solution employs the following data collectors to The following firewall ports are needed: -For ADInventory Data Collector +**For ADInventory Data Collector** - TCP 389 - TCP 135-139 - Randomly allocated high TCP ports -For ADPermissions Data Collector +**For ADPermissions Data Collector** - TCP 389 - TCP 135 – 139 diff --git a/docs/accessanalyzer/11.6/requirements/aws/aws.md b/docs/accessanalyzer/11.6/requirements/aws/aws.md index 900908d9a2..a0abe6e7a6 100644 --- a/docs/accessanalyzer/11.6/requirements/aws/aws.md +++ b/docs/accessanalyzer/11.6/requirements/aws/aws.md @@ -15,12 +15,12 @@ The Sensitive Data Discovery Add-On must be installed on the Enterprise Auditor which enables Sensitive Data criteria for scans. See the -[Target Amazon Web Service Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/aws/aws_1.md) +[Target Amazon Web Service Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/aws/target.md) topic for target environment requirements. ## AWS Solution Requirements on the Enterprise Auditor Console -RAM, CPU, and Disk Space +**RAM, CPU, and Disk Space** These are dependent upon the size of the target environment: @@ -31,26 +31,32 @@ These are dependent upon the size of the target environment: | Cores | 4 CPU | 2 CPU | | Disk Space | 30 GB | 30 GB | -**NOTE:** If running Sensitive Data Discovery (SDD) scans, it will be necessary to increase the +:::note +If running Sensitive Data Discovery (SDD) scans, it will be necessary to increase the minimum amount of RAM. Each thread requires a minimum of 2 additional GB of RAM per host. For example, if the job is configured to scan 8 hosts at a time , then an extra 16 GB of RAM are required (8x2=16). +::: -Sensitive Data Discovery Auditing Requirement + +**Sensitive Data Discovery Auditing Requirement** The following is required to run Sensitive Data Discovery scans: - Sensitive Data Discovery Add-On installed on the Enterprise Auditor Console server -**NOTE:** The Sensitive Data Discovery Add-on installation package installs the appropriate JDK +:::note +The Sensitive Data Discovery Add-on installation package installs the appropriate JDK (Java) version on the server. The JDK deployed is prepackaged and does not require any configuration; it has been preconfigured to work with Enterprise Auditor and should never be customized through Java. It will not conflict with other JDKs or Java Runtimes in the same environment. +::: + ## AWS Solution Requirements on the SQL Server -RAM, CPU, and Disk Space +**RAM, CPU, and Disk Space** These are dependent upon the size of the target environment. diff --git a/docs/accessanalyzer/11.6/requirements/aws/aws_2.md b/docs/accessanalyzer/11.6/requirements/aws/configurescans.md similarity index 96% rename from docs/accessanalyzer/11.6/requirements/aws/aws_2.md rename to docs/accessanalyzer/11.6/requirements/aws/configurescans.md index 4d25cf98a0..e3815d78b2 100644 --- a/docs/accessanalyzer/11.6/requirements/aws/aws_2.md +++ b/docs/accessanalyzer/11.6/requirements/aws/configurescans.md @@ -86,10 +86,11 @@ and click **Create policy**. **Step 7 –** Click **Create Policy**. -**NOTE:** If the designated scanning account is not in Root (Master Account), create a second policy +:::note +If the designated scanning account is not in Root (Master Account), create a second policy in the Master Account with the following JSON definition: +::: -[Copy](javascript:void(0);) ``` { @@ -117,8 +118,11 @@ listing IAM users. The following steps will need to be completed in each target account. For this, you will need the Account ID of the designating scanning account. -**NOTE:** If the scanning account is also a target account, be sure to complete these steps for the +:::note +If the scanning account is also a target account, be sure to complete these steps for the scanning account as well. +::: + **Step 1 –** Sign into the Identity and Access Management Console (IAM) as an administrator of the target account. @@ -193,8 +197,11 @@ scanning account. } ``` -**NOTE:** Replace `ROLENAME` with the name of the role that was created. If the `ROLENAME` is +:::note +Replace `ROLENAME` with the name of the role that was created. If the `ROLENAME` is different in each account, then a policy will need to be created for each distinct role name. +::: + **Step 5 –** Click **Review Policy**. diff --git a/docs/accessanalyzer/11.6/requirements/aws/aws_1.md b/docs/accessanalyzer/11.6/requirements/aws/target.md similarity index 95% rename from docs/accessanalyzer/11.6/requirements/aws/aws_1.md rename to docs/accessanalyzer/11.6/requirements/aws/target.md index a7768403c2..d4b6da5a76 100644 --- a/docs/accessanalyzer/11.6/requirements/aws/aws_1.md +++ b/docs/accessanalyzer/11.6/requirements/aws/target.md @@ -13,7 +13,7 @@ data from target AWS accounts. It scans: - Amazon AWS IAM - Amazon AWS S3 -Data Collector +**Data Collector** This solution employs the following data collector to scan the target environment: @@ -45,13 +45,13 @@ collected: - s3:List\* This provides a least privilege model for your auditing needs. See the -[Configure AWS for Scans](/docs/accessanalyzer/11.6/requirements/aws/aws_2.md) +[Configure AWS for Scans](/docs/accessanalyzer/11.6/requirements/aws/configurescans.md) topic for additional information. ## Ports The following firewall ports are needed: -For AWS Data Collector +**For AWS Data Collector** - 443 diff --git a/docs/accessanalyzer/11.6/requirements/box/box.md b/docs/accessanalyzer/11.6/requirements/box/box.md index 2fcb52d778..875bb59df6 100644 --- a/docs/accessanalyzer/11.6/requirements/box/box.md +++ b/docs/accessanalyzer/11.6/requirements/box/box.md @@ -12,12 +12,12 @@ Server, and Access Information Center. See the topic for the core requirements. See the -[Target Box Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/box/box_1.md) +[Target Box Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/box/target.md) topic for target environment requirements. ## Box Solution Requirements on the Enterprise Auditor Console -RAM, CPU, and Disk Space +**RAM, CPU, and Disk Space** These are dependent upon the size of the target environment: @@ -30,7 +30,7 @@ These are dependent upon the size of the target environment: ## Box Solution Requirements on the SQL Server -RAM, CPU, and Disk Space +**RAM, CPU, and Disk Space** These are dependent upon the size of the target environment. diff --git a/docs/accessanalyzer/11.6/requirements/box/box_1.md b/docs/accessanalyzer/11.6/requirements/box/target.md similarity index 85% rename from docs/accessanalyzer/11.6/requirements/box/box_1.md rename to docs/accessanalyzer/11.6/requirements/box/target.md index 3ef05231c9..a336f4071b 100644 --- a/docs/accessanalyzer/11.6/requirements/box/box_1.md +++ b/docs/accessanalyzer/11.6/requirements/box/target.md @@ -10,13 +10,13 @@ The Enterprise Auditor for Box scans: - Box for Business -Box Requirements +**Box Requirements** The following are requirements from the target environment: - Enterprise_ID of the target Box environment -Data Collectors +**Data Collectors** This solution employs the following data collector to scan the target environment: @@ -25,18 +25,21 @@ This solution employs the following data collector to scan the target environmen ## Permissions -For .Active Directory Inventory Prerequisite +**For .Active Directory Inventory Prerequisite** - Read access to directory tree - List Contents & Read Property on the Deleted Objects Container - **NOTE:** See the Microsoft + :::note + See the Microsoft [Searching for Deleted Objects](https://technet.microsoft.com/en-us/library/cc978013.aspx) article and the Microsoft [Dsacls](https://technet.microsoft.com/en-us/library/cc771151(v=ws.11).aspx) article for additional information. + ::: -For Box Data Collection + +**For Box Data Collection** Box scans require the Enterprise Admin or Co-Admin account credentials to generate an authorization code. The following can be used as a least privilege model: @@ -48,8 +51,11 @@ code. The following can be used as a least privilege model: [Co-Admin Permissions Required to Run Reports](https://support.box.com/hc/en-us/articles/15518640907283-Co-Admin-Permissions-Required-to-Run-Reports) article for details on enabling this permission -**NOTE:** Scans run with Co-Admin account credentials will complete. However, the data returned from +:::note +Scans run with Co-Admin account credentials will complete. However, the data returned from the scan might not include content owned by the Enterprise Admin account. +::: + See the [Recommended Configurations for the Box Solution](/docs/accessanalyzer/11.6/solutions/box/recommended.md) @@ -59,13 +65,13 @@ topic for additional information. The following firewall ports are needed: -For ADInventory Data Collector +**For ADInventory Data Collector** - TCP 389 - TCP 135-139 - Randomly allocated high TCP ports -For Box Data Collector +**For Box Data Collector** - TCP 80 - TCP 443 diff --git a/docs/accessanalyzer/11.6/requirements/databases/databases.md b/docs/accessanalyzer/11.6/requirements/databases/databases.md index 6e34b4ec22..cb9290680d 100644 --- a/docs/accessanalyzer/11.6/requirements/databases/databases.md +++ b/docs/accessanalyzer/11.6/requirements/databases/databases.md @@ -21,17 +21,17 @@ which enables Sensitive Data criteria for scans. See the following topics for target environment requirements: -- [Target Db2 Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/databases/databasedb2.md) -- [Target MongoDB Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/databases/databasemongodb.md) -- [Target MySQL Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/databases/databasemysql.md) -- [Target Oracle Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/databases/databaseoracle/databaseoracle.md) -- [Target PostgreSQL Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/databases/databasepostgresql.md) -- [Target Redshift Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/databases/databaseredshift.md) -- [Target SQL Server Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/databases/databasesql/databasesql.md) +- [Target Db2 Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/databases/db2.md) +- [Target MongoDB Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/databases/mongodb.md) +- [Target MySQL Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/databases/mysql.md) +- [Target Oracle Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/databases/oracle/oracle.md) +- [Target PostgreSQL Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/databases/postgresql.md) +- [Target Redshift Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/databases/redshift.md) +- [Target SQL Server Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/databases/sql/sql.md) ## Databases Solution Requirements on the Enterprise Auditor Console -RAM, CPU, and Disk Space +**RAM, CPU, and Disk Space** These are dependent upon the size of the target environment: @@ -42,12 +42,15 @@ These are dependent upon the size of the target environment: | Cores | 8 CPU | 8 CPU | 4 CPU | 2 CPU | | Disk Space | 460 GB | 280 GB | 160 GB | 80 GB | -**NOTE:** If running Sensitive Data Discovery (SDD) scans, it will be necessary to increase the +:::note +If running Sensitive Data Discovery (SDD) scans, it will be necessary to increase the minimum amount of RAM. Each thread requires a minimum of 2 additional GB of RAM per host.For example, if the job is configured to scan 8 hosts at a time , then an extra 16 GB of RAM are required (8x2=16). +::: -Additional Server Considerations for Oracle Scans + +**Additional Server Considerations for Oracle Scans** For scanning Oracle databases, the following are additional requirements for the Console server: @@ -56,28 +59,31 @@ For scanning Oracle databases, the following are additional requirements for the - NMAP installed - For Instance Discovery, NMAP installed -Additional Server Considerations for SQL Server Scans +**Additional Server Considerations for SQL Server Scans** For scanning SQL databases, the following are additional requirements for the Console server: - Windows Management Framework 3+ installed - PowerShell 3.0+ installed -Sensitive Data Discovery Auditing Requirement +**Sensitive Data Discovery Auditing Requirement** The following is required to run Sensitive Data Discovery scans: - Sensitive Data Discovery Add-On installed on the Enterprise Auditor Console server -**NOTE:** The Sensitive Data Discovery Add-on installation package installs the appropriate JDK +:::note +The Sensitive Data Discovery Add-on installation package installs the appropriate JDK (Java) version on the server. The JDK deployed is prepackaged and does not require any configuration; it has been preconfigured to work with Enterprise Auditor and should never be customized through Java. It will not conflict with other JDKs or Java Runtimes in the same environment. +::: + ## Databases Solution Requirements on the SQL Server -RAM, CPU, and Disk Space +**RAM, CPU, and Disk Space** These are dependent upon the size of the target environment. diff --git a/docs/accessanalyzer/11.6/requirements/databases/databasedb2.md b/docs/accessanalyzer/11.6/requirements/databases/db2.md similarity index 87% rename from docs/accessanalyzer/11.6/requirements/databases/databasedb2.md rename to docs/accessanalyzer/11.6/requirements/databases/db2.md index 0cdc580653..4451fd6807 100644 --- a/docs/accessanalyzer/11.6/requirements/databases/databasedb2.md +++ b/docs/accessanalyzer/11.6/requirements/databases/db2.md @@ -11,7 +11,7 @@ environments to collect permissions and sensitive data. It scans: - DB2LUW 11+ -Target Db2 Requirements +**Target Db2 Requirements** Successful installation of the IBM Data Server Client is required to run the Db2 Job Group. In addition, the following clients and drivers must be installed: @@ -24,13 +24,16 @@ addition, the following clients and drivers must be installed: - IBM Database Add-Ins for Visual Studio - IBM .NET Driver NuGet -**NOTE:** All necessary clients and drivers can be found on IBM Support's +:::note +All necessary clients and drivers can be found on IBM Support's [Download initial version 11.5 clients and drivers](https://www.ibm.com/support/pages/download-initial-version-115-clients-and-drivers) page. From the list of available packages, select the IBM Data Server Client, which is the all-in-one client package. This package includes all of the client tools and available libraries, as well as the add-ins for Visual Studio. +::: -Data Collectors + +**Data Collectors** This solution employs the following data collector to scan the target environment: @@ -39,27 +42,30 @@ This solution employs the following data collector to scan the target environmen ## Permissions -For .Active Directory Inventory Prerequisite +**For .Active Directory Inventory Prerequisite** - Read access to directory tree - List Contents & Read Property on the Deleted Objects Container - **NOTE:** See the Microsoft + :::note + See the Microsoft [Searching for Deleted Objects](https://technet.microsoft.com/en-us/library/cc978013.aspx) article and the Microsoft [Dsacls](https://technet.microsoft.com/en-us/library/cc771151(v=ws.11).aspx) article for additional information. + ::: + ## Ports The following firewall ports are needed: -For ADInventory Data Collector +**For ADInventory Data Collector** - TCP 389 - TCP 135-139 - Randomly allocated high TCP ports -For SQL Data Collector +**For SQL Data Collector** - Specified by Instances table (default is 5000) diff --git a/docs/accessanalyzer/11.6/requirements/databases/databasemongodb.md b/docs/accessanalyzer/11.6/requirements/databases/mongodb.md similarity index 91% rename from docs/accessanalyzer/11.6/requirements/databases/databasemongodb.md rename to docs/accessanalyzer/11.6/requirements/databases/mongodb.md index 1d8ada9c5d..4bb081559e 100644 --- a/docs/accessanalyzer/11.6/requirements/databases/databasemongodb.md +++ b/docs/accessanalyzer/11.6/requirements/databases/mongodb.md @@ -14,12 +14,12 @@ database environments to collect permissions and sensitive data. It scans: - MongoDB 7.0 - Windows and Linux distributions supported by MongoDB -Target MongoDB Requirements for Sensitive Data Discovery Scans +**Target MongoDB Requirements for Sensitive Data Discovery Scans** - .NET Framework 4.8 is required to run the MongoDB_SensitiveDataScan Job - MongoDB Cluster on Windows Only – Domain Administrator or Local Administrator privilege -Data Collectors +**Data Collectors** This solution employs the following data collector to scan the target environment: @@ -27,7 +27,7 @@ This solution employs the following data collector to scan the target environmen ## Permissions -For MongoDB Prerequisite +**For MongoDB Prerequisite** - Read Only access to ALL databases in the MongoDB Cluster including: @@ -46,7 +46,7 @@ For MongoDB Prerequisite The following firewall ports are needed: -For NoSQL Data Collector +**For NoSQL Data Collector** - MongoDB Cluster - Default port is 27017 (A custom port can be configured) diff --git a/docs/accessanalyzer/11.6/requirements/databases/databasemysql.md b/docs/accessanalyzer/11.6/requirements/databases/mysql.md similarity index 89% rename from docs/accessanalyzer/11.6/requirements/databases/databasemysql.md rename to docs/accessanalyzer/11.6/requirements/databases/mysql.md index 5918b9cb9f..6756c54a8d 100644 --- a/docs/accessanalyzer/11.6/requirements/databases/databasemysql.md +++ b/docs/accessanalyzer/11.6/requirements/databases/mysql.md @@ -15,13 +15,13 @@ database environments to collect permissions and sensitive data. It scans: - Amazon Aurora MySQL Engine - MariaDB 10.x -Target MySQL Requirements +**Target MySQL Requirements** The following are requirements for the MySQL to be scanned: - WINRM Service installed and enabled — Required only if MySQL is running on Windows -Data Collectors +**Data Collectors** This solution employs the following data collector to scan the target environment: @@ -41,18 +41,21 @@ This solution employs the following data collector to scan the target environmen ## Permissions -For .Active Directory Inventory Prerequisite +**For .Active Directory Inventory Prerequisite** - Read access to directory tree - List Contents & Read Property on the Deleted Objects Container - **NOTE:** See the Microsoft + :::note + See the Microsoft [Searching for Deleted Objects](https://technet.microsoft.com/en-us/library/cc978013.aspx) article and the Microsoft [Dsacls](https://technet.microsoft.com/en-us/library/cc771151(v=ws.11).aspx) article for additional information. + ::: -For MySQL Data Collection + +**For MySQL Data Collection** - Read access to MySQL instance to include all databases contained within each instance - Windows Only — Domain Admin or Local Admin privilege @@ -61,12 +64,12 @@ For MySQL Data Collection The following firewall ports are needed: -For ADInventory Data Collector +**For ADInventory Data Collector** - TCP 389 - TCP 135-139 - Randomly allocated high TCP ports -For SQL Data Collector +**For SQL Data Collector** - Specified by Instances table (default is 3306) diff --git a/docs/accessanalyzer/11.6/requirements/databases/databaseoracle/_category_.json b/docs/accessanalyzer/11.6/requirements/databases/oracle/_category_.json similarity index 85% rename from docs/accessanalyzer/11.6/requirements/databases/databaseoracle/_category_.json rename to docs/accessanalyzer/11.6/requirements/databases/oracle/_category_.json index 05441fdb31..9ce44c9a29 100644 --- a/docs/accessanalyzer/11.6/requirements/databases/databaseoracle/_category_.json +++ b/docs/accessanalyzer/11.6/requirements/databases/oracle/_category_.json @@ -5,6 +5,6 @@ "collapsible": true, "link": { "type": "doc", - "id": "databaseoracle" + "id": "oracle" } } \ No newline at end of file diff --git a/docs/accessanalyzer/11.6/requirements/databases/databaseoracle/databaseoracle_1.md b/docs/accessanalyzer/11.6/requirements/databases/oracle/leastprivilege.md similarity index 97% rename from docs/accessanalyzer/11.6/requirements/databases/databaseoracle/databaseoracle_1.md rename to docs/accessanalyzer/11.6/requirements/databases/oracle/leastprivilege.md index 9a93132c7b..7613353719 100644 --- a/docs/accessanalyzer/11.6/requirements/databases/databaseoracle/databaseoracle_1.md +++ b/docs/accessanalyzer/11.6/requirements/databases/oracle/leastprivilege.md @@ -20,9 +20,12 @@ Oracle environment (SQL Plus or SQL Developer): GRANT CREATE SESSION TO %USERNAME%;          ``` -**NOTE:** The above command will grant the privilege only in the current container. To follow the +:::note +The above command will grant the privilege only in the current container. To follow the least privilege model, only grant the privilege on the containers (or pluggable databases) that you will be scanning with Enterprise Auditor. +::: + However, if you target all of your pluggable databases, then to grant the **Create Session** privilege on all of those containers at once, run the following command: @@ -55,8 +58,11 @@ Set-ExecutionPolicy -ExecutionPolicy Unrestricted           In case of Linux and UNIX hosts, the `plink` command needs to be executed on the Enterprise Auditor Console server to update the local file with the SSH keys. -**NOTE:** The plink utility in the Enterprise Auditor installation directory has to be used. A +:::note +The plink utility in the Enterprise Auditor installation directory has to be used. A version of plink gets installed with the Nmap utility. +::: + The syntax is as follows: @@ -93,7 +99,10 @@ or SQL\*Plus: GRANT SELECT ON DUAL TO %USERNAME%; ``` -**NOTE:** Replace `%USERNAME%` with the actual username of the user. +:::note +Replace `%USERNAME%` with the actual username of the user. +::: + ``` CONTAINER_DATA=ALL FOR %NAME_OF_PLUGGABLE_DATABASE% CONTAINER = CURRENT; diff --git a/docs/accessanalyzer/11.6/requirements/databases/databaseoracle/databaseoracle.md b/docs/accessanalyzer/11.6/requirements/databases/oracle/oracle.md similarity index 84% rename from docs/accessanalyzer/11.6/requirements/databases/databaseoracle/databaseoracle.md rename to docs/accessanalyzer/11.6/requirements/databases/oracle/oracle.md index 120d4056fd..8edd619d92 100644 --- a/docs/accessanalyzer/11.6/requirements/databases/databaseoracle/databaseoracle.md +++ b/docs/accessanalyzer/11.6/requirements/databases/oracle/oracle.md @@ -13,7 +13,7 @@ database environments to collect permissions, sensitive data, and activity event - Oracle Database 18c - Oracle Database 19c -Data Collectors +**Data Collectors** This solution employs the following data collector to scan the target environment: @@ -23,45 +23,48 @@ This solution employs the following data collector to scan the target environmen ## Permissions -For .Active Directory Inventory Prerequisite +**For .Active Directory Inventory Prerequisite** - Read access to directory tree - List Contents & Read Property on the Deleted Objects Container - **NOTE:** See the Microsoft + :::note + See the Microsoft [Searching for Deleted Objects](https://technet.microsoft.com/en-us/library/cc978013.aspx) article and the Microsoft [Dsacls](https://technet.microsoft.com/en-us/library/cc771151(v=ws.11).aspx) article for additional information. + ::: -For PowerShell Data Collection + +**For PowerShell Data Collection** - Member of the Local Administrators group -For Oracle Data Collection +**For Oracle Data Collection** - User with SYSDBA role - Local Administrator on the target servers – Only applies to Windows Servers and not on Linux or Unix operating systems There is a least privilege model for scanning your domain. See the -[Oracle Target Least Privilege Model](/docs/accessanalyzer/11.6/requirements/databases/databaseoracle/databaseoracle_1.md) +[Oracle Target Least Privilege Model](/docs/accessanalyzer/11.6/requirements/databases/oracle/leastprivilege.md) topic for additional information. ## Ports The following firewall ports are needed: -For ADInventory Data Collector +**For ADInventory Data Collector** - TCP 389 - TCP 135-139 - Randomly allocated high TCP ports -For PowerShell Data Collector +**For PowerShell Data Collector** - Randomly allocated high TCP ports -For SQL Data Collector +**For SQL Data Collector** - Specified by Instances table (default is 1521) diff --git a/docs/accessanalyzer/11.6/requirements/databases/databasepostgresql.md b/docs/accessanalyzer/11.6/requirements/databases/postgresql.md similarity index 89% rename from docs/accessanalyzer/11.6/requirements/databases/databasepostgresql.md rename to docs/accessanalyzer/11.6/requirements/databases/postgresql.md index 5b0212a6fd..eb0efa22a0 100644 --- a/docs/accessanalyzer/11.6/requirements/databases/databasepostgresql.md +++ b/docs/accessanalyzer/11.6/requirements/databases/postgresql.md @@ -14,7 +14,7 @@ database environments to collect permissions and sensitive data. It scans: - Amazon AWS Aurora PostgreSQL Engine (all versions supported by Amazon AWS) - Azure PostgreSQL (9.6) -Data Collectors +**Data Collectors** This solution employs the following data collector to scan the target environment: @@ -29,18 +29,21 @@ This solution employs the following data collector to scan the target environmen ## Permissions -For .Active Directory Inventory Prerequisite +**For .Active Directory Inventory Prerequisite** - Read access to directory tree - List Contents & Read Property on the Deleted Objects Container - **NOTE:** See the Microsoft + :::note + See the Microsoft [Searching for Deleted Objects](https://technet.microsoft.com/en-us/library/cc978013.aspx) article and the Microsoft [Dsacls](https://technet.microsoft.com/en-us/library/cc771151(v=ws.11).aspx) article for additional information. + ::: -For PostgreSQL Data Collection + +**For PostgreSQL Data Collection** - Read access to all the databases in PostgreSQL cluster or instance - Windows Only — Domain Admin or Local Admin privilege @@ -49,12 +52,12 @@ For PostgreSQL Data Collection The following firewall ports are needed: -For ADInventory Data Collector +**For ADInventory Data Collector** - TCP 389 - TCP 135-139 - Randomly allocated high TCP ports -For SQL Data Collector +**For SQL Data Collector** - Specified by Instances table (default is 5432) diff --git a/docs/accessanalyzer/11.6/requirements/databases/databaseredshift.md b/docs/accessanalyzer/11.6/requirements/databases/redshift.md similarity index 89% rename from docs/accessanalyzer/11.6/requirements/databases/databaseredshift.md rename to docs/accessanalyzer/11.6/requirements/databases/redshift.md index 1a2bae28eb..7695bb3084 100644 --- a/docs/accessanalyzer/11.6/requirements/databases/databaseredshift.md +++ b/docs/accessanalyzer/11.6/requirements/databases/redshift.md @@ -12,7 +12,7 @@ database environments to collect permissions and sensitive data. It scans: - Amazon AWS Redshift - AWS Redshift Cluster -Target Redshift Requirements +**Target Redshift Requirements** - Creation of a user name and password through the AWS portal. - Successful retrieval of the following items from the AWS website: @@ -28,7 +28,7 @@ Additional requirements for Sensitive Data Discovery: - Windows Only – Domain Administrator or Local Administrator privilege -Data Collectors +**Data Collectors** This solution employs the following data collector to scan the target environment: @@ -37,18 +37,21 @@ This solution employs the following data collector to scan the target environmen ## Permissions -For .Active Directory Inventory Prerequisite +**For .Active Directory Inventory Prerequisite** - Read access to directory tree - List Contents & Read Property on the Deleted Objects Container - **NOTE:** See the Microsoft + :::note + See the Microsoft [Searching for Deleted Objects](https://technet.microsoft.com/en-us/library/cc978013.aspx) article and the Microsoft [Dsacls](https://technet.microsoft.com/en-us/library/cc771151(v=ws.11).aspx) article for additional information. + ::: -For Redshift Data Collection + +**For Redshift Data Collection** - Read-access to the following tables: @@ -59,7 +62,7 @@ For Redshift Data Collection The following firewall ports are needed: -For ADInventory Data Collector +**For ADInventory Data Collector** - TCP 389 - TCP 135-139 diff --git a/docs/accessanalyzer/11.6/requirements/databases/databasesql/_category_.json b/docs/accessanalyzer/11.6/requirements/databases/sql/_category_.json similarity index 87% rename from docs/accessanalyzer/11.6/requirements/databases/databasesql/_category_.json rename to docs/accessanalyzer/11.6/requirements/databases/sql/_category_.json index db61b0f1ee..cde20c123c 100644 --- a/docs/accessanalyzer/11.6/requirements/databases/databasesql/_category_.json +++ b/docs/accessanalyzer/11.6/requirements/databases/sql/_category_.json @@ -5,6 +5,6 @@ "collapsible": true, "link": { "type": "doc", - "id": "databasesql" + "id": "sql" } } \ No newline at end of file diff --git a/docs/accessanalyzer/11.6/requirements/databases/databasesql/databaseazuresql.md b/docs/accessanalyzer/11.6/requirements/databases/sql/azuresql.md similarity index 81% rename from docs/accessanalyzer/11.6/requirements/databases/databasesql/databaseazuresql.md rename to docs/accessanalyzer/11.6/requirements/databases/sql/azuresql.md index 2ce0ef2f01..802afb4d1e 100644 --- a/docs/accessanalyzer/11.6/requirements/databases/databasesql/databaseazuresql.md +++ b/docs/accessanalyzer/11.6/requirements/databases/sql/azuresql.md @@ -12,10 +12,13 @@ leveraged by AzureSQL to return the required audit logs. See the [Auditing for Azure SQL Database and Azure Synapse Analytics](https://docs.microsoft.com/en-us/azure/azure-sql/database/auditing-overview?view=azuresql) Microsoft Knowledge Base article for additional information. -**_RECOMMENDED:_** It is recommended to create a new user when leveraging a least privilege access +:::info +It is recommended to create a new user when leveraging a least privilege access model to access the AzureSQL database because the user must exist in the master database and all target database(s). A least privilege access model is one that uses the bare minimum privileges required to carry out collections for the AzureSQL data collector. +::: + The following role and permission are required for the Least Privilege Model: @@ -23,34 +26,37 @@ The following role and permission are required for the Least Privilege Model: - View Database Performance State permission - Control permission on target database(s) - **NOTE:** Control permission must be granted on any database you wish to collect data for. + :::note + Control permission must be granted on any database you wish to collect data for. + ::: + Follow the steps to configure the least privilege access model for AzureSQL collections. **Step 1 –** To login with the user, run the following script against the master database: -CREATE LOGIN LPAUser WITH PASSWORD = [insert password] +`CREATE LOGIN LPAUser WITH PASSWORD = [insert password]` CREATE USER LPAUser FROM LOGIN LPAUser **Step 2 –** Create the user in the target database with the following script: -CREATE USER LPAUser FROM LOGIN LPAUser +`CREATE USER LPAUser FROM LOGIN LPAUser` Once complete, confirm that the newly created user exists in the instance of the master database and the target database before proceeding to the next step. **Step 3 –** Run the following script against the target database to apply the db_datareader role: -EXEC sp_addrolemember N’db_datareader’, N’LPAUser’ +`EXEC sp_addrolemember N’db_datareader’, N’LPAUser’` **Step 4 –** Apply the View Database State Permission against the target database with the following script: -GRANT VIEW DATABASE PERFORMANCE STATE TO LPAUSER +`GRANT VIEW DATABASE PERFORMANCE STATE TO LPAUSER` **Step 5 –** Grant the control permission with the following script: -GRANT CONTROL ON DATABASE +`GRANT CONTROL ON DATABASE` The user is granted Control permission based on the least privilege access model. diff --git a/docs/accessanalyzer/11.6/requirements/databases/databasesql/azuresqlaccess.md b/docs/accessanalyzer/11.6/requirements/databases/sql/azuresqlaccess.md similarity index 81% rename from docs/accessanalyzer/11.6/requirements/databases/databasesql/azuresqlaccess.md rename to docs/accessanalyzer/11.6/requirements/databases/sql/azuresqlaccess.md index 37d1d43a46..6629e7efc7 100644 --- a/docs/accessanalyzer/11.6/requirements/databases/databasesql/azuresqlaccess.md +++ b/docs/accessanalyzer/11.6/requirements/databases/sql/azuresqlaccess.md @@ -56,101 +56,101 @@ example below) and save it to a local directory. "description": "This is a custom role created for use by StealthAUDIT Azure SQL Job Group for Azure SQL Database discovery and auditing", - "assignableScopes": ["/subscriptions/"], +**"assignableScopes": ["/subscriptions/"],** "permissions": [ { "actions": [ "Microsoft.Authorization/\*/read", - "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action", +**"Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",** "Microsoft.Sql/locations/administratorAzureAsyncOperation/read", - "Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/\*", +**"Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/\*",** "Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/\*", - "Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/\*", +**"Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/\*",** "Microsoft.Sql/managedInstances/databases/securityAlertPolicies/\*", - "Microsoft.Sql/managedInstances/databases/sensitivityLabels/\*", +**"Microsoft.Sql/managedInstances/databases/sensitivityLabels/\*",** "Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/\*", - "Microsoft.Sql/managedInstances/securityAlertPolicies/\*", +**"Microsoft.Sql/managedInstances/securityAlertPolicies/\*",** "Microsoft.Sql/managedInstances/databases/transparentDataEncryption/\*", - "Microsoft.Sql/managedInstances/vulnerabilityAssessments/\*", +**"Microsoft.Sql/managedInstances/vulnerabilityAssessments/\*",** "Microsoft.Sql/servers/extendedAuditingSettings/read", - "Microsoft.Sql/servers/databases/auditRecords/read", +**"Microsoft.Sql/servers/databases/auditRecords/read",** "Microsoft.Sql/servers/databases/currentSensitivityLabels/\*", - "Microsoft.Sql/servers/databases/dataMaskingPolicies/\*", +**"Microsoft.Sql/servers/databases/dataMaskingPolicies/\*",** "Microsoft.Sql/servers/databases/extendedAuditingSettings/read", - "Microsoft.Sql/servers/databases/read", +**"Microsoft.Sql/servers/databases/read",** "Microsoft.Sql/servers/databases/recommendedSensitivityLabels/\*", - "Microsoft.Sql/servers/databases/schemas/read", +**"Microsoft.Sql/servers/databases/schemas/read",** "Microsoft.Sql/servers/databases/schemas/tables/columns/read", - "Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/\*", +**"Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/\*",** "Microsoft.Sql/servers/databases/schemas/tables/read", - "Microsoft.Sql/servers/databases/securityAlertPolicies/\*", +**"Microsoft.Sql/servers/databases/securityAlertPolicies/\*",** "Microsoft.Sql/servers/databases/securityMetrics/\*", - "Microsoft.Sql/servers/databases/sensitivityLabels/\*", +**"Microsoft.Sql/servers/databases/sensitivityLabels/\*",** "Microsoft.Sql/servers/databases/transparentDataEncryption/\*", - "Microsoft.Sql/servers/databases/vulnerabilityAssessments/\*", +**"Microsoft.Sql/servers/databases/vulnerabilityAssessments/\*",** "Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/\*", - "Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/\*", +**"Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/\*",** "Microsoft.Sql/servers/devOpsAuditingSettings/\*", - "Microsoft.Sql/servers/firewallRules/\*", +**"Microsoft.Sql/servers/firewallRules/\*",** "Microsoft.Sql/servers/read", - "Microsoft.Sql/servers/securityAlertPolicies/\*", +**"Microsoft.Sql/servers/securityAlertPolicies/\*",** "Microsoft.Sql/servers/vulnerabilityAssessments/\*", - "Microsoft.Sql/servers/azureADOnlyAuthentications/\*", +**"Microsoft.Sql/servers/azureADOnlyAuthentications/\*",** "Microsoft.Sql/managedInstances/read", - "Microsoft.Sql/managedInstances/azureADOnlyAuthentications/\*", +**"Microsoft.Sql/managedInstances/azureADOnlyAuthentications/\*",** "Microsoft.Security/sqlVulnerabilityAssessments/\*", - "Microsoft.Sql/managedInstances/administrators/read", +**"Microsoft.Sql/managedInstances/administrators/read",** "Microsoft.Sql/servers/administrators/read", - "Microsoft.Storage/storageAccounts/blobServices/containers/read", +**"Microsoft.Storage/storageAccounts/blobServices/containers/read",** "Microsoft.Sql/servers/auditingSettings/read", "Microsoft.Sql/servers/databases/auditingSettings/read" ], - "notActions": [], +**"notActions": [],** "dataActions": [], @@ -179,8 +179,11 @@ Auditor Azure SQL Role. **Step 7 –** Click OK on the final screen to complete the custom role creation process. The custom role can now be used to register the Enterprise Auditor application within the Azure portal. -**NOTE:** Depending upon the number of resources in the Azure tenancy, it might take some time for +:::note +Depending upon the number of resources in the Azure tenancy, it might take some time for the role to be made available to the resources. +::: + ## Register an Azure SQL Application @@ -201,8 +204,11 @@ Supported account types options. been registered, the App registration overview blade will appear. Take note of the _Application (client) ID_ on this page. -**NOTE:** The _Application (client) ID_ is required to create a Connection Profile within the +:::note +The _Application (client) ID_ is required to create a Connection Profile within the Enterprise Auditor. +::: + ![Azure SQL - Register and App - Application ID](/img/product_docs/accessanalyzer/11.6/requirements/target/config/azuresqlperm_customrolecreation_8.webp) @@ -212,13 +218,19 @@ secret**. **Step 6 –** Enter a unique identifier in the Description field of the Add a client secret window. Select a Expiration time frame from the drop down. Click **Add** when finished. -_Remember,_ you will have to update the Enterprise Auditor Connection Profile once the expiration +:::tip +Remember, you will have to update the Enterprise Auditor Connection Profile once the expiration time frame is reached (within 24 months, for example). +::: + **Step 7 –** Make note of the key under the Value column. -**NOTE:** The Value key on this paged will be used to create the Enterprise Auditor connection +:::note +The Value key on this paged will be used to create the Enterprise Auditor connection profile. +::: + ![Azure SQL - Access Control (IAM) page](/img/product_docs/accessanalyzer/11.6/requirements/target/config/azuresqlperm_customrolecreation_11z.webp) diff --git a/docs/accessanalyzer/11.6/requirements/databases/databasesql/databasesql.md b/docs/accessanalyzer/11.6/requirements/databases/sql/sql.md similarity index 88% rename from docs/accessanalyzer/11.6/requirements/databases/databasesql/databasesql.md rename to docs/accessanalyzer/11.6/requirements/databases/sql/sql.md index 89ee4d16e1..cef509e708 100644 --- a/docs/accessanalyzer/11.6/requirements/databases/databasesql/databasesql.md +++ b/docs/accessanalyzer/11.6/requirements/databases/sql/sql.md @@ -16,7 +16,7 @@ database environments to collect permissions, sensitive data, and activity event - SQL Server 2017 - SQL Server 2016 -Target SQL Server Requirements +**Target SQL Server Requirements** The following are requirements for the SQL Server to be scanned: @@ -28,7 +28,10 @@ The following are requirements for the SQL Server to be scanned: - Enable Account - Remote Enable - **NOTE:** Restart WMI after applying changes. + :::note + Restart WMI after applying changes. + ::: + - For Activity Auditing – SQL Server Audit: @@ -38,7 +41,7 @@ The following are requirements for the SQL Server to be scanned: [Create a server audit and database audit specification](https://learn.microsoft.com/en-us/sql/relational-databases/security/auditing/create-a-server-audit-and-database-audit-specification) article. -Data Collectors +**Data Collectors** This solution employs the following data collector to scan the target environment: @@ -48,22 +51,25 @@ This solution employs the following data collector to scan the target environmen ## Permissions -For .Active Directory Inventory Prerequisite +**For .Active Directory Inventory Prerequisite** - Read access to directory tree - List Contents & Read Property on the Deleted Objects Container - **NOTE:** See the Microsoft + :::note + See the Microsoft [Searching for Deleted Objects](https://technet.microsoft.com/en-us/library/cc978013.aspx) article and the Microsoft [Dsacls](https://technet.microsoft.com/en-us/library/cc771151(v=ws.11).aspx) article for additional information. + ::: + -For SMARTLog Data Collection +**For SMARTLog Data Collection** - Member of the local Administrators group -For SQL Server Data Collection +**For SQL Server Data Collection** - For Instance Discovery, local rights on the target SQL Servers: @@ -84,25 +90,25 @@ For SQL Server Data Collection - Grant Control Server to [DOMAIN\USER] (specifically required for the Weak Passwords Job) See the -[Azure SQL Auditing Configuration](/docs/accessanalyzer/11.6/requirements/databases/databasesql/azuresqlaccess.md) +[Azure SQL Auditing Configuration](/docs/accessanalyzer/11.6/requirements/databases/sql/azuresqlaccess.md) topic for additional information. ## Ports The following firewall ports are needed: -For ADInventory Data Collector +**For ADInventory Data Collector** - TCP 389 - TCP 135-139 - Randomly allocated high TCP ports -For SMARTLog Data Collector +**For SMARTLog Data Collector** - TCP 135 - TCP 445 - Randomly allocated high TCP ports -For SQL Data Collector +**For SQL Data Collector** - Specified by Instances table (default is 1433) diff --git a/docs/accessanalyzer/11.6/requirements/dropbox/dropbox.md b/docs/accessanalyzer/11.6/requirements/dropbox/dropbox.md index 32c50c0f05..d384f3117f 100644 --- a/docs/accessanalyzer/11.6/requirements/dropbox/dropbox.md +++ b/docs/accessanalyzer/11.6/requirements/dropbox/dropbox.md @@ -22,12 +22,12 @@ The Sensitive Data Discovery Add-On must be installed on the Enterprise Auditor which enables Sensitive Data criteria for scans. See the -[Target Dropbox Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/dropbox/dropbox_1.md) +[Target Dropbox Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/dropbox/target.md) topic for target environment requirements. ## Dropbox Solution Requirements on the Enterprise Auditor Console -RAM, CPU, and Disk Space +**RAM, CPU, and Disk Space** These are dependent upon the size of the target environment: @@ -38,26 +38,32 @@ These are dependent upon the size of the target environment: | Cores | 4 CPU | 2 CPU | | Disk Space | 30 GB | 30 GB | -**NOTE:** If running Sensitive Data Discovery (SDD) scans, it will be necessary to increase the +:::note +If running Sensitive Data Discovery (SDD) scans, it will be necessary to increase the minimum amount of RAM. Each thread requires a minimum of 2 additional GB of RAM per host.For example, if the job is configured to scan 8 hosts at a time , then an extra 16 GB of RAM are required (8x2=16). +::: -Sensitive Data Discovery Auditing Requirement + +**Sensitive Data Discovery Auditing Requirement** The following is required to run Sensitive Data Discovery scans: - Sensitive Data Discovery Add-On installed on the Enterprise Auditor Console server -**NOTE:** The Sensitive Data Discovery Add-on installation package installs the appropriate JDK +:::note +The Sensitive Data Discovery Add-on installation package installs the appropriate JDK (Java) version on the server. The JDK deployed is prepackaged and does not require any configuration; it has been preconfigured to work with Enterprise Auditor and should never be customized through Java. It will not conflict with other JDKs or Java Runtimes in the same environment. +::: + ## Dropbox Solution Requirements on the SQL Server -RAM, CPU, and Disk Space +**RAM, CPU, and Disk Space** These are dependent upon the size of the target environment. diff --git a/docs/accessanalyzer/11.6/requirements/dropbox/dropbox_1.md b/docs/accessanalyzer/11.6/requirements/dropbox/target.md similarity index 95% rename from docs/accessanalyzer/11.6/requirements/dropbox/dropbox_1.md rename to docs/accessanalyzer/11.6/requirements/dropbox/target.md index 2a7baed7b1..f6b2f10fe2 100644 --- a/docs/accessanalyzer/11.6/requirements/dropbox/dropbox_1.md +++ b/docs/accessanalyzer/11.6/requirements/dropbox/target.md @@ -10,7 +10,7 @@ The Enterprise Auditor for AWS Solution provides the ability to audit Dropbox. I - Dropbox -Data Collector +**Data Collector** This solution employs the following data collector to scan the target environment: @@ -31,7 +31,7 @@ topic for additional information. The following firewall ports are needed: -For DropboxAccess Data Collector +**For DropboxAccess Data Collector** - TCP 80 - TCP443 diff --git a/docs/accessanalyzer/11.6/requirements/entraid/entraid.md b/docs/accessanalyzer/11.6/requirements/entraid/entraid.md index 8e14d255e6..ed996eb9b1 100644 --- a/docs/accessanalyzer/11.6/requirements/entraid/entraid.md +++ b/docs/accessanalyzer/11.6/requirements/entraid/entraid.md @@ -6,7 +6,10 @@ sidebar_position: 70 # Entra ID Solution -**NOTE:** The Entra ID solution is for scanning Microsoft Entra ID, formerly Azure Active Directory. +:::note +The Entra ID solution is for scanning Microsoft Entra ID, formerly Azure Active Directory. +::: + The core components for Netwrix Enterprise Auditor are the Enterprise Auditor Console server, SQL Server, and Access Information Center. See the @@ -17,9 +20,9 @@ See the [Microsoft Entra ID Tenant Target Requirements](/docs/accessanalyzer/11.6/requirements/entraid/entraid/overview.md) topic for target environment requirements. -## Entra ID Solution Requirements on the Enterprise Auditor Console +## Entra ID Solution Requirements on the Enterprise Auditor Console -RAM, CPU, and Disk Space +**RAM, CPU, and Disk Space** These are dependent upon the size of the target environment: @@ -32,7 +35,7 @@ These are dependent upon the size of the target environment: ## Entra ID Solution Requirements on the SQL Server -RAM, CPU, and Disk Space +**RAM, CPU, and Disk Space** These are dependent upon the size of the target environment. diff --git a/docs/accessanalyzer/11.6/requirements/entraid/entraid/access.md b/docs/accessanalyzer/11.6/requirements/entraid/entraid/access.md index 3c70658329..0f6d234b09 100644 --- a/docs/accessanalyzer/11.6/requirements/entraid/entraid/access.md +++ b/docs/accessanalyzer/11.6/requirements/entraid/entraid/access.md @@ -11,25 +11,34 @@ formerly Azure Active Directory. It scans: - Microsoft Entra ID (formerly Azure AD) -**NOTE:** A user account with the Global Administrator role is required to register an app with +:::note +A user account with the Global Administrator role is required to register an app with Microsoft Entra ID. +::: -Data Collector + +**Data Collector** - [AzureADInventory Data Collector](/docs/accessanalyzer/11.6/admin/datacollector/azureadinventory/overview.md) -Configuration Settings from the Registered Application +**Configuration Settings from the Registered Application** The following settings are needed from your tenant once you have registered the application: - Client ID – This is the Application (client) ID for the registered application - Key – This is the Client Secret Value generated when a new secret is created - **CAUTION:** It is not possible to retrieve the value after saving the new key. It must be + :::warning + It is not possible to retrieve the value after saving the new key. It must be copied first. + ::: + -**NOTE:** In order to add custom attributes, you will also need to know the Tenant name of the Entra +:::note +In order to add custom attributes, you will also need to know the Tenant name of the Entra ID environment. +::: + ## Permissions @@ -60,9 +69,12 @@ The following permissions are required: Follow the steps to register Enterprise Auditor with Microsoft Entra ID. -**NOTE:** The steps below are for the Microsoft Entra Admin Center. These steps might vary slightly +:::note +The steps below are for the Microsoft Entra Admin Center. These steps might vary slightly if you start from a different Microsoft portal. See the relevant Microsoft documentation for additional information. +::: + **Step 1 –** Sign into the [Microsoft Entra admin center](https://entra.microsoft.com/). @@ -86,9 +98,12 @@ application. Now that the application has been registered, permissions need to b Follow the steps to grant permissions to the registered application. -**NOTE:** The steps below are for the Microsoft Entra Admin Center. These steps might vary slightly +:::note +The steps below are for the Microsoft Entra Admin Center. These steps might vary slightly if you start from a different Microsoft portal. See the relevant Microsoft documentation for additional information. +::: + **Step 1 –** Select the newly-created, registered application. If you left the Overview page, it will be listed in the **Identity** > **Applications** > **App registrations** > **All applications** @@ -123,9 +138,12 @@ Enterprise Auditor need to be collected. Follow the steps to find the registered application's Client ID. -**NOTE:** The steps below are for the Microsoft Entra Admin Center. These steps might vary slightly +:::note +The steps below are for the Microsoft Entra Admin Center. These steps might vary slightly if you start from a different Microsoft portal. See the relevant Microsoft documentation for additional information. +::: + **Step 1 –** Select the newly-created, registered application. If you left the Overview page, it will be listed in the **Identity** > **Applications** > **App registrations** > **All applications** @@ -147,12 +165,18 @@ topic for additional information. Next generate the application’s Client Secre Follow the steps to find the registered application's Client Secret, create a new key, and save its value when saving the new key. -**NOTE:** The steps below are for the Microsoft Entra Admin Center. These steps might vary slightly +:::note +The steps below are for the Microsoft Entra Admin Center. These steps might vary slightly if you start from a different Microsoft portal. See the relevant Microsoft documentation for additional information. +::: -**CAUTION:** It is not possible to retrieve the value after saving the new key. It must be copied + +:::warning +It is not possible to retrieve the value after saving the new key. It must be copied first. +::: + **Step 1 –** Select the newly-created, registered application. If you left the Overview page, it will be listed in the **Identity** > **Applications** > **App registrations** > **All applications** @@ -167,13 +191,19 @@ list. - Description – Enter a unique description for this secret - Expires – Select the duration. - **NOTE:** Setting the duration on the key to expire requires reconfiguration at the time of + :::note + Setting the duration on the key to expire requires reconfiguration at the time of expiration. It is best to configure it to expire in 1 or 2 years. + ::: + **Step 5 –** Click **Add** to generate the key. -**CAUTION:** If this page is left before the key is copied, then the key is not retrievable, and +:::warning +If this page is left before the key is copied, then the key is not retrievable, and this process will have to be repeated. +::: + **Step 6 –** The Client Secret will be displayed in the Value column of the table. You can use the Copy to clipboard button to copy the Client Secret. @@ -191,9 +221,12 @@ topic for additional information. Follow the steps to find the Tenant Name where the registered application resides. -**NOTE:** The steps below are for the Microsoft Entra Admin Center. These steps might vary slightly +:::note +The steps below are for the Microsoft Entra Admin Center. These steps might vary slightly if you start from a different Microsoft portal. See the relevant Microsoft documentation for additional information. +::: + **Step 1 –** Sign into the [Microsoft Entra admin center](https://entra.microsoft.com/). diff --git a/docs/accessanalyzer/11.6/requirements/exchange/exchange.md b/docs/accessanalyzer/11.6/requirements/exchange/exchange.md index 264d77c48a..8e2dce4af6 100644 --- a/docs/accessanalyzer/11.6/requirements/exchange/exchange.md +++ b/docs/accessanalyzer/11.6/requirements/exchange/exchange.md @@ -23,12 +23,12 @@ which enables Sensitive Data criteria for scans. See the following topics for target environment requirements: -- [Target Exchange Servers Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/exchange/exchange_1.md) +- [Target Exchange Servers Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/exchange/target.md) - [Target Exchange Online Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/exchange/exchangeonline/exchangeonline.md) ## Exchange Solution Requirements on the Enterprise Auditor Console -RAM, CPU, and Disk Space +**RAM, CPU, and Disk Space** These are dependent upon the size of the target environment: @@ -39,24 +39,30 @@ These are dependent upon the size of the target environment: | Cores | 8 CPU | 4 CPU | | Disk Space | 120 GB | 120 GB | -**NOTE:** If running Sensitive Data Discovery (SDD) scans, it will be necessary to increase the +:::note +If running Sensitive Data Discovery (SDD) scans, it will be necessary to increase the minimum amount of RAM. Each thread requires a minimum of 2 additional GB of RAM per host.For example, if the job is configured to scan 8 hosts at a time , then an extra 16 GB of RAM are required (8x2=16). +::: -Sensitive Data Discovery Auditing Requirement + +**Sensitive Data Discovery Auditing Requirement** The following is required to run Sensitive Data Discovery scans: - Sensitive Data Discovery Add-On installed on the Enterprise Auditor Console server -**NOTE:** The Sensitive Data Discovery Add-on installation package installs the appropriate JDK +:::note +The Sensitive Data Discovery Add-on installation package installs the appropriate JDK (Java) version on the server. The JDK deployed is prepackaged and does not require any configuration; it has been preconfigured to work with Enterprise Auditor and should never be customized through Java. It will not conflict with other JDKs or Java Runtimes in the same environment. +::: + -Permissions to Run Exchange Scans +**Permissions to Run Exchange Scans** The following are additional requirements for the Enterprise Auditor Console server specific to running the Exchange Solution: @@ -71,7 +77,7 @@ running the Exchange Solution: - For Targeting Exchange Online – PowerShell Execution Policy set to unrestricted for both 64-bit and 32-bit versions -Exchange Online Modern Authentication +**Exchange Online Modern Authentication** The following prerequisites are required to use Modern Authentication for Exchange Online in Enterprise Auditor. @@ -88,7 +94,7 @@ Enterprise Auditor. ## Exchange Solution Requirements on the SQL Server -RAM, CPU, and Disk Space +**RAM, CPU, and Disk Space** These are dependent upon the size of the target environment. diff --git a/docs/accessanalyzer/11.6/requirements/exchange/exchangeonline/access.md b/docs/accessanalyzer/11.6/requirements/exchange/exchangeonline/access.md index a06700f7a9..568500de4d 100644 --- a/docs/accessanalyzer/11.6/requirements/exchange/exchangeonline/access.md +++ b/docs/accessanalyzer/11.6/requirements/exchange/exchangeonline/access.md @@ -13,10 +13,13 @@ Connection Profile credentials and/or the Custom Attributes Import Wizard page. [Microsoft Support](https://docs.microsoft.com/en-us/azure/active-directory/active-directory-reporting-api-prerequisites-azure-portal) for assistance in configuring the Microsoft Entra ID web application. -**NOTE:** A user account with the Global Administrator role is required to register an app with +:::note +A user account with the Global Administrator role is required to register an app with Microsoft Entra ID. +::: -Configuration Settings from the Registered Application + +**Configuration Settings from the Registered Application** The following settings are needed from your tenant once you have registered the application: @@ -44,7 +47,10 @@ configure modern authentication for Exchange Online. It requires: - Azure AD PowerShell module installed on targeted hosts - **NOTE:** If the module is not already installed, the job will attempt to install it. + :::note + If the module is not already installed, the job will attempt to install it. + ::: + - You can install the module with the following command: @@ -90,7 +96,7 @@ Enterprise Auditor. The following permissions are required: -Permissions for Office 365 Exchange Online +**Permissions for Office 365 Exchange Online** - Application Permissions: @@ -130,9 +136,12 @@ $cert=New-SelfSignedCertificate -CertStoreLocation Cert:\CurrentUser\My -DnsName Enterprise Auditor with the Export–Certificate cmdlet using the certificate path stored in the $certPath variable (see Step 1). -**NOTE:** The environment variable `SAINSTALLDIR` always points to the base Enterprise Auditor +:::note +The environment variable `SAINSTALLDIR` always points to the base Enterprise Auditor install directory; simply append the PrivateAssemblies to point to that folder with the following cmdlet: +::: + ``` Export-Certificate -Cert $cert -FilePath "$($env:SAINSTALLDIR)PrivateAssemblies\exchange_cert.cer" -Type CERT @@ -145,8 +154,11 @@ Export-Certificate -Cert $cert -FilePath "$($env:SAINSTALLDIR)PrivateAssemblies\ **Step 3 –** Export the certificate private key as a .pfx file to the same folder by running the following cmdlet: -**_RECOMMENDED:_** Change the string in the Password parameter from "PasswordGoesHere" to something +:::info +Change the string in the Password parameter from "PasswordGoesHere" to something more secure before running this cmdlet. +::: + ``` Export-PfxCertificate -Cert $cert -FilePath "$($env:SAINSTALLDIR)PrivateAssemblies\exchange_cert.pfx" -Password (ConvertTo-SecureString -String "PasswordGoesHere" -Force -AsPlainText) @@ -163,9 +175,12 @@ application and then upload this certificate to it. Follow the steps to register Enterprise Auditor with Microsoft Entra ID. -**NOTE:** The steps below are for the Microsoft Entra Admin Center. These steps might vary slightly +:::note +The steps below are for the Microsoft Entra Admin Center. These steps might vary slightly if you start from a different Microsoft portal. See the relevant Microsoft documentation for additional information. +::: + **Step 1 –** Sign into the [Microsoft Entra admin center](https://entra.microsoft.com/). @@ -189,9 +204,12 @@ application. Now that the application has been registered, permissions need to b Follow the steps upload your self-signed certificate. -**NOTE:** The steps below are for the Microsoft Entra Admin Center. These steps might vary slightly +:::note +The steps below are for the Microsoft Entra Admin Center. These steps might vary slightly if you start from a different Microsoft portal. See the relevant Microsoft documentation for additional information. +::: + **Step 1 –** Select the newly-created, registered application. If you left the Overview page, it will be listed in the **Identity** > **Applications** > **App registrations** > **All applications** @@ -217,9 +235,12 @@ topic for additional information. Follow the steps to grant permissions to the registered application. -**NOTE:** The steps below are for the Microsoft Entra Admin Center. These steps might vary slightly +:::note +The steps below are for the Microsoft Entra Admin Center. These steps might vary slightly if you start from a different Microsoft portal. See the relevant Microsoft documentation for additional information. +::: + **Step 1 –** Select the newly-created, registered application. If you left the Overview page, it will be listed in the **Identity** > **Applications** > **App registrations** > **All applications** @@ -251,9 +272,12 @@ Enterprise Auditor need to be collected. Follow the steps to find the Tenant Name where the registered application resides. -**NOTE:** The steps below are for the Microsoft Entra Admin Center. These steps might vary slightly +:::note +The steps below are for the Microsoft Entra Admin Center. These steps might vary slightly if you start from a different Microsoft portal. See the relevant Microsoft documentation for additional information. +::: + **Step 1 –** Sign into the [Microsoft Entra admin center](https://entra.microsoft.com/). @@ -272,9 +296,12 @@ topic for additional information. Next identify the application’s Client ID. Follow the steps to find the registered application's Client ID. -**NOTE:** The steps below are for the Microsoft Entra Admin Center. These steps might vary slightly +:::note +The steps below are for the Microsoft Entra Admin Center. These steps might vary slightly if you start from a different Microsoft portal. See the relevant Microsoft documentation for additional information. +::: + **Step 1 –** Select the newly-created, registered application. If you left the Overview page, it will be listed in the **Identity** > **Applications** > **App registrations** > **All applications** diff --git a/docs/accessanalyzer/11.6/requirements/exchange/exchangeonline/exchangeonline.md b/docs/accessanalyzer/11.6/requirements/exchange/exchangeonline/exchangeonline.md index f4ebb55952..d3debcdc99 100644 --- a/docs/accessanalyzer/11.6/requirements/exchange/exchangeonline/exchangeonline.md +++ b/docs/accessanalyzer/11.6/requirements/exchange/exchangeonline/exchangeonline.md @@ -15,7 +15,7 @@ See the [Exchange Support and Permissions Explained](/docs/accessanalyzer/11.6/requirements/exchange/support/support.md) topic for details on the type of auditing supported by data collector and by job group. -Data Collectors +**Data Collectors** This solution employs the following data collectors to scan the target environment: @@ -86,7 +86,7 @@ See the [Exchange Web Services API Permissions](/docs/accessanalyzer/11.6/requirements/exchange/support/webservicesapi.md) topic for additional information. -For Exchange PowerShell with ExchangePS Data Collector +**For Exchange PowerShell with ExchangePS Data Collector** - Discovery Management Role - Organization Management Role @@ -99,21 +99,21 @@ topic for additional information. The following firewall ports are needed: -For AzureADInventory Data Collector +**For AzureADInventory Data Collector** - TCP 80 and 443 -For EWSMailbox Data Collector +**For EWSMailbox Data Collector** - TCP 389 - TCP 443 -For EWSPublicFolder Data Collector +**For EWSPublicFolder Data Collector** - TCP 389 - TCP 443 -For ExchangePS Data Collector +**For ExchangePS Data Collector** - TCP 135 - Randomly allocated high TCP ports diff --git a/docs/accessanalyzer/11.6/requirements/exchange/support/mailflow.md b/docs/accessanalyzer/11.6/requirements/exchange/support/mailflow.md index 95ad998889..a0a46ca194 100644 --- a/docs/accessanalyzer/11.6/requirements/exchange/support/mailflow.md +++ b/docs/accessanalyzer/11.6/requirements/exchange/support/mailflow.md @@ -25,7 +25,7 @@ Profile assigned to the 1. HUB Metrics Job Group requires the following permissi - Go to Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights -Applet Permissions +**Applet Permissions** This is required because the ExchangeMetrics Data Collector is an applet-based data collector. It requires diff --git a/docs/accessanalyzer/11.6/requirements/exchange/support/powershell.md b/docs/accessanalyzer/11.6/requirements/exchange/support/powershell.md index 3fc5f010d4..06703d7053 100644 --- a/docs/accessanalyzer/11.6/requirements/exchange/support/powershell.md +++ b/docs/accessanalyzer/11.6/requirements/exchange/support/powershell.md @@ -10,35 +10,35 @@ The ExchangePS Data Collector utilizes PowerShell to collect various information environment. This data collector utilizes Remote PowerShell to collect information about Exchange Users Configuration, Mailboxes, Public Folders, and Exchange Online Mail-Flow. -Job Group Requirements in Addition to ExchangePS +**Job Group Requirements in Addition to ExchangePS** In addition to the permissions required by the ExchangePS Data Collector, the Connection Profile assigned to these job groups requires the following permissions: -- 2. CAS Metrics +- **2. CAS Metrics** - This job group also requires remote connection permissions for the SMARTLog Data Collector. See the [Exchange Remote Connections Permissions](/docs/accessanalyzer/11.6/requirements/exchange/support/remoteconnections.md) topic for additional information. -- 3. Databases +- **3. Databases** - This job group also requires permissions for the Exchange2K Data Collector, which is MAPI-based and has additional requirements -- 4. Mailboxes +- **4. Mailboxes** - This job group also requires Exchange Mailbox Access Auditing to be enabled. See the [Enable Exchange Mailbox Access Auditing](#enable-exchange-mailbox-access-auditing) topic for additional information. -- 5. Public Folders +- **5. Public Folders** - This job group also requires permissions for the ExchangePublicFolder Data Collector, which is MAPI-based and has additional requirements -- 8. Exchange Online +- **8. Exchange Online** - This job group uses Modern Authentication to target Exchange Online. See the [Exchange Online Auditing Configuration](/docs/accessanalyzer/11.6/requirements/exchange/exchangeonline/access.md) topic @@ -46,7 +46,7 @@ assigned to these job groups requires the following permissions: ## Permissions Explained -Remote PowerShell and Windows Authentication Enabled +**Remote PowerShell and Windows Authentication Enabled** The Remote PowerShell and Windows Authentication configurations for Exchanges servers are required to be enabled on at least one Exchange server running the Client Access Service so that the @@ -61,30 +61,30 @@ topic and the [Enable Windows Authentication for PowerShell Virtual Directory](#enable-windows-authentication-for-powershell-virtual-directory) topic for additional information. -View-Only Organization Management Role Group +**View-Only Organization Management Role Group** This is required so the ExchangePS Data Collector is able to run the various Exchange PowerShell cmdlets. -Public Folder Management +**Public Folder Management** This permission is only required if utilizing the ExchangePublicFolder Data Collector or ExchangeMailbox Data Collector, as well as the PublicFolder or Mailbox Action Modules. This is required in order to make a connection through the MAPI protocol. The following job group requires the Public Folder Management Role Group: -- 5. Public Folders > Ownership +- **5. Public Folders > Ownership** If not running this collection, then this permission is not required. -Mailbox Search Role +**Mailbox Search Role** This is required to collect Mailbox Access Audit logs and run Mailbox Search queries through the ExchangePS Data Collector. The following job group requires the Mailbox Search Role: -- 4. Mailboxes > Logons +- **4. Mailboxes > Logons** -Application Impersonation Role +**Application Impersonation Role** The Application Impersonation Role is a customer role you need to create. See the [Create Custom Application Impersonation Role in Exchange](#create-custom-application-impersonation-role-in-exchange) @@ -97,7 +97,7 @@ support all scoping options, No Scoping is an option. If there are no scoping op then the data collector should be run against the host specified in the Summary page of the data collector wizard. -No Scoping +**No Scoping** This option will gather information about the entire Exchange Organization. When using the applet, the data collector will gather information about the Exchange Forest in which the Enterprise Auditor @@ -108,7 +108,7 @@ server entered in the Client Access Server (CAS) field of the global configurati [ExchangePS: Scope](/docs/accessanalyzer/11.6/admin/datacollector/exchangeps/scope.md) topic for additional information. -Scope by Database +**Scope by Database** This option will gather information about any databases which are chosen. When using the applet, the data collector will return databases in the Scope by DB page of the data collector wizard for the @@ -119,7 +119,7 @@ only return information about those databases. See the [ExchangePS: Scope by DB](/docs/accessanalyzer/11.6/admin/datacollector/exchangeps/scopedatabases.md) topic for additional information. -Scope by Mailbox +**Scope by Mailbox** This option will gather information about any mailboxes which are chosen. When using the applet, the data collector will return mailboxes in the Scope by Mailboxes page of the data collector wizard for @@ -130,7 +130,7 @@ well as, only return information about those mailboxes. See the [ExchangePS: Scope by Mailboxes](/docs/accessanalyzer/11.6/admin/datacollector/exchangeps/scopemailboxes.md) topic for additional information. -Scope by Server +**Scope by Server** This option will gather information about objects which reside on the chosen server. When choosing this option, the data collector will then use the Host List applied to the job’s **Configure** > @@ -139,7 +139,7 @@ process to the targeted host to run the PowerShell on that server. For Remote Po collector will deploy no applet and utilize the WinRM protocol to gather information about the objects on that server. -Scope by Public Folder +**Scope by Public Folder** This option will gather information about any public folders which are chosen. When using the applet, the data collector will return public folders in the Scope by Public Folders page of the diff --git a/docs/accessanalyzer/11.6/requirements/exchange/support/remoteconnections.md b/docs/accessanalyzer/11.6/requirements/exchange/support/remoteconnections.md index a15a299f06..6d151cf7ee 100644 --- a/docs/accessanalyzer/11.6/requirements/exchange/support/remoteconnections.md +++ b/docs/accessanalyzer/11.6/requirements/exchange/support/remoteconnections.md @@ -28,7 +28,7 @@ on default settings): [Exchange PowerShell Permissions](/docs/accessanalyzer/11.6/requirements/exchange/support/powershell.md) topic for additional information. -Applet Permissions +**Applet Permissions** This is required because the SMARTLog Data Collector is an applet-based data collector. It requires the following permission on the target host which contain the IIS Logs: @@ -38,7 +38,7 @@ the following permission on the target host which contain the IIS Logs: This grants the ability to process logs folder which will contain the applet files and logs. For example: -\\ExchangeServerName\c$\Program Files (x86)\STEALTHbits\StealthAUDIT\LogProcessor +**\\ExchangeServerName\c$\Program Files (x86)\STEALTHbits\StealthAUDIT\LogProcessor** If there have been additional security or permission modifications on the server(s), the following rights and policies may need to be enabled on the targeted host: diff --git a/docs/accessanalyzer/11.6/requirements/exchange/support/support.md b/docs/accessanalyzer/11.6/requirements/exchange/support/support.md index 5b579511e5..60f4001594 100644 --- a/docs/accessanalyzer/11.6/requirements/exchange/support/support.md +++ b/docs/accessanalyzer/11.6/requirements/exchange/support/support.md @@ -8,8 +8,11 @@ sidebar_position: 10 This topic outlines what is supported for each type of Exchange version. -**NOTE:** Sensitive Data Discovery is available with the EWSMailbox, EWSPublicFolder, and +:::note +Sensitive Data Discovery is available with the EWSMailbox, EWSPublicFolder, and ExchangeMailbox data collectors. +::: + ## Support by Data Collector @@ -88,5 +91,8 @@ or action module to be used: - 5. Public Folders Job Group - 7. Sensitive Data Job Group -**NOTE:** All MAPI-based data collectors require the **Settings** > **Exchange** node configured in +:::note +All MAPI-based data collectors require the **Settings** > **Exchange** node configured in the Enterprise Auditor Console. + +::: diff --git a/docs/accessanalyzer/11.6/requirements/exchange/support/webservicesapi.md b/docs/accessanalyzer/11.6/requirements/exchange/support/webservicesapi.md index 754c5a897c..e7d63767fd 100644 --- a/docs/accessanalyzer/11.6/requirements/exchange/support/webservicesapi.md +++ b/docs/accessanalyzer/11.6/requirements/exchange/support/webservicesapi.md @@ -10,7 +10,7 @@ The EWSMailbox and EWSPublicFolder data collectors utilizes Exchange Web Service communicate with Exchange. These data collectors collect statistical, content, permission, and sensitive data information from mailboxes and public folders. -Exchange Online Hybrid Environment Requirement +**Exchange Online Hybrid Environment Requirement** In addition to the permissions required by the EWSMailbox and EWSPublicFolder data collectors, the Connection Profile assigned to the 7. Sensitive Data Job Group requires the following permissions diff --git a/docs/accessanalyzer/11.6/requirements/exchange/exchange_1.md b/docs/accessanalyzer/11.6/requirements/exchange/target.md similarity index 86% rename from docs/accessanalyzer/11.6/requirements/exchange/exchange_1.md rename to docs/accessanalyzer/11.6/requirements/exchange/target.md index b25dff421c..9429da26b4 100644 --- a/docs/accessanalyzer/11.6/requirements/exchange/exchange_1.md +++ b/docs/accessanalyzer/11.6/requirements/exchange/target.md @@ -18,7 +18,7 @@ See the [Exchange Support and Permissions Explained](/docs/accessanalyzer/11.6/requirements/exchange/support/support.md) topic for details on the type of auditing supported by data collector and by job group. -Domain Controller Requirements +**Domain Controller Requirements** The following are requirements for the Exchange servers to be scanned: @@ -29,15 +29,18 @@ The following are requirements for the Exchange servers to be scanned: remote PowerShell failure - Within the Enterprise Auditor Console, the global **Settings > Exchange** node must be configured - **NOTE:** For Exchange 2013, 2016, and 2019 – If the global Settings have been configured for + :::note + For Exchange 2013, 2016, and 2019 – If the global Settings have been configured for "MAPI over HTTP," then an actual CAS server name was supplied and will be used by the ExchangePS Data Collector. If the global Settings have been configured for "MAPI over HTTPS," then the global Settings will have a web address instead of an actual server. Therefore, each ExchangePS query requires the CAS server to be set as the specific server on the Category page. See the [ExchangePS Data Collector & Client Access Server](/docs/accessanalyzer/11.6/solutions/exchange/recommended.md) topic for a list of queries for which this would apply. + ::: -Data Collectors + +**Data Collectors** This solution employs the following data collector to scan the target environment: @@ -53,16 +56,19 @@ This solution employs the following data collector to scan the target environmen ## Permissions -For .Active Directory Inventory Prerequisite +**For .Active Directory Inventory Prerequisite** - Read access to directory tree - List Contents & Read Property on the Deleted Objects Container - **NOTE:** See the Microsoft + :::note + See the Microsoft [Searching for Deleted Objects](https://technet.microsoft.com/en-us/library/cc978013.aspx) article and the Microsoft [Dsacls](https://technet.microsoft.com/en-us/library/cc771151(v=ws.11).aspx) article for additional information. + ::: + For Exchange Web Services API Permissions with the EWSMailbox Data Collector @@ -86,19 +92,19 @@ See the [Exchange Web Services API Permissions](/docs/accessanalyzer/11.6/requirements/exchange/support/webservicesapi.md) topic for additional information. -For Exchange2K Data Collector +**For Exchange2K Data Collector** - Member of the Exchange Administrator group - Domain Admin for AD property collection - Public Folder Management -For ExchangeMailbox Data Collector +**For ExchangeMailbox Data Collector** - Member of the Exchange Administrator group - Organization Management - Discovery Management -For Exchange Mail Flow with ExchangeMetrics Data Collector +**For Exchange Mail Flow with ExchangeMetrics Data Collector** - Member of the local Administrator group on the targeted Exchange server(s) @@ -106,7 +112,7 @@ See the [Exchange Mail-Flow Permissions](/docs/accessanalyzer/11.6/requirements/exchange/support/mailflow.md) topic for additional information. -For Exchange Remote Connection with SMARTLog Data Collector +**For Exchange Remote Connection with SMARTLog Data Collector** - Member of the local Administrators group @@ -114,7 +120,7 @@ See the [Exchange Remote Connections Permissions](/docs/accessanalyzer/11.6/requirements/exchange/support/remoteconnections.md) topic for additional information. -For Exchange PowerShell with ExchangePS Data Collector +**For Exchange PowerShell with ExchangePS Data Collector** - Remote PowerShell enabled on a single Exchange server - Windows Authentication enabled for the PowerShell Virtual Directory on the same Exchange server @@ -128,7 +134,7 @@ See the [Exchange PowerShell Permissions](/docs/accessanalyzer/11.6/requirements/exchange/support/powershell.md) topic for additional information. -For ExchangePublicFolders Data Collector +**For ExchangePublicFolders Data Collector** - Member of the Exchange Administrator group - Organization Management @@ -137,50 +143,50 @@ For ExchangePublicFolders Data Collector The following firewall ports are needed: -For ADInventory Data Collector +**For ADInventory Data Collector** - TCP 389 - TCP 135-139 - Randomly allocated high TCP ports -For EWSMailbox Data Collector +**For EWSMailbox Data Collector** - TCP 389 - TCP 443 -For EWSPublicFolder Data Collector +**For EWSPublicFolder Data Collector** - TCP 389 - TCP 443 -For Exchange2K Data Collector +**For Exchange2K Data Collector** - TCP 135-139 - Randomly allocated high TCP ports - TCP 389 - Optional TCP 445 -For ExchangeMailbox Data Collector +**For ExchangeMailbox Data Collector** - TCP 135 - Randomly allocated high TCP ports -For ExchangeMetrics Data Collector +**For ExchangeMetrics Data Collector** - TCP 135 - Randomly allocated high TCP ports -For ExchangePS Data Collector +**For ExchangePS Data Collector** - TCP 135 - Randomly allocated high TCP ports -For ExchangePublicFolder Data Collector +**For ExchangePublicFolder Data Collector** - TCP 135 - Randomly allocated high TCP ports -For SMARTLog Data Collector +**For SMARTLog Data Collector** - TCP 135 - TCP 445 diff --git a/docs/accessanalyzer/11.6/requirements/filesystem/filesystem.md b/docs/accessanalyzer/11.6/requirements/filesystem/filesystem.md index 8229cfca95..8669690e0b 100644 --- a/docs/accessanalyzer/11.6/requirements/filesystem/filesystem.md +++ b/docs/accessanalyzer/11.6/requirements/filesystem/filesystem.md @@ -26,8 +26,11 @@ for installation requirements and information on collecting activity data. The Sensitive Data Discovery Add-On must be installed on the Enterprise Auditor Console server, which enables Sensitive Data criteria for scans. -**NOTE:** If proxy server scan options are used, it may also be necessary for the Sensitive Data +:::note +If proxy server scan options are used, it may also be necessary for the Sensitive Data Discovery Add-On to be installed on those servers as well. +::: + See the following topics for target environment requirements: @@ -36,7 +39,7 @@ See the following topics for target environment requirements: ## File System Solution Requirements on the Enterprise Auditor Console -RAM, CPU, and Disk Space +**RAM, CPU, and Disk Space** These are dependent upon the size of the target environment: @@ -65,30 +68,36 @@ permission collection + 1.25 GB for tag collection (10x125 MB) + 100 GB for sens collection (200x500 MB) + 600 GB additional for sensitive data collection (10% of 6 TB) = 861.25 GB total disk space. -**NOTE:** If running Sensitive Data Discovery (SDD) scans, it will be necessary to increase the +:::note +If running Sensitive Data Discovery (SDD) scans, it will be necessary to increase the minimum amount of RAM. Each thread requires a minimum of 2 additional GB of RAM per host. By default, SDD scans are configured to run two concurrent threads. For example, if the job is configured to scan 8 hosts at a time with two concurrent SDD threads, then an extra 32 GB of RAM are required (8x2x2=32). +::: + -Additional Server Considerations for File System Scans +**Additional Server Considerations for File System Scans** If Data Activity Tracking for NAS is required or if NetApp Filers running Clustered Data ONTAP are in scope, reducing latency between the scanning server and the target device is highly recommended. Additional hardware may be required, especially if the target NAS devices are not collocated with the Enterprise Auditor Console server. -Sensitive Data Discovery Auditing Requirement +**Sensitive Data Discovery Auditing Requirement** The following is required to run Sensitive Data Discovery scans: - Sensitive Data Discovery Add-On installed on the Enterprise Auditor Console server -**NOTE:** The Sensitive Data Discovery Add-on installation package installs the appropriate JDK +:::note +The Sensitive Data Discovery Add-on installation package installs the appropriate JDK (Java) version on the server. The JDK deployed is prepackaged and does not require any configuration; it has been preconfigured to work with Enterprise Auditor and should never be customized through Java. It will not conflict with other JDKs or Java Runtimes in the same environment. +::: + Permissions on the Console Server to Run File System Scans @@ -119,7 +128,7 @@ topic for permissions required to scan the environment. ## File System Solution Requirements on the SQL Server -RAM, CPU, and Disk Space +**RAM, CPU, and Disk Space** These are dependent upon the size of the target environment. @@ -134,7 +143,7 @@ These are dependent upon the size of the target environment. | SQL Transaction Log Disk | 390 GB | 200 GB | 170 GB | 130 GB | 70 GB | | SQL TEMP DB Disk | 1 TB | 530 GB | 400 GB | 270 GB | 130 GB | -Additional SQL Server Requirements for File System Scans +**Additional SQL Server Requirements for File System Scans** The following are additional requirements for the SQL Server specifically for the File System solution: diff --git a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/azureinformationprotection.md b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/azureinformationprotection.md index 4f672db59d..a4e25ce623 100644 --- a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/azureinformationprotection.md +++ b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/azureinformationprotection.md @@ -15,7 +15,10 @@ Protection labels and scan protected (i.e. encrypted) files for sensitive data. This document provides information needed to properly configure access required by Enterprise Auditor to successfully scan for Azure Information Protection labels in a targeted environment. -**NOTE:** Enterprise Auditor does not scan for AIP Marking labels, only Protection labels. +:::note +Enterprise Auditor does not scan for AIP Marking labels, only Protection labels. +::: + ## Workflow for Scanning AIP Labels @@ -57,14 +60,20 @@ mode. [https://www.microsoft.com/en-us/download/details.aspx?id=38396](https://www.microsoft.com/en-us/download/details.aspx?id=38396) -**_RECOMMENDED:_** Read the System Requirements and Install Instructions provided by Microsoft to +:::info +Read the System Requirements and Install Instructions provided by Microsoft to complete the installation. +::: + ## Create a Service Principal Account using PowerShell Follow the steps to create a service principal account with a symmetric key to connect to AIP: -**NOTE:** All PowerShell commands should be run in order through PowerShell as an Admin. +:::note +All PowerShell commands should be run in order through PowerShell as an Admin. +::: + **Step 1 –** Open up PowerShell (Administrator). @@ -90,8 +99,11 @@ New-MsolServicePrincipal **Step 5 –** Take note and save the **Symmetric Key** and **AppPrincipalID** to be used in later steps. -**CAUTION:** Do not lose the symmetric key. It is not retrievable again once the PowerShell window +:::warning +Do not lose the symmetric key. It is not retrievable again once the PowerShell window is closed. +::: + The service principal account with the proper key has been created. @@ -99,7 +111,10 @@ The service principal account with the proper key has been created. Follow the steps to enable the Service Principal Account in AIP as a Super User: -**NOTE:** All PowerShell commands should be run in order through PowerShell as an Admin. +:::note +All PowerShell commands should be run in order through PowerShell as an Admin. +::: + **Step 1 –** In PowerShell, install Microsoft Azure Active Directory Rights Manager (AIPService) module: @@ -195,8 +210,11 @@ For FSAA System Scans: - Azure Tenant Mapping page – Add the **AppPrincipalID** (App ID) and the **Domain Name** or **Tenant ID** - _Remember,_ the Azure Tenant Mapping page is only visible when the **Enable scanning of files + :::tip + Remember, the Azure Tenant Mapping page is only visible when the **Enable scanning of files protected by Azure Information Protection** checkbox is selected on the Scan Settings page. + ::: + - Default Scoping Options @@ -218,8 +236,11 @@ For SEEK System Scans: - Azure Tenant Mapping page – Add the **AppPrincipalID** (App ID) and the **Domain Name** or **Tenant ID** - _Remember,_ the Azure Tenant Mapping page is only visible when the **Enable scanning of files + :::tip + Remember, the Azure Tenant Mapping page is only visible when the **Enable scanning of files protected by Azure Information Protection** checkbox is selected on the Scan Settings page. + ::: + - Scoping Options – if needed, scope to a specific subset of resources on a selected host - Sensitive Data Settings – Select **Decrypt Files Protected by Azure Information Protection**. This diff --git a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellcelerravnx/activity/activity.md b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellcelerravnx/activity/activity.md index 53a1650a98..907fe1610b 100644 --- a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellcelerravnx/activity/activity.md +++ b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellcelerravnx/activity/activity.md @@ -14,7 +14,7 @@ entries in the Log files or syslog messages. Complete the following checklist prior to configuring the Activity Monitor to monitor the host. Instructions for each item of the checklist are detailed within the following sections. -Checklist Item 1: Plan Deployment +**Checklist Item 1: Plan Deployment** - Prior to beginning the deployment, gather the following: @@ -25,13 +25,16 @@ Checklist Item 1: Plan Deployment - [https://www.dell.com/support](https://www.dell.com/support) -Checklist Item 2: Install Dell CEE +**Checklist Item 2: Install Dell CEE** - Dell CEE can be installed on the same Windows server as the Activity Agent, or on a different server. If it is installed on the same host, the activity agent can configure it automatically. - **_RECOMMENDED:_** The latest version of Dell CEE is the recommended version to use with the + :::info + The latest version of Dell CEE is the recommended version to use with the asynchronous bulk delivery (VCAPS) feature. + ::: + - Important: @@ -44,14 +47,14 @@ Checklist Item 2: Install Dell CEE [Install & Configure Dell CEE](/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellcelerravnx/activity/installcee.md) topic for instructions. -Checklist Item 3: Dell Device Configuration +**Checklist Item 3: Dell Device Configuration** - Configure the `cepp.conf` file on the Celerra VNX Cluster - See the [Connect Data Movers to the Dell CEE Server](/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellcelerravnx/activity/installcee.md#connect-data-movers-to-the-dell-cee-server) topic for instructions. -Checklist Item 4: Activity Monitor Configuration +**Checklist Item 4: Activity Monitor Configuration** - Deploy the Activity Monitor Activity Agent, preferably on the same server where Dell CEE is installed diff --git a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellcelerravnx/activity/installcee.md b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellcelerravnx/activity/installcee.md index 5feac8988f..264c6d70e0 100644 --- a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellcelerravnx/activity/installcee.md +++ b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellcelerravnx/activity/installcee.md @@ -9,10 +9,16 @@ sidebar_position: 10 Dell CEE should be installed on a Windows or a Linux server. The Dell CEE software is not a Netwrix product. Dell customers have a support account with Dell to access the download. -_Remember,_ the latest version is the recommended version of Dell CEE. +:::tip +Remember, the latest version is the recommended version of Dell CEE. +::: -**_RECOMMENDED:_** The Dell CEE package can be installed on the Windows server where the Activity + +:::info +The Dell CEE package can be installed on the Windows server where the Activity Monitor agent will be deployed (recommended) or on any other Windows or Linux server. +::: + Follow the steps to install the Dell CEE. @@ -26,8 +32,11 @@ guide to install and configure the CEE. The installation will add two services t - EMC Checker Service (Display Name: EMC CAVA) - EMC CEE Monitor (Display Name: EMC CEE Monitor) -**_RECOMMENDED:_** The latest version of .NET Framework and Dell CEE is recommended to use with the +:::info +The latest version of .NET Framework and Dell CEE is recommended to use with the asynchronous bulk delivery (VCAPS) feature. +::: + See the [CEE Debug Logs](/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellunity/activity/validate.md#cee-debug-logs) @@ -48,7 +57,7 @@ manually set the Dell CEE registry key to forward events. **Step 2 –** Navigate to following location: -HKEY_LOCAL_MACHINE\SOFTWARE\EMC\CEE\CEPP\AUDIT\Configuration +**HKEY_LOCAL_MACHINE\SOFTWARE\EMC\CEE\CEPP\AUDIT\Configuration** **Step 3 –** Right-click on **Enabled** and select Modify. The Edit DWORD Value window opens. @@ -60,11 +69,11 @@ window closes. **Step 6 –** In the Value data field, enter the StealthAUDIT value with the IP Address for the Windows proxy server hosting the Activity Monitor activity agent. Use the following format: -StealthAUDIT@[IP ADDRESS] +**StealthAUDIT@[IP ADDRESS]** Examples: -StealthAUDIT@192.168.30.15 +**StealthAUDIT@192.168.30.15** **Step 7 –** Click OK. The Edit String window closes. Registry Editor can be closed. @@ -85,7 +94,10 @@ Mover. **Step 1 –** Log into the Dell Celerra or VNX server with an administrator account. The administrative account should have a $ character in the terminal. -**NOTE:** Do not use a # charter. +:::note +Do not use a # charter. +::: + **Step 2 –** Create or retrieve the `cepp.conf` file. @@ -93,20 +105,23 @@ If there is not a `cepp.conf` file on the Data Mover(s), use a text editor to cr file in the home directory named `cepp.conf`. The following is an example command if using the text editor ‘vi’ to create a new blank file: -$ vi cepp.conf +**$ vi cepp.conf** -> If a `cepp.conf` file already exists, it can be retrieved from the Data Movers for modification -> with the following command: +If a `cepp.conf` file already exists, it can be retrieved from the Data Movers for modification +with the following command: -$ server_file [DATA_MOVER_NAME] -get cepp.conf cepp.conf +`$ server_file [DATA_MOVER_NAME] -get cepp.conf cepp.conf` **Step 3 –** Configure the `cepp.conf` file. For information on the `cepp.conf` file, see the Dell [Using the Common Event Enabler for Windows Platforms](https://www.dellemc.com/en-us/collaterals/unauth/technical-guides-support-information/products/storage-3/docu48055.pdf) guide instructions on how to add parameters or edit the values or existing parameters. -**NOTE:** The information can be added to the file on one line or separate lines by using a space +:::note +The information can be added to the file on one line or separate lines by using a space and a ”\” at the end of each line, except for the last line and the lines that contain global options: `cifsserver`, `surveytime`, `ft`, and `msrpcuser`. +::: + The Activity Monitor requires the following parameters to be set in the `cepp.conf` file: @@ -133,56 +148,56 @@ The Activity Monitor requires the following parameters to be set in the `cepp.co Example cepp.conf file format: + ``` msrpcuser=[DOMAIN\DOMAINUSER] - pool name=[POOL_NAME] \ - servers=[IP_ADDRESS1]|[IP_ADDRESS2]|... \ - postevents=[EVENT1]|[EVENT2]|... + ``` Example cepp.conf file format for the Activity Monitor: + ``` msrpcuser=[DOMAIN\DOMAINUSER running CEE services] - pool name=[POOL_NAME for configuration container] \ - servers=[IP_ADDRESS where CEE is installed]|... \ - postevents=[EVENT1]|[EVENT2]|... + ``` Example of a completed cepp.conf file for the Activity Monitor: + ``` msrpcuser=example\user1 - pool name=pool \ - servers=192.168.30.15 \ - postevents=CloseModified|CloseUnmodified|CreateDir|CreateFile|DeleteDir|DeleteFile|RenameDir|RenameFile|SetAclDir|SetAclFile + ``` **Step 4 –** Move the `cepp.conf` file to the Data Mover(s) root file system. Run the following command: -$ server_file [DATA_MOVER_NAME]‑put cepp.conf cepp.conf +`$ server_file [DATA_MOVER_NAME]‑put cepp.conf cepp.conf` -**NOTE:** Each Data Mover which runs Celerra Event Publishing Agent (CEPA) must have a `cepp.conf` +:::note +Each Data Mover which runs Celerra Event Publishing Agent (CEPA) must have a `cepp.conf` file, but each configuration file can specify different events. +::: + **Step 5 –** (This step is required only if using the `msrpcuser` parameter) Register the MSRPC user (see Step 3 for additional information on this parameter). Before starting CEPA for the first time, the administrator must issue the following command from the Control Station and follow the prompts for entering information: -/nas/sbin/server_user server_2 -add -md5 -passwd [DOMAIN\DOMAINUSER for msrpcuser] +`/nas/sbin/server_user server_2 -add -md5 -passwd [DOMAIN\DOMAINUSER for msrpcuser]` **Step 6 –** Start the CEPA facility on the Data Mover. Use the following command: -server_cepp [DATA_MOVER_NAME] -service –start +`server_cepp [DATA_MOVER_NAME] -service –start` Then verify the CEPA status using the following command: -server_cepp [DATA_MOVER_NAME] -service –status +`server_cepp [DATA_MOVER_NAME] -service –status` Once the `cepp.config` file has been configured, it is time to configure and enable monitoring with the Activity Monitor. See the diff --git a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellcelerravnx/activity/validate.md b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellcelerravnx/activity/validate.md index c22ad4f694..77cd421485 100644 --- a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellcelerravnx/activity/validate.md +++ b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellcelerravnx/activity/validate.md @@ -11,9 +11,12 @@ configuration must be validated to ensure events are being monitored. ## Validate Dell CEE Registry Key Settings -**NOTE:** See the +:::note +See the [Configure Dell Registry Key Settings](/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellunity/activity/installcee.md#configure-dell-registry-key-settings) topic for information on manually setting the registry key. +::: + After the Activity Monitor activity agent has been configured to monitor the Dell device, it will configure the Dell CEE automatically if it is installed on the same server as the agent. This needs @@ -27,7 +30,7 @@ following steps. **Step 1 –** Navigate to the following windows registry key: -HKEY_LOCAL_MACHINE\SOFTWARE\EMC\CEE\CEPP\Audit\Configuration +**HKEY_LOCAL_MACHINE\SOFTWARE\EMC\CEE\CEPP\Audit\Configuration** ![registryeditorendpoint](/img/product_docs/activitymonitor/7.1/config/dellunity/registryeditorendpoint.webp) @@ -40,19 +43,22 @@ agent in the following formats: - For the HTTP protocol,` StealthAUDIT@http://'ip-address-of-the-agent':'port'` -**NOTE:** All protocol strings are case sensitive. The EndPoint parameter may also contain values +:::note +All protocol strings are case sensitive. The EndPoint parameter may also contain values for other applications, separated with semicolons. +::: + **Step 4 –** If you changed any of the settings, restart the CEE Monitor service. -For Asynchronous Bulk Delivery Mode +**For Asynchronous Bulk Delivery Mode** For the asynchronous bulk delivery mode with a cadence based on a time period or a number of events (VCAPS), use the following steps. **Step 1 –** Navigate to the following windows registry key: -HKEY_LOCAL_MACHINE\SOFTWARE\EMC\CEE\CEPP\VCAPS\Configuration +**HKEY_LOCAL_MACHINE\SOFTWARE\EMC\CEE\CEPP\VCAPS\Configuration** **Step 2 –** Ensure that the Enabled parameter is set to 1. @@ -62,8 +68,11 @@ agent in the following formats: - For the RPC protocol, `StealthVCAPS@'ip-address-of-the-agent'` - For the HTTP protocol, `StealthVCAPS@http://'ip-address-of-the-agent':'port'` -**NOTE:** All protocol strings are case sensitive. The EndPoint parameter may also contain values +:::note +All protocol strings are case sensitive. The EndPoint parameter may also contain values for other applications, separated with semicolons. +::: + **Step 4 –** Ensure that the FeedInterval parameter is set to a value between 60 and 600; the MaxEventsPerFeed - between 10 and 10000. @@ -106,21 +115,27 @@ and Disable monitoring. **Step 8 –** Download and install the Debug View tool from Microsoft on the CEE server: -> [http://docs.microsoft.com/en-us/sysinternals/downloads/debugview](http://docs.microsoft.com/en-us/sysinternals/downloads/debugview) +**> [http://docs.microsoft.com/en-us/sysinternals/downloads/debugview](http://docs.microsoft.com/en-us/sysinternals/downloads/debugview)** **Step 9 –** Open the Registry Editor (run regedit). Navigate to following location: -HKEY_LOCAL_MACHINE\SOFTWARE\EMC\CEE\Configuration +**HKEY_LOCAL_MACHINE\SOFTWARE\EMC\CEE\Configuration** **Step 10 –** Right-click on **Debug** and select Modify. The Edit DWORD Value window opens. In the Value data field, enter the value of 3F. Click OK, and the Edit DWORD Value window closes. -**NOTE:** If the Debug DWORD Value does not exist, it needs to be added. +:::note +If the Debug DWORD Value does not exist, it needs to be added. +::: + **Step 11 –** Right-click on **Verbose** and select Modify. The Edit DWORD Value window opens. In the Value data field, enter the value of 3F. Click OK, and the Edit DWORD Value window closes. -**NOTE:** If the Verbose DWORD Value does not exist, it needs to be added. +:::note +If the Verbose DWORD Value does not exist, it needs to be added. +::: + **Step 12 –** Run the Debug View tool (from Microsoft). In the Capture menu, select the following: @@ -138,5 +153,8 @@ and Enable monitoring. - Debug View Log (from Dell Debug View tool) - Use the **Collect Logs** button to collect debug logs from the activity agent -**_RECOMMENDED:_** After the logs have been gathered and sent to Netwrix Support, reset these +:::info +After the logs have been gathered and sent to Netwrix Support, reset these configurations. + +::: diff --git a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellcelerravnx/overview.md b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellcelerravnx/overview.md index 9eafa199a3..9285ad28d2 100644 --- a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellcelerravnx/overview.md +++ b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellcelerravnx/overview.md @@ -27,11 +27,14 @@ these target hosts requires these permissions. See the [Dell Celerra & Dell VNX Access & Sensitive Data Auditing Configuration](/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellcelerravnx/access.md) topic for instructions. -**NOTE:** These permissions are in addition to those needed to either deploy applet scans for +:::note +These permissions are in addition to those needed to either deploy applet scans for running scans in proxy mode with applet or installing the File System Proxy Service Permissions for running scans in proxy mode as a service. See the [File System Scan Options](/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/scanoptions.md) topic for additional information. +::: + Troubleshooting Dell Celerra & Dell VNX Denied Access Errors @@ -67,12 +70,15 @@ It is also necessary to enable the Remote Registry Service on the Activity Agent For integration between the Activity Monitor and Enterprise Auditor, the credential used by Enterprise Auditor to read the activity log files must have also have this permission. -Dell Celerra & Dell VNX Requirements +**Dell Celerra & Dell VNX Requirements** Additionally, the EMC Common Event Enabler (CEE) should be installed on the Windows proxy server, where the activity agent is deployed. -**_RECOMMENDED:_** Use the latest available CEE version from the Dell Support website. +:::info +Use the latest available CEE version from the Dell Support website. +::: + EMC CEE requires .NET Framework 3.5 to be installed on the Windows proxy server in order for the EMC CEE service to start. @@ -81,7 +87,7 @@ See the [Dell Celerra & Dell VNX Activity Auditing Configuration](/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellcelerravnx/activity/activity.md) topic for instructions. -Activity Monitor Archive Location +**Activity Monitor Archive Location** If the activity log files are being archived, configurable within the Netwrix Activity Monitor Console, then the credential used by Enterprise Auditor to read the activity log files must also diff --git a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellpowerscale/activity/activity.md b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellpowerscale/activity/activity.md index bb77e63e7a..0d614adcd1 100644 --- a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellpowerscale/activity/activity.md +++ b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellpowerscale/activity/activity.md @@ -23,7 +23,7 @@ endpoint, such as Activity Monitor agent. Complete the following checklist prior to configuring Activity Monitor to monitor the host. Instructions for each item of the checklist are detailed within the following sections. -Checklist Item 1: Plan Deployment +**Checklist Item 1: Plan Deployment** - Prior to beginning the deployment, gather the following: @@ -34,18 +34,24 @@ Checklist Item 1: Plan Deployment - [https://www.dell.com/support/home/en-us/](https://www.dell.com/support/home/en-us/) -**_RECOMMENDED:_** You can achieve higher throughput and fault tolerance by monitoring the +:::info +You can achieve higher throughput and fault tolerance by monitoring the Isilon/PowerScale cluster with more than one pair of Dell CEE and Activity Monitor Agent. The activity will be evenly distributed between the pairs. +::: + Checklist Item 2: [Install Dell CEE](/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellpowerscale/activity/installcee.md) - Dell CEE should be installed on a Windows or a Linux server. - **_RECOMMENDED:_** Dell CEE can be installed on the same server as the Activity Agent, or on a + :::info + Dell CEE can be installed on the same server as the Activity Agent, or on a different Windows or Linux server. If CEE is installed on the same server, the Activity Agent can configure it automatically. + ::: + - Important: diff --git a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellpowerscale/activity/installcee.md b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellpowerscale/activity/installcee.md index 046ac56e2b..a36e458c65 100644 --- a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellpowerscale/activity/installcee.md +++ b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellpowerscale/activity/installcee.md @@ -9,10 +9,16 @@ sidebar_position: 10 Dell CEE should be installed on a Windows or a Linux server. The Dell CEE software is not a Netwrix product. Dell customers have a support account with Dell to access the download. -_Remember,_ the latest version is the recommended version of Dell CEE. +:::tip +Remember, the latest version is the recommended version of Dell CEE. +::: -**_RECOMMENDED:_** The Dell CEE package can be installed on the Windows server where the Activity + +:::info +The Dell CEE package can be installed on the Windows server where the Activity Monitor agent will be deployed (recommended) or on any other Windows or Linux server. +::: + Follow the steps to install the Dell CEE. @@ -26,8 +32,11 @@ guide to install and configure the CEE. The installation will add two services t - EMC Checker Service (Display Name: EMC CAVA) - EMC CEE Monitor (Display Name: EMC CEE Monitor) -**_RECOMMENDED:_** The latest version of .NET Framework and Dell CEE is recommended to use with the +:::info +The latest version of .NET Framework and Dell CEE is recommended to use with the asynchronous bulk delivery (VCAPS) feature. +::: + After installation, open MS-RPC ports between the Dell device and the Dell CEE server. See the [Dell CEE Debug Logs](/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellpowerscale/activity/validate.md#dell-cee-debug-logs) @@ -45,7 +54,7 @@ manually set the Dell CEE registry key to forward events. **Step 2 –** Navigate to following location: -HKEY_LOCAL_MACHINE\SOFTWARE\EMC\CEE\CEPP\AUDIT\Configuration +**HKEY_LOCAL_MACHINE\SOFTWARE\EMC\CEE\CEPP\AUDIT\Configuration** **Step 3 –** Right-click on **Enabled** and select Modify. The Edit DWORD Value window opens. @@ -57,11 +66,11 @@ window closes. **Step 6 –** In the Value data field, enter the StealthAUDIT value with the IP Address for the Windows proxy server hosting the Activity Monitor activity agent. Use the following format: -StealthAUDIT@[IP ADDRESS] +**StealthAUDIT@[IP ADDRESS]** Examples: -StealthAUDIT@192.168.30.15 +**StealthAUDIT@192.168.30.15** **Step 7 –** Click OK. The Edit String window closes. Registry Editor can be closed. diff --git a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellpowerscale/activity/manualconfiguration.md b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellpowerscale/activity/manualconfiguration.md index 5616cb8d5a..d59e64585e 100644 --- a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellpowerscale/activity/manualconfiguration.md +++ b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellpowerscale/activity/manualconfiguration.md @@ -36,7 +36,7 @@ For each monitored access zone: - Use isi audit settings view `isi --zone ZONENAME` to check current settings. - Disable reporting of failure and syslog audit events with: - isi audit settings modify --zone ZONENAME --clear-audit-failure --clear-syslog-audit-events +**isi audit settings modify --zone ZONENAME --clear-audit-failure --clear-syslog-audit-events** - Set the success audit events with: @@ -48,14 +48,17 @@ For each monitored access zone: **Step 4 –** In the Event Forwarding section, add the CEE Server URI value for the Windows or Linux server hosting CEE. Use either of the following format: -http://[IP ADDRESS]:[PORT]/cee +**http://[IP ADDRESS]:[PORT]/cee** http://[SERVER Name]:[PORT]/cee -**_RECOMMENDED:_** When deploying multiple Dell CEE instances at scale, it is recommended that an +:::info +When deploying multiple Dell CEE instances at scale, it is recommended that an accommodating agent must be configured with each CEE instance. If multiple CEE instances send events to just one agent, it may create an overflow of data and overload the agent. Distributing the activity stream into pairs will be the most efficient way of monitoring large data sets at scale. +::: + **Step 5 –** Also in the Event Forwarding section, set the **Storage Cluster Name** value. It must be an exact match to the name which is entered in the Activity Monitor for the **Monitored Host** @@ -64,10 +67,16 @@ list. This name is used as a ‘tag’ on all events coming through the CEE. This name must exactly match what is in the Activity Monitor or it does not recognize the events. -**_RECOMMENDED:_** Use the CIFS DNS name for Dell OneFS. +:::info +Use the CIFS DNS name for Dell OneFS. +::: + -**NOTE:** To use the Activity Monitor with Enterprise Auditor for Activity Auditing (FSAC) scans, +:::note +To use the Activity Monitor with Enterprise Auditor for Activity Auditing (FSAC) scans, the name entered here must exactly match what is used for Enterprise Auditor as a target host. +::: + If the Storage Cluster Name cannot be modified (for example, another third-party depends on it), you need to set the Host Aliases parameter in the Activity Monitor Console: diff --git a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellpowerscale/activity/validate.md b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellpowerscale/activity/validate.md index 778c93e225..6b9c91faf7 100644 --- a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellpowerscale/activity/validate.md +++ b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellpowerscale/activity/validate.md @@ -23,7 +23,7 @@ following steps. **Step 1 –** Navigate to the following windows registry key: -HKEY_LOCAL_MACHINE\SOFTWARE\EMC\CEE\CEPP\Audit\Configuration +**HKEY_LOCAL_MACHINE\SOFTWARE\EMC\CEE\CEPP\Audit\Configuration** ![registryeditorendpoint](/img/product_docs/activitymonitor/7.1/config/dellunity/registryeditorendpoint.webp) @@ -36,19 +36,22 @@ agent in the following formats: - For the HTTP protocol,` StealthAUDIT@http://'ip-address-of-the-agent':'port'` -**NOTE:** All protocol strings are case sensitive. The EndPoint parameter may also contain values +:::note +All protocol strings are case sensitive. The EndPoint parameter may also contain values for other applications, separated with semicolons. +::: + **Step 4 –** If you changed any of the settings, restart the CEE Monitor service. -For Asynchronous Bulk Delivery Mode +**For Asynchronous Bulk Delivery Mode** For the asynchronous bulk delivery mode with a cadence based on a time period or a number of events (VCAPS), use the following steps. **Step 1 –** Navigate to the following windows registry key: -HKEY_LOCAL_MACHINE\SOFTWARE\EMC\CEE\CEPP\VCAPS\Configuration +**HKEY_LOCAL_MACHINE\SOFTWARE\EMC\CEE\CEPP\VCAPS\Configuration** **Step 2 –** Ensure that the Enabled parameter is set to 1. @@ -58,8 +61,11 @@ agent in the following formats: - For the RPC protocol, `StealthVCAPS@'ip-address-of-the-agent'` - For the HTTP protocol, `StealthVCAPS@http://'ip-address-of-the-agent':'port'` -**NOTE:** All protocol strings are case sensitive. The EndPoint parameter may also contain values +:::note +All protocol strings are case sensitive. The EndPoint parameter may also contain values for other applications, separated with semicolons. +::: + **Step 4 –** Ensure that the FeedInterval parameter is set to a value between 60 and 600; the MaxEventsPerFeed - between 10 and 10000. @@ -102,21 +108,27 @@ and Disable monitoring. **Step 8 –** Download and install the Debug View tool from Microsoft on the CEE server: -> [http://docs.microsoft.com/en-us/sysinternals/downloads/debugview](http://docs.microsoft.com/en-us/sysinternals/downloads/debugview) +**> [http://docs.microsoft.com/en-us/sysinternals/downloads/debugview](http://docs.microsoft.com/en-us/sysinternals/downloads/debugview)** **Step 9 –** Open the Registry Editor (run regedit). Navigate to following location: -HKEY_LOCAL_MACHINE\SOFTWARE\EMC\CEE\Configuration +**HKEY_LOCAL_MACHINE\SOFTWARE\EMC\CEE\Configuration** **Step 10 –** Right-click on **Debug** and select Modify. The Edit DWORD Value window opens. In the Value data field, enter the value of 3F. Click OK, and the Edit DWORD Value window closes. -**NOTE:** If the Debug DWORD Value does not exist, it needs to be added. +:::note +If the Debug DWORD Value does not exist, it needs to be added. +::: + **Step 11 –** Right-click on **Verbose** and select Modify. The Edit DWORD Value window opens. In the Value data field, enter the value of 3F. Click OK, and the Edit DWORD Value window closes. -**NOTE:** If the Verbose DWORD Value does not exist, it needs to be added. +:::note +If the Verbose DWORD Value does not exist, it needs to be added. +::: + **Step 12 –** Run the Debug View tool (from Microsoft). In the Capture menu, select the following: @@ -134,57 +146,66 @@ and Enable monitoring. - Debug View Log (from Dell Debug View tool) - Use the **Collect Logs** button to collect debug logs from the activity agent -**_RECOMMENDED:_** After the logs have been gathered and sent to Netwrix Support, reset these +:::info +After the logs have been gathered and sent to Netwrix Support, reset these configurations. +::: + ## Linux CEE Debug Log The debug log is stored in `/opt/CEEPack/emc_cee_svc.log` file. To enable verbose logging set Debug and Verbose parameters under **Configuration** to 255 and restart the CEE. -**NOTE:** Debug logs should only be used for troubleshooting purposes. It's recommended to have +:::note +Debug logs should only be used for troubleshooting purposes. It's recommended to have Debug Logs disabled by default. +::: + ```xml ... - +**** 100 -255 +**255** 10 -10 +**10** 20 -255 +**255** 12228 - +**** 2 -5 +**5** 86400 - +**** -/opt/CEEPack/ +**/opt/CEEPack/** 100 - +**** ``` -**NOTE:** All protocol strings are case sensitive. +:::note +All protocol strings are case sensitive. + +::: diff --git a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellpowerscale/overview.md b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellpowerscale/overview.md index be73855400..72e910b537 100644 --- a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellpowerscale/overview.md +++ b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellpowerscale/overview.md @@ -27,13 +27,16 @@ These permissions grant the credential the ability to enumerate shares, access t and bypass NTFS security on folders. The credential used within the assigned Connection Profile for these target hosts requires these permissions. See the topic for instructions. -**NOTE:** These permissions are in addition to those needed to either deploy applet scans for +:::note +These permissions are in addition to those needed to either deploy applet scans for running scans in proxy mode with applet or installing the File System Proxy Service Permissions for running scans in proxy mode as a service. See the [File System Scan Options](/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/scanoptions.md) topic for additional information. +::: -Additional Sensitive Data Discovery Auditing Permission + +**Additional Sensitive Data Discovery Auditing Permission** In order to execute scoped Sensitive Data Discovery Auditing scans, the credential must also have the LOCAL:System provider selected in each access zone in which the shares to be scanned reside. @@ -161,12 +164,15 @@ It is also necessary to enable the Remote Registry Service on the Activity Agent For integration between the Activity Monitor and Enterprise Auditor, the credential used by Enterprise Auditor to read the activity log files must have also have this permission. -Dell Isilon/PowerScale Requirements +**Dell Isilon/PowerScale Requirements** Additionally, the EMC Common Event Enabler (CEE) should be installed on the Windows proxy server, where the activity agent is deployed. -**_RECOMMENDED:_** Use the latest available CEE version from the Dell Support website. +:::info +Use the latest available CEE version from the Dell Support website. +::: + EMC CEE requires .NET Framework 3.5 to be installed on the Windows proxy server in order for the EMC CEE service to start. @@ -175,7 +181,7 @@ See the [Dell Isilon/PowerScale Activity Auditing Configuration](/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellpowerscale/activity/activity.md) topic for instructions. -Activity Monitor Archive Location +**Activity Monitor Archive Location** If the activity log files are being archived, configurable within the Netwrix Activity Monitor Console, then the credential used by Enterprise Auditor to read the activity log files must also @@ -196,7 +202,7 @@ port range, which cannot be specified via an inbound rule. For more information, [Connecting to WMI on a Remote Computer](https://msdn.microsoft.com/en-us/library/windows/desktop/aa389290(v=vs.85).aspx) article. -Additional Firewall Rules for Dell Isilon/PowerScale Devices +**Additional Firewall Rules for Dell Isilon/PowerScale Devices** The following firewall settings are required for communication between the CEE server/ Activity Monitor Activity Agent server and the target Dell Isilon/PowerScale device: diff --git a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellunity/activity/activity.md b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellunity/activity/activity.md index a7f6e1d859..d1bb999b41 100644 --- a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellunity/activity/activity.md +++ b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellunity/activity/activity.md @@ -18,12 +18,12 @@ The Dell CEE Framework uses a “push” mechanism so a notification is sent onl when a transaction occurs. Daily activity log files are created only if activity is performed. No activity log file is created if there is no activity for the day. -Configuration Checklist +**Configuration Checklist** Complete the following checklist prior to configuring activity monitoring of Dell Unity devices. Instructions for each item of the checklist are detailed within the following topics. -Checklist Item 1: Plan Deployment +**Checklist Item 1: Plan Deployment** - Prior to beginning the deployment, gather the following: @@ -39,8 +39,11 @@ Checklist Item 2: - Dell CEE should be installed on the Windows proxy server(s) where the Activity Monitor activity agent will be deployed - **_RECOMMENDED:_** The latest version of Dell CEE is the recommended version to use with the + :::info + The latest version of Dell CEE is the recommended version to use with the asynchronous bulk delivery (VCAPS) feature. + ::: + - Important: @@ -49,13 +52,13 @@ Checklist Item 2: - Dell CEE 8.4.2 through Dell CEE 8.6.1 are not supported for use with the VCAPS feature - Dell CEE requires .NET Framework 3.5 to be installed on the Windows proxy server -Checklist Item 3: Dell Unity Device Configuration +**Checklist Item 3: Dell Unity Device Configuration** - Configure initial setup for a Unity device - [Unity Initial Setup with Unisphere](/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellunity/activity/setupunisphere.md) -Checklist Item 4: Activity Monitor Configuration +**Checklist Item 4: Activity Monitor Configuration** - Deploy the Activity Monitor activity agent to a Windows proxy server where Dell CEE was installed @@ -66,8 +69,11 @@ Checklist Item 4: Activity Monitor Configuration Checklist Item 5: Configure Dell CEE to Forward Events to the Activity Agent -**NOTE:** When Dell CEE is installed on Windows proxy server(s) where the Activity Monitor activity +:::note +When Dell CEE is installed on Windows proxy server(s) where the Activity Monitor activity agent will be deployed, the following steps are not needed. +::: + - Ensure the Dell CEE registry key has enabled set to 1 and has an EndPoint set to StealthAUDIT. - Ensure the Dell CAVA service and the Dell CEE Monitor service are running. diff --git a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellunity/activity/installcee.md b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellunity/activity/installcee.md index 1f76855670..c735596834 100644 --- a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellunity/activity/installcee.md +++ b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellunity/activity/installcee.md @@ -9,10 +9,16 @@ sidebar_position: 10 Dell CEE should be installed on a Windows or a Linux server. The Dell CEE software is not a Netwrix product. Dell customers have a support account with Dell to access the download. -_Remember,_ the latest version is the recommended version of Dell CEE. +:::tip +Remember, the latest version is the recommended version of Dell CEE. +::: -**_RECOMMENDED:_** The Dell CEE package can be installed on the Windows server where the Activity + +:::info +The Dell CEE package can be installed on the Windows server where the Activity Monitor agent will be deployed (recommended) or on any other Windows or Linux server. +::: + Follow the steps to install the Dell CEE. @@ -26,8 +32,11 @@ guide to install and configure the CEE. The installation will add two services t - EMC Checker Service (Display Name: EMC CAVA) - EMC CEE Monitor (Display Name: EMC CEE Monitor) -**_RECOMMENDED:_** The latest version of .NET Framework and Dell CEE is recommended to use with the +:::info +The latest version of .NET Framework and Dell CEE is recommended to use with the asynchronous bulk delivery (VCAPS) feature. +::: + After Dell CEE installation is complete, it is necessary to complete the [Unity Initial Setup with Unisphere](/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellunity/activity/setupunisphere.md). @@ -44,7 +53,7 @@ manually set the Dell CEE registry key to forward events. **Step 2 –** Navigate to following location: -HKEY_LOCAL_MACHINE\SOFTWARE\EMC\CEE\CEPP\AUDIT\Configuration +**HKEY_LOCAL_MACHINE\SOFTWARE\EMC\CEE\CEPP\AUDIT\Configuration** **Step 3 –** Right-click on **Enabled** and select Modify. The Edit DWORD Value window opens. @@ -56,11 +65,11 @@ window closes. **Step 6 –** In the Value data field, enter the StealthAUDIT value with the IP Address for the Windows proxy server hosting the Activity Monitor activity agent. Use the following format: -StealthAUDIT@[IP ADDRESS] +**StealthAUDIT@[IP ADDRESS]** Examples: -StealthAUDIT@192.168.30.15 +**StealthAUDIT@192.168.30.15** **Step 7 –** Click OK. The Edit String window closes. Registry Editor can be closed. diff --git a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellunity/activity/validate.md b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellunity/activity/validate.md index cabe6504ed..37a6948ef5 100644 --- a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellunity/activity/validate.md +++ b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellunity/activity/validate.md @@ -11,9 +11,12 @@ configuration must be validated to ensure events are being monitored. ## Validate CEE Registry Key Settings -**NOTE:** See the +:::note +See the [Configure Dell Registry Key Settings](/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellcelerravnx/activity/installcee.md#configure-dell-registry-key-settings) topic for information on manually setting the registry key. +::: + After the Activity Monitor activity agent has been configured to monitor the Dell device, it will configure the Dell CEE automatically if it is installed on the same server as the agent. This needs @@ -27,7 +30,7 @@ following steps. **Step 1 –** Navigate to the following windows registry key: -HKEY_LOCAL_MACHINE\SOFTWARE\EMC\CEE\CEPP\Audit\Configuration +**HKEY_LOCAL_MACHINE\SOFTWARE\EMC\CEE\CEPP\Audit\Configuration** ![registryeditorendpoint](/img/product_docs/activitymonitor/7.1/config/dellunity/registryeditorendpoint.webp) @@ -40,19 +43,22 @@ agent in the following formats: - For the HTTP protocol,` StealthAUDIT@http://'ip-address-of-the-agent':'port'` -**NOTE:** All protocol strings are case sensitive. The EndPoint parameter may also contain values +:::note +All protocol strings are case sensitive. The EndPoint parameter may also contain values for other applications, separated with semicolons. +::: + **Step 4 –** If you changed any of the settings, restart the CEE Monitor service. -For Asynchronous Bulk Delivery Mode +**For Asynchronous Bulk Delivery Mode** For the asynchronous bulk delivery mode with a cadence based on a time period or a number of events (VCAPS), use the following steps. **Step 1 –** Navigate to the following windows registry key: -HKEY_LOCAL_MACHINE\SOFTWARE\EMC\CEE\CEPP\VCAPS\Configuration +**HKEY_LOCAL_MACHINE\SOFTWARE\EMC\CEE\CEPP\VCAPS\Configuration** **Step 2 –** Ensure that the Enabled parameter is set to 1. @@ -62,8 +68,11 @@ agent in the following formats: - For the RPC protocol, `StealthVCAPS@'ip-address-of-the-agent'` - For the HTTP protocol, `StealthVCAPS@http://'ip-address-of-the-agent':'port'` -**NOTE:** All protocol strings are case sensitive. The EndPoint parameter may also contain values +:::note +All protocol strings are case sensitive. The EndPoint parameter may also contain values for other applications, separated with semicolons. +::: + **Step 4 –** Ensure that the FeedInterval parameter is set to a value between 60 and 600; the MaxEventsPerFeed - between 10 and 10000. @@ -106,21 +115,27 @@ and Disable monitoring. **Step 8 –** Download and install the Debug View tool from Microsoft on the CEE server: -> [http://docs.microsoft.com/en-us/sysinternals/downloads/debugview](http://docs.microsoft.com/en-us/sysinternals/downloads/debugview) +**> [http://docs.microsoft.com/en-us/sysinternals/downloads/debugview](http://docs.microsoft.com/en-us/sysinternals/downloads/debugview)** **Step 9 –** Open the Registry Editor (run regedit). Navigate to following location: -HKEY_LOCAL_MACHINE\SOFTWARE\EMC\CEE\Configuration +**HKEY_LOCAL_MACHINE\SOFTWARE\EMC\CEE\Configuration** **Step 10 –** Right-click on **Debug** and select Modify. The Edit DWORD Value window opens. In the Value data field, enter the value of 3F. Click OK, and the Edit DWORD Value window closes. -**NOTE:** If the Debug DWORD Value does not exist, it needs to be added. +:::note +If the Debug DWORD Value does not exist, it needs to be added. +::: + **Step 11 –** Right-click on **Verbose** and select Modify. The Edit DWORD Value window opens. In the Value data field, enter the value of 3F. Click OK, and the Edit DWORD Value window closes. -**NOTE:** If the Verbose DWORD Value does not exist, it needs to be added. +:::note +If the Verbose DWORD Value does not exist, it needs to be added. +::: + **Step 12 –** Run the Debug View tool (from Microsoft). In the Capture menu, select the following: @@ -138,5 +153,8 @@ and Enable monitoring. - Debug View Log (from Dell Debug View tool) - Use the **Collect Logs** button to collect debug logs from the activity agent -**_RECOMMENDED:_** After the logs have been gathered and sent to Netwrix Support, reset these +:::info +After the logs have been gathered and sent to Netwrix Support, reset these configurations. + +::: diff --git a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellunity/overview.md b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellunity/overview.md index ff9020cd2b..114d4a906f 100644 --- a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellunity/overview.md +++ b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellunity/overview.md @@ -27,13 +27,16 @@ these target hosts requires these permissions. See the [Dell Unity Access & Sensitive Data Auditing Configuration](/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellunity/access.md) topic for instructions. -**NOTE:** These permissions are in addition to those needed to either deploy applet scans for +:::note +These permissions are in addition to those needed to either deploy applet scans for running scans in proxy mode with applet or installing the File System Proxy Service Permissions for running scans in proxy mode as a service. See the [File System Scan Options](/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/scanoptions.md) topic for additional information. +::: -Troubleshooting Dell Unity Denied Access Errors + +**Troubleshooting Dell Unity Denied Access Errors** If there are folders to which the credential is denied access, it is likely that the Backup Operators group does not have the “Back up files and directories” right. In that case, it is @@ -67,12 +70,15 @@ It is also necessary to enable the Remote Registry Service on the Activity Agent For integration between the Activity Monitor and Enterprise Auditor, the credential used by Enterprise Auditor to read the activity log files must have also have this permission. -Dell Unity Requirements +**Dell Unity Requirements** Additionally, the EMC Common Event Enabler (CEE) should be installed on the Windows proxy server, where the activity agent is deployed. -**_RECOMMENDED:_** Use the latest available CEE version from the Dell Support website. +:::info +Use the latest available CEE version from the Dell Support website. +::: + EMC CEE requires .NET Framework 3.5 to be installed on the Windows proxy server in order for the EMC CEE service to start. @@ -81,7 +87,7 @@ See the [Dell Unity Activity Auditing Configuration](/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellunity/activity/activity.md) topic for instructions. -Activity Monitor Archive Location +**Activity Monitor Archive Location** If the activity log files are being archived, configurable within the Netwrix Activity Monitor Console, then the credential used by Enterprise Auditor to read the activity log files must also @@ -102,7 +108,7 @@ port range, which cannot be specified via an inbound rule. For more information, [Connecting to WMI on a Remote Computer](https://msdn.microsoft.com/en-us/library/windows/desktop/aa389290(v=vs.85).aspx) article. -Additional Firewall Rules for Dell Unity Devices +**Additional Firewall Rules for Dell Unity Devices** The following firewall settings are required for communication between the CEE server/ Activity Monitor Activity Agent server and the target Dell device: diff --git a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/filesystems.md b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/filesystems.md index 61a0cba0be..129aa2f50f 100644 --- a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/filesystems.md +++ b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/filesystems.md @@ -14,29 +14,35 @@ Monitoring (FSAC), and Sensitive Data Discovery Auditing scans. The Activity Mon also require an additional application, either Netwrix Activity Monitor or Netwrix Threat Prevention, to monitor the target environment. -**NOTE:** Access Auditing and Sensitive Data Discovery Auditing support CIFS and NFSv3. +:::note +Access Auditing and Sensitive Data Discovery Auditing support CIFS and NFSv3. +::: + Ports and permissions vary based on the scan mode option selected as well as the target environment. -Data Collectors +**Data Collectors** This solution employs the following data collector to scan the target environment: - [ADInventory Data Collector](/docs/accessanalyzer/11.6/admin/datacollector/adinventory/overview.md) - [FileSystemAccess Data Collector](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/overview.md) -Permissions and Ports for ADInventory Data Collector Prerequisite +**Permissions and Ports for ADInventory Data Collector Prerequisite** The following permissions are needed: - Read access to directory tree - List Contents & Read Property on the Deleted Objects Container - **NOTE:** See the Microsoft + :::note + See the Microsoft [Searching for Deleted Objects](https://technet.microsoft.com/en-us/library/cc978013.aspx) article and the Microsoft [Dsacls](https://technet.microsoft.com/en-us/library/cc771151(v=ws.11).aspx) article for additional information. + ::: + The following firewall ports are needed: @@ -44,7 +50,7 @@ The following firewall ports are needed: - TCP 135-139 - Randomly allocated high TCP ports -Permissions and Ports for FileSystemAccess Data Collector +**Permissions and Ports for FileSystemAccess Data Collector** - Permissions vary based on the Scan Mode Option selected. See the File System Supported Platforms topic for additional information. @@ -61,11 +67,11 @@ See the [Windows File Server Target Requirements](/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/windowsfile/overview.md) topic for target environment requirements. -Windows File System Clusters +**Windows File System Clusters** See the topic for target environment requirements. -Windows File System DFS Namespaces +**Windows File System DFS Namespaces** See the topic for target environment requirements. @@ -73,7 +79,7 @@ See the topic for target environment requirements. The following are supported Network Attached Storage (NAS) devices. -Dell Celerra® & VNX +**Dell Celerra® & VNX** - Celerra 6.0+ - VNX 7.1 @@ -83,7 +89,7 @@ See the [Dell Celerra & Dell VNX Target Requirements](/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellcelerravnx/overview.md) topic for target environment requirements. -Dell Isilon/PowerScale +**Dell Isilon/PowerScale** - 7.0+ @@ -91,13 +97,13 @@ See the [Dell Isilon/PowerScale Target Requirements](/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellpowerscale/overview.md) topic for target environment requirements. -Dell Unity +**Dell Unity** See the [Dell Unity Target Requirements](/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/dellunity/overview.md) topic for target environment requirements. -Hitachi +**Hitachi** - 11.2+ @@ -105,7 +111,7 @@ See the [Hitachi Target Requirements](/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/hitachi/overview.md) topic for target environment requirements. -Nasuni Nasuni Edge Appliances +**Nasuni Nasuni Edge Appliances** - 8.0+ @@ -113,25 +119,28 @@ See the [Nasuni Target Requirements](/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/nasuni/overview.md) topic for target environment requirements. -NetApp Data ONTAP +**NetApp Data ONTAP** - 7-Mode 7.3+ - Cluster-Mode 8.2+ - **NOTE:** The Resiliency feature introduced in ONTAP 9.0 is not supported. + :::note + The Resiliency feature introduced in ONTAP 9.0 is not supported. + ::: + See the following topics for target environment requirements: - [NetApp Data ONTAP Cluster-Mode Target Requirements](/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netappcmode/overview.md) - [NetApp Data ONTAP 7-Mode Target Requirements](/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netapp7mode/overview.md) -Nutanix +**Nutanix** See the [Nutanix Target Requirements](/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/nutanix/overview.md) topic for target environment requirements. -Qumulo +**Qumulo** - Qumulo Core 5.0.0.1B+ diff --git a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/hitachi/activity/activity.md b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/hitachi/activity/activity.md index e5c4644ecd..0851cb0914 100644 --- a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/hitachi/activity/activity.md +++ b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/hitachi/activity/activity.md @@ -29,7 +29,10 @@ that is required of the user for HNAS activity collection is the following: - The Activity Monitor minimizes IO by remembering a file offset where it stopped reading and continuing from that offset next time. -**CAUTION:** The following disclaimer is provided by Hitachi: +:::warning +The following disclaimer is provided by Hitachi: +::: + “Because CIFS defines open and close operations, auditing file system object access performed by clients using other protocols would be costly in terms of system performance, because each I/O @@ -38,12 +41,15 @@ enabled, by default, only clients connecting through the CIFS protocol are allow file system.** Access by clients using other protocols, like NFS, can, however, be allowed. When such access is allowed, access to file system objects through these protocols is not audited.” -**NOTE:** File system auditing can be configured to deny access to clients connecting with protocols +:::note +File system auditing can be configured to deny access to clients connecting with protocols that cannot be audited (NFS). Please see the Hitachi [Server and Cluster Administration Guide](https://support.hds.com/download/epcra/hnas0106.pdf) for additional information. +::: + -Configuration Checklist +**Configuration Checklist** Complete the following checklist prior to configuring activity monitoring of Hitachi devices. Instructions for each item of the checklist are detailed within the following topics. @@ -54,6 +60,6 @@ Checklist Item 1: Checklist Item 2: [Configure Access to HNAS Audit Logs on Activity Agent Server](/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/hitachi/activity/configureaccesstologs.md) -Checklist Item 3: Activity Monitor Configuration +**Checklist Item 3: Activity Monitor Configuration** - Deploy the Activity Monitor Activity Agent to a Windows proxy server diff --git a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/hitachi/overview.md b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/hitachi/overview.md index bc20b37bb1..75ae42426d 100644 --- a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/hitachi/overview.md +++ b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/hitachi/overview.md @@ -21,11 +21,14 @@ target host: This permission grants the credential read access to all target folders and files. The credential used within the assigned Connection Profile for these target hosts requires these permissions. -**NOTE:** These permissions are in addition to those needed to either deploy applet scans for +:::note +These permissions are in addition to those needed to either deploy applet scans for running scans in proxy mode with applet or installing the File System Proxy Service Permissions for running scans in proxy mode as a service. See the [File System Scan Options](/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/scanoptions.md) topic for additional information. +::: + ## Access & Sensitive Data Auditing Port Requirements @@ -51,7 +54,7 @@ It is also necessary to enable the Remote Registry Service on the Activity Agent For integration between the Activity Monitor and Enterprise Auditor, the credential used by Enterprise Auditor to read the activity log files must have also have this permission. -Hitachi Requirements +**Hitachi Requirements** A Hitachi device can host multiple Enterprise Virtual Servers (EVS). Each EVS has multiple file systems. Auditing is enabled and configured per file system. HNAS generates the audit log files in @@ -68,7 +71,7 @@ See the [Hitachi Activity Auditing Configuration](/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/hitachi/activity/activity.md) topic for instructions. -Activity Monitor Archive Location +**Activity Monitor Archive Location** If the activity log files are being archived, configurable within the Netwrix Activity Monitor Console, then the credential used by Enterprise Auditor to read the activity log files must also diff --git a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/nasuni/access.md b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/nasuni/access.md index de1820e781..d39752986a 100644 --- a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/nasuni/access.md +++ b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/nasuni/access.md @@ -27,8 +27,11 @@ The API Access Keys page opens. Both the Key Name and the Key Passcode are required for each Nasuni Edge Appliance and cloud filer. They are used as the credentials in the Enterprise Auditor Connection Profile for 0-FS_Nasuni Job. -**NOTE:** Nasuni API key names are case sensitive. When providing them, ensure they are entered in +:::note +Nasuni API key names are case sensitive. When providing them, ensure they are entered in the exact same case as generated. +::: + See the Nasuni [Management Console Guide](https://nasuni.my.salesforce.com/sfc/p/#management-console-guide) @@ -53,8 +56,11 @@ Name for the key; for example, the name of the application. Both the Key Name and the Key Passcode are required for each Nasuni Edge Appliance and cloud filer. They are used as the credentials in the Enterprise Auditor Connection Profile for 0-FS_Nasuni Job. -**NOTE:** Nasuni API key names are case sensitive. When providing them, ensure they are entered in +:::note +Nasuni API key names are case sensitive. When providing them, ensure they are entered in the exact same case as generated. +::: + See the [Nasuni Management Console Guide](https://nasuni.my.salesforce.com/sfc/p/#nasuni-management-console-guide) diff --git a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/nasuni/activity.md b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/nasuni/activity.md index cf9cc8b34e..b4a1c231fb 100644 --- a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/nasuni/activity.md +++ b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/nasuni/activity.md @@ -11,12 +11,12 @@ Appliance generates its own audit trail. An API Access Key is used by the Activi network connection to the appliance. Nasuni will then stream event data to the activity agent. See [Nasuni Support Documentation](https://www.nasuni.com/support/) for additional information. -Configuration Checklist +**Configuration Checklist** Complete the following checklist prior to configuring activity monitoring of Nasuni Edge Appliances. Instructions for each item of the checklist are detailed within the following topics. -Checklist Item 1: Generate Nasuni API Access Key +**Checklist Item 1: Generate Nasuni API Access Key** - Generate an API Access Key for each Nasuni Edge Appliance to be monitored through one of the following: @@ -24,7 +24,7 @@ Checklist Item 1: Generate Nasuni API Access Key - Nasuni Filer Management Interface - Nasuni Management Console -Checklist Item 2: Activity Monitor Configuration +**Checklist Item 2: Activity Monitor Configuration** - Deploy the Activity Monitor activity agent to a Windows proxy server @@ -47,8 +47,11 @@ Both the Key Name and the Key Passcode are required by the Activity Monitor in o the Nasuni Edge Appliance. Once the API Key has been generated, it is time to configure and enable monitoring with the Activity Monitor console. -**NOTE:** Nasuni API key names are case sensitive. When providing them, ensure they are entered in +:::note +Nasuni API key names are case sensitive. When providing them, ensure they are entered in the exact same case as generated. +::: + ## Nasuni Management Console @@ -70,5 +73,8 @@ Both the Key Name and the Key Passcode are required by the Activity Monitor in o the Nasuni Edge Appliance. Once the API Key has been generated, it is time to configure and enable monitoring with the Activity Monitor console. -**NOTE:** Nasuni API key names are case sensitive. When providing them, ensure they are entered in +:::note +Nasuni API key names are case sensitive. When providing them, ensure they are entered in the exact same case as generated. + +::: diff --git a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/nasuni/overview.md b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/nasuni/overview.md index b086ccffbc..2ddd4251f7 100644 --- a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/nasuni/overview.md +++ b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/nasuni/overview.md @@ -24,11 +24,14 @@ for these target hosts requires these permissions. See the [Nasuni Edge Appliance Access & Sensitive Data Auditing Configuration](/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/nasuni/access.md) topic for instructions. -**NOTE:** These permissions are in addition to those needed to either deploy applet scans for +:::note +These permissions are in addition to those needed to either deploy applet scans for running scans in proxy mode with applet or installing the File System Proxy Service Permissions for running scans in proxy mode as a service. See the [File System Scan Options](/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/scanoptions.md) topic for additional information. +::: + ## Access & Sensitive Data Auditing Port Requirements @@ -54,13 +57,13 @@ It is also necessary to enable the Remote Registry Service on the Activity Agent For integration between the Activity Monitor and Enterprise Auditor, the credential used by Enterprise Auditor to read the activity log files must have also have this permission. -Nasuni Edge Appliance Requirements +**Nasuni Edge Appliance Requirements** Additionally, it is necessary to generate an API Access Key for Nasuni activity monitoring. See the [Nasuni Edge Appliance Activity Auditing Configuration](/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/nasuni/activity.md) topic for instructions. -Activity Monitor Archive Location +**Activity Monitor Archive Location** If the activity log files are being archived, configurable within the Netwrix Activity Monitor Console, then the credential used by Enterprise Auditor to read the activity log files must also @@ -81,7 +84,7 @@ port range, which cannot be specified via an inbound rule. For more information, [Connecting to WMI on a Remote Computer](https://msdn.microsoft.com/en-us/library/windows/desktop/aa389290(v=vs.85).aspx) article. -Additional Firewall Rules for Nasuni Edge Appliance +**Additional Firewall Rules for Nasuni Edge Appliance** The following firewall settings are required for communication between the Activity Monitor Activity Agent server and the target Nasuni Edge Appliance: diff --git a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netapp7mode/access/access.md b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netapp7mode/access/access.md index a572928547..745d396054 100644 --- a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netapp7mode/access/access.md +++ b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netapp7mode/access/access.md @@ -43,13 +43,16 @@ have: - Group membership in the local Administrators group -**NOTE:** All NetApp groups are assigned an RID. Built-in NetApp groups such as Power Users and +:::note +All NetApp groups are assigned an RID. Built-in NetApp groups such as Power Users and Backup Operators are assigned specific RID values. On 7-Mode NetApp devices, system access checks for a group are identified by the RID assigned to the group and not by the role it has. Therefore, application’s ability to bypass access checks with the Power Users and Backup Operators group has nothing to do with the power role or the backup role. Neither role is required. For example, the built-in Power User group, even when stripped of all roles, still has more file system access capabilities than any other non-built-in group. +::: + If only running the Access Auditing (FSAA) and/or Sensitive Data Discovery Auditing scans, proceed to the diff --git a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netapp7mode/activity/activity.md b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netapp7mode/activity/activity.md index 0525b612de..afeb718bc4 100644 --- a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netapp7mode/activity/activity.md +++ b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netapp7mode/activity/activity.md @@ -27,13 +27,13 @@ The NetApp FPolicy uses a “push” mechanism such that notification will only agent when a transaction occurs. Daily activity log files are created only if activity is performed. No activity log file will be created if there is no activity for the day. -Configuration Checklist +**Configuration Checklist** Complete the following checklist prior to configuring activity monitoring of NetApp Data ONTAP 7-Mode devices. Instructions for each item of the checklist are detailed within the following topics. -Checklist Item 1: Plan Deployment +**Checklist Item 1: Plan Deployment** - Gather the following information: - Names of the vFiler™(s) to be monitored @@ -71,7 +71,7 @@ Checklist Item 2: - ONTAP Power Users - ONTAP Backup Operators -Checklist Item 3: Firewall Configuration +**Checklist Item 3: Firewall Configuration** - HTTP (80) or HTTPS (443) - HTTP or HTTPS protocols need to be enabled on the NetApp filer @@ -89,18 +89,24 @@ Checklist Item 4: - FPolicy operates on the vFiler so the FPolicy must be created on the vFiler - **NOTE:** Activity Monitor must target the vFiler + :::note + Activity Monitor must target the vFiler + ::: + - Select method: - **_RECOMMENDED:_** Configure FPolicy Manually – A tailored FPolicy + :::info + Configure FPolicy Manually – A tailored FPolicy + ::: + - Allow the Activity Monitor to create an FPolicy automatically - This option is enabled when the Activity Monitor agent is configured to monitor the NetApp device on the NetApp FPolicy Configuration page of the Add New Hosts window. - It monitors all file system activity. -Checklist Item 5: Activity Monitor Configuration +**Checklist Item 5: Activity Monitor Configuration** - Deploy the Activity Monitor Activity Agent to a Windows proxy server - Configure the Activity Agent to monitor the NetApp device diff --git a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netapp7mode/activity/configurefpolicy.md b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netapp7mode/activity/configurefpolicy.md index 900670159c..09fa54419c 100644 --- a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netapp7mode/activity/configurefpolicy.md +++ b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netapp7mode/activity/configurefpolicy.md @@ -8,9 +8,12 @@ sidebar_position: 30 Select a method to configure the FPolicy for NetApp Data ONTAP 7-Mode devices: -**_RECOMMENDED:_** +**:::info** + [Manually Configure FPolicy (Recommended Option)](#manually-configure-fpolicy-recommended-option) – A tailored FPolicy +::: + - If using vFilers the FPolicy must be created on the vFiler, and the Activity Monitor must target the vFiler. This is because FPolicy operates on the affected vFiler. Therefore, when executing diff --git a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netapp7mode/activity/customizefpolicy.md b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netapp7mode/activity/customizefpolicy.md index 997bf993f0..77843dad69 100644 --- a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netapp7mode/activity/customizefpolicy.md +++ b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netapp7mode/activity/customizefpolicy.md @@ -12,7 +12,7 @@ file. After the monitoring agent has been deployed, follow the steps. **Step 1 –** Open to the `sbtfilemon.ini` file on the agent server in a text editor: -…\STEALTHbits\StealthAUDIT\FSAC +**…\STEALTHbits\StealthAUDIT\FSAC** **Step 2 –** Add the following parameter: diff --git a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netapp7mode/activity/provisionactivity.md b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netapp7mode/activity/provisionactivity.md index 801c294610..690a741a7c 100644 --- a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netapp7mode/activity/provisionactivity.md +++ b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netapp7mode/activity/provisionactivity.md @@ -35,9 +35,12 @@ api-fpolicy* cli-fpolicy* ``` -**NOTE:** The `api-fpolicy*` command is required for automatic configuration of FPolicy. The +:::note +The `api-fpolicy*` command is required for automatic configuration of FPolicy. The `cli-fpolicy*` command is required to use the “Enable and connect FPolicy” option for a Monitored Host configuration. +::: + The following command needs to be run to create the role. diff --git a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netapp7mode/overview.md b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netapp7mode/overview.md index 43abc1ab57..a4d1cafe78 100644 --- a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netapp7mode/overview.md +++ b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netapp7mode/overview.md @@ -26,11 +26,14 @@ these target hosts requires these permissions. See the [NetApp Data ONTAP 7-Mode Access & Sensitive Data Auditing Configuration](/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netapp7mode/access/access.md) topic for instructions. -**NOTE:** These permissions are in addition to those needed to either deploy applet scans for +:::note +These permissions are in addition to those needed to either deploy applet scans for running scans in proxy mode with applet or installing the File System Proxy Service Permissions for running scans in proxy mode as a service. See the [File System Scan Options](/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/scanoptions.md) topic for additional information. +::: + ## Access & Sensitive Data Auditing Port Requirements @@ -56,7 +59,7 @@ It is also necessary to enable the Remote Registry Service on the Activity Agent For integration between the Activity Monitor and Enterprise Auditor, the credential used by Enterprise Auditor to read the activity log files must have also have this permission. -NetApp Data ONTAP 7-Mode Device Requirements +**NetApp Data ONTAP 7-Mode Device Requirements** An FPolicy must be configured on the target device for Activity Auditing (FSAC) scans. A tailored FPolicy is recommended as it decreases the impact on the NetApp device. The credential associated @@ -96,7 +99,7 @@ See the [NetApp Data ONTAP 7-Mode Activity Auditing Configuration](/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netapp7mode/activity/activity.md) topic for instructions. -Activity Monitor Archive Location +**Activity Monitor Archive Location** If the activity log files are being archived, configurable within the Netwrix Activity Monitor Console, then the credential used by Enterprise Auditor to read the activity log files must also @@ -136,9 +139,12 @@ Agent server and the target NetApp Data ONTAP 7-Mode device: \*Only required if using the FPolicy Configuration and FPolicy Enable and Connect options in Activity Monitor. -**NOTE:** If either HTTP or HTTPS are not enabled, the FPolicy on the NetApp Data ONTAP 7-Mode +:::note +If either HTTP or HTTPS are not enabled, the FPolicy on the NetApp Data ONTAP 7-Mode device must be configured manually. Also, the External Engine will not reconnect automatically in the case of a server reboot or service restart. +::: + Additional Firewall Rules for Integration between Enterprise Auditor and Activity Monitor diff --git a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netappcmode/access/access.md b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netappcmode/access/access.md index 5a3172d793..7e18d6ebb6 100644 --- a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netappcmode/access/access.md +++ b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netappcmode/access/access.md @@ -126,15 +126,21 @@ vserver cifs share access-control create -share c$ -user-or-group [USER_OR_GROUP If an existing ACE needs to be modified, the following command should be used: -**CAUTION:** The following command will overwrite an existing ACE. For example, it is possible to +:::warning +The following command will overwrite an existing ACE. For example, it is possible to downgrade a user with Full_Control to Read, or vice versa. +::: + ``` vserver cifs share access-control modify -share c$ -user-or-group [USER_OR_GROUP_NAME] -permission Read -vserver [SVM_NAME] ``` -**NOTE:** If users would prefer to avoid permissioning C$, then there is an alternative. Users can +:::note +If users would prefer to avoid permissioning C$, then there is an alternative. Users can instead give the SVM's Backup Operators group read-only access to each share to be scanned. +::: + In order to utilize Enterprise Auditor’s LAT Preservation (Last Access Time) feature during sensitive data scans and metadata tag collection, applying ONTAP’s SeRestorePrivilege to the service @@ -176,8 +182,11 @@ Use the following commands to give the Service Account Read-only Access to NetAp cifs share access-control create ‑vserver [SVM_NAME] ‑share c$ ‑user-or-group [USER_OR_GROUP_NAME] ‑permission Read ``` -**NOTE:** In the previous command, "create" needs to be replaced with "modify" if the CIFS share ACE +:::note +In the previous command, "create" needs to be replaced with "modify" if the CIFS share ACE already exists for the share/user combination. +::: + Use the following commands to verify the results from the previous command: @@ -190,10 +199,13 @@ cifs share access-control show ‑vserver [SVM_NAME] ‑share c$ The following is a list of example commands that can be used to configure a NetApp export policy to scan a volume via NFSv3 using the Enterprise Auditor File System Solution. -**CAUTION:** The export policy for a volume's parent (ex. the SVM's root volume), or the export +:::warning +The export policy for a volume's parent (ex. the SVM's root volume), or the export policy for a qtree's parent, must have access rights that are equal or wider in scope to the export policy for the target volume/qtree. If Enterprise Auditor cannot access all segments of a target volume/qtree's junction path, then NFS access will be denied. +::: + Use the following command to create an export policy: diff --git a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netappcmode/access/configureemptyfpolicy.md b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netappcmode/access/configureemptyfpolicy.md index 1bbaacf172..0dab54433c 100644 --- a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netappcmode/access/configureemptyfpolicy.md +++ b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netappcmode/access/configureemptyfpolicy.md @@ -18,8 +18,11 @@ is necessary to: - [Create Empty FPolicy Scope](#create-empty-fpolicy-scope) - [Enable the Empty FPolicy](#enable-the-empty-fpolicy) -**NOTE:** The commands in the following sections have been verified for NetApp Data ONTAP 9.6+. +:::note +The commands in the following sections have been verified for NetApp Data ONTAP 9.6+. Users of older versions should consult the NetApp documentation to find the appropriate syntax. +::: + ## Create Security Role for FSAA Scans @@ -101,13 +104,14 @@ article. Once the access control role has been created, apply it to a domain account. -**CAUTION:** - - The SVM used in the following command must be the same SVM used when creating the role. See the [Create Security Role for FSAA Scans](#create-security-role-for-fsaa-scans) topic for additional information. - **CAUTION:** Cluster-Mode is case sensitive. + :::warning + Cluster-Mode is case sensitive. + ::: + - It is recommended to use lowercase for both domain and username. The case of domain and username created during the account provisioning process must match exactly to the credentials provided to @@ -171,7 +175,10 @@ IMPORTANT: - `extern-engine-type asynchronous` - `ssl-option no-auth` -**CAUTION:** Cluster-Mode is case sensitive. +:::warning +Cluster-Mode is case sensitive. +::: + Use the following command to create the external engine: @@ -216,7 +223,10 @@ IMPORTANT: - `event-name StealthAUDITScreening` - `volume-operation true` -**CAUTION:** Cluster-Mode is case sensitive. +:::warning +Cluster-Mode is case sensitive. +::: + Use the following command to create the FPolicy event: @@ -269,7 +279,10 @@ IMPORTANT: additional information. - `policy-name StealthAUDIT` -**CAUTION:** Cluster-Mode is case sensitive. +:::warning +Cluster-Mode is case sensitive. +::: + Use the following command to create the FPolicy policy: diff --git a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netappcmode/activity/activity.md b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netappcmode/activity/activity.md index cbe89821d7..14c513620b 100644 --- a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netappcmode/activity/activity.md +++ b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netappcmode/activity/activity.md @@ -34,8 +34,11 @@ server or mutual authentication. FPolicy may have a significant impact on file system throughput, and it is always a best practice to monitor performance when enabling FPolicy. -**_RECOMMENDED:_** Create a tailored FPolicy which only collects the desired activity from the +:::info +Create a tailored FPolicy which only collects the desired activity from the environment to limit the scope and impact. +::: + For scale-out and fault tolerance purposes, the product supports a range of deployment options. A single agent can receive events from multiple SVMs. Or events from a single SVM can be distributed @@ -43,13 +46,13 @@ among multiple agents. Or a set of SVMs can distribute events among a set of age depends on the fault tolerance requirements and the expected event flow. As a rule of thumb, the _average_ load on a single agent should not exceed 5000 events per second. -Configuration Checklist +**Configuration Checklist** Complete the following checklist prior to configuring the activity monitoring of NetApp Data ONTAP Cluster-Mode devices. Instructions for each item of the checklist are detailed within the following sections. -Checklist Item 1: Plan Deployment +**Checklist Item 1: Plan Deployment** - Gather the following information: @@ -200,7 +203,7 @@ Checklist Item 4: configuration. - Requires a Privileged Access credential be provided. -Checklist Item 5: Activity Monitor Configuration +**Checklist Item 5: Activity Monitor Configuration** - Deploy the Activity Monitor Agent to a Windows server. - Configure the Agent to monitor the SVM. diff --git a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netappcmode/activity/configurefpolicy.md b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netappcmode/activity/configurefpolicy.md index e404885467..412cfded0d 100644 --- a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netappcmode/activity/configurefpolicy.md +++ b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netappcmode/activity/configurefpolicy.md @@ -78,7 +78,7 @@ del cert.pem key.pem .rnd openssl.exe req x509 newkey rsa:2048 keyout key.pem out cert.pem days 365 nodes subj "/CN=testagentserver" -copy cert.pem+key.pem agentkey.pem +**copy cert.pem+key.pem agentkey.pem** del cert.pem key.pem .rnd @@ -218,7 +218,10 @@ IMPORTANT: - `ssl-option no-auth` - `send-buffer-size 6291456`, for ONTAP 9.10+ use `send-buffer-size 8388608` -**CAUTION:** All parameters are case sensitive. +:::warning +All parameters are case sensitive. +::: + Use the following command to create the external engine: @@ -296,8 +299,11 @@ IMPORTANT: file with the intent to delete it, according to the `FILE_DELETE_ON_CLOSE` flag specification - **NOTE:** File open operations are only supported with the `open-with-delete-intent` + :::note + File open operations are only supported with the `open-with-delete-intent` filter applied. + ::: + - `read` – File read operations @@ -345,7 +351,10 @@ IMPORTANT: - NFSv4: `open, create, create_dir, read, write, delete, delete_dir, rename, rename_dir, setattr, link` -**CAUTION:** All parameters are case sensitive. +:::warning +All parameters are case sensitive. +::: + Use the following command to create the FPolicy event for CIFS protocols: @@ -430,7 +439,10 @@ IMPORTANT: - `privileged-user-name`, which must be a provisioned FPolicy account - `allow-privileged-access yes` -**CAUTION:** All parameters are case sensitive. +:::warning +All parameters are case sensitive. +::: + Use the following command to create the FPolicy policy to monitor both CIFS and NFS protocols: diff --git a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netappcmode/activity/provisionactivity.md b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netappcmode/activity/provisionactivity.md index 6da1112d1d..a2b3695483 100644 --- a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netappcmode/activity/provisionactivity.md +++ b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netappcmode/activity/provisionactivity.md @@ -104,10 +104,13 @@ security login rest-role create -role enterpriseauditorrest -api "/api/storage/v security login rest-role create -role enterpriseauditorrest -api "/api/svm/svms" -access readonly -vserver testserver ``` -**NOTE:** If the FPolicy account is configured with these permissions, it is necessary to manually +:::note +If the FPolicy account is configured with these permissions, it is necessary to manually configure the FPolicy. See the [Configure FPolicy](/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netappcmode/activity/configurefpolicy.md) topic for additional information. +::: + ### Less Privileged: Enable/Connect FPolicy & Collect Events @@ -125,11 +128,14 @@ permissions to collect events: - `vserver fpolicy disable` – All access - `vserver fpolicy enable` – All access - _Remember,_ this permission permits the Activity Monitor to enable the FPolicy. If the “Enable + :::tip + Remember, this permission permits the Activity Monitor to enable the FPolicy. If the “Enable and connect FPolicy” option is employed but the permission is not provided, the agent will encounter “Failed to enable policy” errors, but it will still be able to connect to the FPolicy. Since this permission model requires a manual configuration of the FPolicy, then the need to manually enable the FPolicy will be met. + ::: + - `vserver fpolicy engine-connect` – All access @@ -188,10 +194,13 @@ security login rest-role create -role enterpriseauditorrest -api "/api/network/i security login rest-role create -role enterpriseauditorrest -api "/api/protocols/fpolicy" -access all -vserver testserver ``` -**NOTE:** If the FPolicy account is configured with these permissions, it is necessary to manually +:::note +If the FPolicy account is configured with these permissions, it is necessary to manually configure the FPolicy. See the [Configure FPolicy](/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netappcmode/activity/configurefpolicy.md) topic for additional information. +::: + ### Automatically Configure the FPolicy @@ -209,7 +218,10 @@ requires the following permissions: - `vserver fpolicy` – All access - `security certificate install` – All access - _Remember,_ this permission is only needed for FPolicy TLS connections. + :::tip + Remember, this permission is only needed for FPolicy TLS connections. + ::: + Use the following command to provision access to all required commands: @@ -269,10 +281,13 @@ security login rest-role create -role enterpriseauditorrest -api "/api/protocols security login rest-role create -role enterpriseauditorrest -api "/api/security/certificates" -access all -vserver testserver ``` -**NOTE:** If the FPolicy account is configured with these permissions, the Activity Monitor can +:::note +If the FPolicy account is configured with these permissions, the Activity Monitor can automatically configure the FPolicy. See the [Configure FPolicy](/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netappcmode/activity/configurefpolicy.md) topic for additional information. +::: + ### Enterprise Auditor Integration diff --git a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netappcmode/overview.md b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netappcmode/overview.md index c25ddb5ddf..3812c4f488 100644 --- a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netappcmode/overview.md +++ b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netappcmode/overview.md @@ -40,11 +40,14 @@ these target hosts requires these permissions. See the [NetApp Data ONTAP Cluster-Mode Access & Sensitive Data Auditing Configuration](/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netappcmode/access/access.md) topic for instructions. -**NOTE:** These permissions are in addition to those needed to either deploy applet scans for +:::note +These permissions are in addition to those needed to either deploy applet scans for running scans in proxy mode with applet or installing the File System Proxy Service Permissions for running scans in proxy mode as a service. See the [File System Scan Options](/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/scanoptions.md) topic for additional information. +::: + ## Access & Sensitive Data Auditing Port Requirements @@ -70,7 +73,7 @@ It is also necessary to enable the Remote Registry Service on the Activity Agent For integration between the Activity Monitor and Enterprise Auditor, the credential used by Enterprise Auditor to read the activity log files must have also have this permission. -NetApp Data ONTAP Cluster-Mode Device Requirements +**NetApp Data ONTAP Cluster-Mode Device Requirements** An FPolicy must be configured on the target device for Activity Auditing (FSAC) scans. A tailored FPolicy is recommended as it decreases the impact on the NetApp device. The credential associated @@ -113,7 +116,7 @@ See the [NetApp Data ONTAP Cluster-Mode Activity Auditing Configuration](/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/netappcmode/activity/activity.md) topic for instructions. -Activity Monitor Archive Location +**Activity Monitor Archive Location** If the activity log files are being archived, configurable within the Netwrix Activity Monitor Console, then the credential used by Enterprise Auditor to read the activity log files must also @@ -148,9 +151,12 @@ Agent server and the target NetApp Data ONTAP Cluster-Mode device: \*Only required if using the FPolicy Configuration and FPolicy Enable and Connect options in Activity Monitor. -**NOTE:** If either HTTP or HTTPS are not enabled, the FPolicy on the NetApp Data ONTAP 7-Mode +:::note +If either HTTP or HTTPS are not enabled, the FPolicy on the NetApp Data ONTAP 7-Mode device must be configured manually. Also, the External Engine will not reconnect automatically in the case of a server reboot or service restart. +::: + Additional Firewall Rules for Integration between Enterprise Auditor and Activity Monitor diff --git a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/nutanix/activity.md b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/nutanix/activity.md index 42e7271765..c6906b4b39 100644 --- a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/nutanix/activity.md +++ b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/nutanix/activity.md @@ -14,5 +14,8 @@ of this user. In the Nutanix Files server, select **Configuration** > **Manage R REST API access users section, click **New User** to create a new user. Specify the username and the password. -**NOTE:** The user credentials created here are used when adding a Nutanix file server in Activity +:::note +The user credentials created here are used when adding a Nutanix file server in Activity Monitor. + +::: diff --git a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/nutanix/overview.md b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/nutanix/overview.md index bc5494f1da..1445c90d3c 100644 --- a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/nutanix/overview.md +++ b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/nutanix/overview.md @@ -22,11 +22,14 @@ See the [Nutanix Appliance Access & Sensitive Data Auditing Configuration](/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/nutanix/access.md) topic for additional information. -**NOTE:** These permissions are in addition to those needed to either deploy applet scans for +:::note +These permissions are in addition to those needed to either deploy applet scans for running scans in proxy mode with applet or installing the File System Proxy Service Permissions for running scans in proxy mode as a service. See the [File System Scan Options](/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/scanoptions.md) topic for additional information. +::: + ## Access & Sensitive Data Auditing Port Requirements @@ -56,7 +59,7 @@ port range, which cannot be specified via an inbound rule. For more information, [Connecting to WMI on a Remote Computer](https://msdn.microsoft.com/en-us/library/windows/desktop/aa389290(v=vs.85).aspx) article. -Additional Firewall Rules for Nutanix Appliances +**Additional Firewall Rules for Nutanix Appliances** The following firewall settings are required for communication between the Activity Monitor Activity Agent server and the target Nutanix device: diff --git a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/qumulo/activity.md b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/qumulo/activity.md index fa740b7e12..9dedbfce85 100644 --- a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/qumulo/activity.md +++ b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/qumulo/activity.md @@ -44,13 +44,13 @@ The command will ask for the password. **Step 3 –** Execute the following command to check current format: -qq audit_get_syslog_config +**qq audit_get_syslog_config** The format will be shown in the **format** field. The old format is **csv**; the new format is **json**. **Step 4 –** Execute the following command to change the format, if needed: -qq audit_set_syslog_config --json +**qq audit_set_syslog_config --json** The change willshould be reflected in the **format** field. diff --git a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/qumulo/overview.md b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/qumulo/overview.md index 21f95fd633..909948f96b 100644 --- a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/qumulo/overview.md +++ b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/qumulo/overview.md @@ -18,11 +18,14 @@ target host: - Group membership in the Data-Administrators role -**NOTE:** These permissions are in addition to those needed to either deploy applet scans for +:::note +These permissions are in addition to those needed to either deploy applet scans for running scans in proxy mode with applet or installing the File System Proxy Service Permissions for running scans in proxy mode as a service. See the [File System Scan Options](/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/scanoptions.md) topic for additional information. +::: + ## Access & Sensitive Data Auditing Port Requirements @@ -53,7 +56,7 @@ port range, which cannot be specified via an inbound rule. For more information, [Connecting to WMI on a Remote Computer](https://msdn.microsoft.com/en-us/library/windows/desktop/aa389290(v=vs.85).aspx) article. -Additional Firewall Rules for Qumulo Devices +**Additional Firewall Rules for Qumulo Devices** The following firewall settings are required for communication between the Activity Monitor Activity Agent server and the target Qumulo device: diff --git a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/windowsfile/access.md b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/windowsfile/access.md index 9d2ca9bdbf..f6c6843689 100644 --- a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/windowsfile/access.md +++ b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/windowsfile/access.md @@ -20,8 +20,11 @@ Namespaces. The permissions necessary to collect file system data from a Windows File System Cluster must be set for all nodes that comprise the cluster. -**NOTE:** It is necessary to target the Windows File Server Cluster (name of the cluster) of +:::note +It is necessary to target the Windows File Server Cluster (name of the cluster) of interest when running a File System scan against a Windows File System Cluster. +::: + Configure credentials on all cluster nodes according to the Windows Operating Systems required permissions for the desired scan mode with these additional considerations: @@ -44,13 +47,16 @@ permissions for the desired scan mode with these additional considerations: Additionally, the credential used within the Connection Profile must have rights to remotely access the registry on each individual cluster node. -_Remember,_ Remote Registry Service must be enabled on all nodes that comprise the cluster. +:::tip +Remember, Remote Registry Service must be enabled on all nodes that comprise the cluster. Configure the credential(s) with the following rights on all nodes: +::: + - Group membership in the local Administrators group - Granted the “Log on as a batch” privilege -Host List Consideration +**Host List Consideration** It is necessary to target the Windows File Server Cluster (name of the cluster) of interest when running a File System scan against a Windows File System Cluster. Within the Master Host Table, @@ -74,7 +80,7 @@ StealthAUDIT Master Host Table: `ExampleCluster1`, `ExampleNodeA`, `ExampleNodeB `WinCluster` column: `ExampleCluster1`. Only the `ExampleCluster1` host would be in the host list targeted by the File System scans. -Sensitive Data Discovery Scans +**Sensitive Data Discovery Scans** For Sensitive Data Discovery Auditing scans on a Windows File System Cluster it is necessary for the credential to also have Group membership in both of the following local groups for all nodes which @@ -83,7 +89,7 @@ comprise the cluster: - Power Users - Backup Operators -Activity Auditing Scans +**Activity Auditing Scans** The Netwrix Activity Monitor must deploy an Activity Agent on all nodes that comprise the Windows File System Cluster. The Activity Agent generates activity log files stored on each node. Enterprise @@ -104,7 +110,7 @@ configure the Host Mapping option. This provides a method for mapping between th the hosts where activity logs reside. However, this feature requires **advanced SQL scripting knowledge** to build the query. -Membership in the local Administrators group +**Membership in the local Administrators group** ### Least Privilege Permission Model for Windows Cluster @@ -127,12 +133,12 @@ namespace(s). Then assign the custom host list to the 0-FSDFS System Scans Job. list is require for the FileSystem > 0.Collection Job Group unless additional file servers are also being targeted. -DFS as Part of a Windows Cluster Consideration +**DFS as Part of a Windows Cluster Consideration** If the DFS hosting server is part of a Windows Cluster, then the Windows File System Clusters requirements must be included with the credential. -DFS and Activity Auditing Consideration +**DFS and Activity Auditing Consideration** For activity monitoring, the Netwrix Activity Monitor must have a deployed Activity Agent on all DFS servers identified by the 0-FSDFS System Scans Job and populated into the dynamic host list. See the diff --git a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/windowsfile/activity.md b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/windowsfile/activity.md index 65ddd29cbe..acb0c98551 100644 --- a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/windowsfile/activity.md +++ b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/windowsfile/activity.md @@ -33,8 +33,11 @@ Auditor, this must be an exact match to the name of the cluster in the Master Ho In order to monitor activity on DFS Namespaces, an Activity Agent needs to be deployed on all DFS servers. -**NOTE:** The FileSystem > 0.Collection > 0-FSDFS System Scans Job in Netwrix Enterprise Auditor can +:::note +The FileSystem > 0.Collection > 0-FSDFS System Scans Job in Netwrix Enterprise Auditor can be used to identify all DFS servers. +::: + The credential used to deploy the Activity Agent must have the following permissions on the server: diff --git a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/windowsfile/overview.md b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/windowsfile/overview.md index 22ac8a1caf..2dc4e194fd 100644 --- a/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/windowsfile/overview.md +++ b/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/windowsfile/overview.md @@ -17,13 +17,13 @@ Auditing (FSAC) scans. [File System Supported Platforms](/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/filesystems.md) topic for additional information. -Windows File System Cluster Requirements +**Windows File System Cluster Requirements** See the [Windows File Server Access & Sensitive Data Auditing Configuration](/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/windowsfile/access.md) topic for instructions. -Windows File System DFS Namespaces Requirements +**Windows File System DFS Namespaces Requirements** See the [Windows File Server Access & Sensitive Data Auditing Configuration](/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/windowsfile/access.md) @@ -53,19 +53,19 @@ It is also necessary to enable the Remote Registry Service on the Activity Agent For integration between the Activity Monitor and Enterprise Auditor, the credential used by Enterprise Auditor to read the activity log files must have also have this permission. -Windows File System Cluster Requirements +**Windows File System Cluster Requirements** See the [Windows File Server Activity Auditing Configuration](/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/windowsfile/activity.md) topic for instructions. -Windows File System DFS Namespaces Requirements +**Windows File System DFS Namespaces Requirements** See the [Windows File Server Activity Auditing Configuration](/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/windowsfile/activity.md) topic for instructions. -Activity Monitor Archive Location +**Activity Monitor Archive Location** If the activity log files are being archived, configurable within the Netwrix Activity Monitor Console, then the credential used by Enterprise Auditor to read the activity log files must also diff --git a/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/appletmodescans/appletmodepermissions.md b/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/appletmodescans/appletmodepermissions.md index 6364ef02ac..003803a41a 100644 --- a/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/appletmodescans/appletmodepermissions.md +++ b/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/appletmodescans/appletmodepermissions.md @@ -28,12 +28,18 @@ server. This is required by either the user account running the Enterprise Audit manually executing jobs within the console, or the Schedule Service Account assigned within Enterprise Auditor, when running jobs as a scheduled tasks. -_Remember,_ Remote Registry Service must be enabled on the host where the applet is deployed (for +:::tip +Remember, Remote Registry Service must be enabled on the host where the applet is deployed (for Applet Mode or Proxy Mode with Applet scans) to determine the system platform and where to deploy the applet. +::: -**CAUTION:** The local policy, “Network access: Do not allow storage of passwords and credentials + +:::warning +The local policy, “Network access: Do not allow storage of passwords and credentials for network authentication” must be disabled in order for the applet to start. +::: + Sensitive Data Discovery Auditing scans also require .NET Framework 4.7.2 or later. to be installed on the server where the applet is to be deployed in order for Sensitive Data Discovery collections diff --git a/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/appletmodescans/appletmodeports.md b/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/appletmodescans/appletmodeports.md index 59f7f6770e..d2d362b931 100644 --- a/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/appletmodescans/appletmodeports.md +++ b/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/appletmodescans/appletmodeports.md @@ -16,8 +16,14 @@ Auditor and the host: | Between Enterprise Auditor Console and Windows Server | TCP | 8767 | FSAA Applet Certificate Exchange | | Between Enterprise Auditor Console and Windows Server | TCP | 8766 | FSAA Applet HTTPS communication security | -**NOTE:** The FSAA applet https requests configuration port 8766 and the FSAA Applet Certificate +:::note +The FSAA applet https requests configuration port 8766 and the FSAA Applet Certificate Exchange port 8767 can be customized on the Applet Settings page of the File System Access Auditor Data Collector Wizard. +::: -**_RECOMMENDED:_** Configure target hosts to respond to ping requests. + +:::info +Configure target hosts to respond to ping requests. + +::: diff --git a/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/proxymodescans/asaservice/proxymodeservicepermissions.md b/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/proxymodescans/asaservice/proxymodeservicepermissions.md index a931948d76..7ea9cd00f5 100644 --- a/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/proxymodescans/asaservice/proxymodeservicepermissions.md +++ b/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/proxymodescans/asaservice/proxymodeservicepermissions.md @@ -24,7 +24,7 @@ The secure communication is configured during the installation of the service on The credential provided for the secure communications in the installation wizard is also added to the Enterprise Auditor Connection Profile assigned to the File System Solution. -File System Proxy Service Credentials +**File System Proxy Service Credentials** The service can be run either as LocalSystem or with a domain account supplied during the installation of the File System Proxy Service with the following permission on the proxy server: @@ -38,7 +38,7 @@ installation of the File System Proxy Service with the following permission on t Additionally, the credential must have `WRITE` access to the `…\StealthAUDIT\FSAA` folder in the installation directory. -Windows File Server Target Host Credentials +**Windows File Server Target Host Credentials** Configure the credential(s) with the following rights on the Windows host(s): @@ -55,7 +55,7 @@ For Windows Server target hosts, the credential also requires: In order to collect data on administrative shares and local policies (logon policies) for a Windows target, the credential must have group membership in the local Administrators group. -Sensitive Data Discovery Auditing Consideration +**Sensitive Data Discovery Auditing Consideration** The Sensitive Data Discovery Add-on must be installed on the proxy server. This requirement is in addition to having the Sensitive Data Discovery Add-on installed on the Enterprise Auditor Console @@ -65,7 +65,7 @@ RAM. Each thread requires a minimum of 2 additional GB of RAM per host.. By defa configured to run two concurrent threads. For example, if the job is configured to scan 8 hosts at a time with two concurrent SDD threads, then an extra 32 GB of RAM are required (8x2x2=32). -Secure Proxy Communication Considerations +**Secure Proxy Communication Considerations** For secure proxy communication via https, a credential is supplied during installation to provide secure communications between the Enterprise Auditor server and the proxy server. This credential @@ -73,7 +73,7 @@ must be a domain account, but no additional permissions are required. It is reco same domain account configured to run the proxy service as a credential in the Connection Profile to be used by the File System Solution -Secure Proxy Communication and Certificate Exchange +**Secure Proxy Communication and Certificate Exchange** For Proxy Mode as a Service Scans, the certificate exchange mechanism and certificate exchange port must be configured via the File System Access Auditing Data Collector Wizard prior to executing a @@ -81,7 +81,7 @@ scan. See the [FSAA Applet Certificate Management Overview](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/certificatemanagement/certificatemanagement.md) topic for additional information. -Enterprise Auditor Connection Profile +**Enterprise Auditor Connection Profile** When running Access Auditing (FSAA) and/or Sensitive Data Discovery Auditing scans, the credentials within the Connection Profile assigned to the File System scans must be properly configured as diff --git a/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/proxymodescans/asaservice/proxymodeserviceports.md b/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/proxymodescans/asaservice/proxymodeserviceports.md index 61a62e759f..4c1658ad19 100644 --- a/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/proxymodescans/asaservice/proxymodeserviceports.md +++ b/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/proxymodescans/asaservice/proxymodeserviceports.md @@ -15,9 +15,12 @@ Enterprise Auditor and the proxy server: | Between Enterprise Auditor Console and Windows Proxy Server | TCP | 8766 | FSAA Applet HTTPS communication security | | Between Enterprise Auditor Console and Windows Proxy Server | TCP | 8767 | FSAA Applet Certificate Exchange | -**NOTE:** The FSAA applet https requests configuration port 8766 and the FSAA Applet Certificate +:::note +The FSAA applet https requests configuration port 8766 and the FSAA Applet Certificate Exchange port 8767 can be customized on the Applet Settings page of the File System Access Auditor Data Collector Wizard. +::: + The following are the firewall settings are required when executing the Access Auditing (FSAA) and/or Sensitive Data Discovery Auditing scans in proxy mode as a service for communication between @@ -29,10 +32,13 @@ the proxy server and the target host: #### Additional Firewall Rules for NetApp Data ONTAP Devices -_Remember,_ NetApp communication security is configured on the Scan Settings page of the File System +:::tip +Remember, NetApp communication security is configured on the Scan Settings page of the File System Access Auditor Data Collector Wizard. One additional firewall setting is required when targeting either a NetApp Data ONTAP 7-Mode device or a NetApp Data ONTAP Cluster-mode device. The required setting is dependent upon how the NetApp communication security option is configured: +::: + | Communication Direction | Protocol | Ports | Description | | ------------------------------------------- | -------- | ----- | ----------------------------------- | @@ -47,4 +53,7 @@ The following firewall setting is also required when targeting a Windows file se | -------------------------------------------- | -------- | ----- | -------------------------- | | Enterprise Auditor Console to Windows Server | TCP | 135 | for pre-scan access checks | -**_RECOMMENDED:_** Configure target hosts to respond to ping requests. +:::info +Configure target hosts to respond to ping requests. + +::: diff --git a/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/proxymodescans/proxymodeserver.md b/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/proxymodescans/proxymodeserver.md index fa72576a59..995ae52b86 100644 --- a/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/proxymodescans/proxymodeserver.md +++ b/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/proxymodescans/proxymodeserver.md @@ -9,8 +9,11 @@ sidebar_position: 10 The Enterprise Auditor File System Proxy requirements apply for servers where either the service is installed or the applet will be deployed unless otherwise stated. -**NOTE:** Align the proxy server requirements to match the environment size the proxy server will be +:::note +Align the proxy server requirements to match the environment size the proxy server will be handling. +::: + The server can be physical or virtual. The requirements for Enterprise Auditor are: @@ -19,15 +22,18 @@ The server can be physical or virtual. The requirements for Enterprise Auditor a - US English language installation - Domain member -RAM, CPU, and Disk Space +**RAM, CPU, and Disk Space** RAM, CPU, and Disk Space are dependent upon the size of the target environment: -**CAUTION:** If running Sensitive Data Discovery (SDD) scans, it will be necessary to increase the +:::warning +If running Sensitive Data Discovery (SDD) scans, it will be necessary to increase the minimum amount of RAM. Each thread requires a minimum of 2 additional GB of RAM per host. By default, SDD scans are configured to run two concurrent threads. For example, if the job is configured to scan 8 hosts at a time with two concurrent SDD threads, then an extra 32 GB of RAM are required (8x2x2=32). +::: + - Enterprise Environment (800 million+ files and folders) @@ -77,30 +83,39 @@ permission collection + 1.25 GB for tag collection (10x125 MB) + 100 GB for sens collection (200x500 MB) + 600 GB additional for sensitive data collection (10% of 6 TB) = 861.25 GB Disk Space. -Additional Server Requirements +**Additional Server Requirements** The following are additional requirements for the server: - .NET Framework 4.7.2 Installed - **NOTE:** .NET Framework 4.7.2 can be downloaded from the link in the Microsoft + :::note + .NET Framework 4.7.2 can be downloaded from the link in the Microsoft [.NET Framework 4.7.2 offline installer for Windows](https://support.microsoft.com/en-us/topic/microsoft-net-framework-4-7-2-offline-installer-for-windows-05a72734-2127-a15d-50cf-daf56d5faec2) article. + ::: + - Remote Registry Service enabled - **NOTE:** The Remote Registry Service only needs to be enabled when running Applet Mode or Proxy + :::note + The Remote Registry Service only needs to be enabled when running Applet Mode or Proxy Mode with Applet scans. + ::: -Sensitive Data Discovery Auditing + +**Sensitive Data Discovery Auditing** The following is required to run Sensitive Data Discovery scans: - Sensitive Data Discovery Add-On installed on the proxy server -**NOTE:** The Sensitive Data Discovery Add-on installation package installs the appropriate JDK +:::note +The Sensitive Data Discovery Add-on installation package installs the appropriate JDK (Java) version on the server. The JDK deployed is prepackaged and does not require any configuration. It will not conflict with other JDKs or Java Runtimes in the same environment. +::: + See the following topics for additional information, based on the type of proxy mode you plan to use: diff --git a/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/proxymodescans/withapplet/proxymodeappletpermissions.md b/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/proxymodescans/withapplet/proxymodeappletpermissions.md index 7e8f52e593..c03fadfc31 100644 --- a/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/proxymodescans/withapplet/proxymodeappletpermissions.md +++ b/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/proxymodescans/withapplet/proxymodeappletpermissions.md @@ -34,12 +34,18 @@ is required by either the user account running the Enterprise Auditor applicatio executing jobs within the console, or the Schedule Service Account assigned within Enterprise Auditor, when running jobs as a scheduled tasks. -_Remember,_ Remote Registry Service must be enabled on the host where the applet is deployed (for +:::tip +Remember, Remote Registry Service must be enabled on the host where the applet is deployed (for Applet Mode or Proxy Mode with Applet scans) to determine the system platform and where to deploy the applet. +::: -**CAUTION:** The local policy, “Network access: Do not allow storage of passwords and credentials + +:::warning +The local policy, “Network access: Do not allow storage of passwords and credentials for network authentication” must be disabled in order for the applet to start. +::: + Configure the credential(s) with the following rights on the Windows host(s): @@ -67,7 +73,7 @@ See the [Proxy Mode with Applet Port Requirements](/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/proxymodescans/withapplet/proxymodeappletports.md) topic for firewall rule information. -Secure Proxy Communication Considerations +**Secure Proxy Communication Considerations** For Proxy Mode with Applet scans, the certificate exchange mechanism and certificate exchange port must be configured via the File System Access Auditing Data Collector Wizard prior to executing a diff --git a/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/proxymodescans/withapplet/proxymodeappletports.md b/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/proxymodescans/withapplet/proxymodeappletports.md index ecfe33afda..5ca6e91edc 100644 --- a/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/proxymodescans/withapplet/proxymodeappletports.md +++ b/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/proxymodescans/withapplet/proxymodeappletports.md @@ -16,9 +16,12 @@ Enterprise Auditor and the proxy server: | Between Enterprise Auditor Console and Windows Proxy Server | TCP | 8767 | FSAA Applet Certificate Exchange | | Between Enterprise Auditor Console and Windows Server | TCP | 8766 | FSAA Applet HTTPS communication security | -**NOTE:** The FSAA applet https requests configuration port 8766 and the FSAA Applet Certificate +:::note +The FSAA applet https requests configuration port 8766 and the FSAA Applet Certificate Exchange port 8767 can be customized on the Applet Settings page of the File System Access Auditor Data Collector Wizard. +::: + The following are the firewall settings are required when executing the Access Auditing (FSAA) and/or Sensitive Data Discovery Auditing scans in proxy mode with applet for communication between @@ -30,10 +33,13 @@ the proxy server and the target host: ## Additional Firewall Rules for NetApp Data ONTAP Devices -_Remember,_ NetApp communication security is configured on the Scan Settings page of the File System +:::tip +Remember, NetApp communication security is configured on the Scan Settings page of the File System Access Auditor Data Collector Wizard. One additional firewall setting is required when targeting either a NetApp Data ONTAP 7-Mode device or a NetApp Data ONTAP Cluster-Mode device. The required setting is dependent upon how the NetApp communication security option is configured: +::: + | Communication Direction | Protocol | Ports | Description | | ------------------------------------------- | -------- | ----- | ----------------------------------- | @@ -48,4 +54,7 @@ The following firewall setting is also required when targeting a Windows file se | -------------------------------------------- | -------- | ----- | -------------------------- | | Enterprise Auditor Console to Windows Server | TCP | 135 | for pre-scan access checks | -**_RECOMMENDED:_** Configure target hosts to respond to ping requests. +:::info +Configure target hosts to respond to ping requests. + +::: diff --git a/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/scanoptions.md b/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/scanoptions.md index d7ae5ffefb..9fbb93e0ea 100644 --- a/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/scanoptions.md +++ b/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/scanoptions.md @@ -34,8 +34,11 @@ See the following topics for additional information: ## Applet Mode -**CAUTION:** The local policy, “Network access: Do not allow storage of passwords and credentials +:::warning +The local policy, “Network access: Do not allow storage of passwords and credentials for network authentication” must be disabled in order for the applet to start. +::: + When File System scans are run in applet mode, it means the File System applet is deployed to the target host when the job is executed to conduct data collection. However, the applet can only be @@ -58,8 +61,11 @@ See the following topics for additional information: ## Proxy Mode with Applet -**CAUTION:** The local policy, “Network access: Do not allow storage of passwords and credentials +:::warning +The local policy, “Network access: Do not allow storage of passwords and credentials for network authentication” must be disabled in order for the applet to start. +::: + When File System scans are run in proxy mode with applet, it means the File System applet is deployed to the Windows proxy server when the job is executed to conduct data collection. The data diff --git a/docs/accessanalyzer/11.6/requirements/overview.md b/docs/accessanalyzer/11.6/requirements/overview.md index 39a9673a78..e8863beb45 100644 --- a/docs/accessanalyzer/11.6/requirements/overview.md +++ b/docs/accessanalyzer/11.6/requirements/overview.md @@ -15,7 +15,7 @@ exceptions are covered. The following servers and applications are required for installation of the application: -Core Components +**Core Components** - Enterprise Auditor Console Server – This is where the v11.6 application is installed. - SQL Server for Enterprise Auditor Database – As a data-intensive application, a well-provisioned, @@ -24,10 +24,13 @@ Core Components Enterprise Auditor Console server and is a browser-based, interactive dashboard for exploring permissions, activity, and sensitive data. - **NOTE:** The Access Information Center is often installed on the same server as the Enterprise + :::note + The Access Information Center is often installed on the same server as the Enterprise Auditor application, but it can be installed separately. + ::: -Add-on Component + +**Add-on Component** - Enterprise Auditor Sensitive Data Discovery Add-On – This application is installed on the Enterprise Auditor Console server as an add-on enabling Sensitive Data criteria for scans. In some @@ -35,12 +38,12 @@ Add-on Component [Sensitive Data Discovery Add-On Installation](/docs/accessanalyzer/11.6/install/sensitivedatadiscovery/overview.md) topic for additional information. -Exchange Solution-Specific Components +**Exchange Solution-Specific Components** - Enterprise Auditor MAPI CDO – This application is installed on the Enterprise Auditor Console server to enable the Settings > Exchange global configuration interface within Enterprise Auditor. -File System Solution-Specific Components +**File System Solution-Specific Components** - Enterprise Auditor File System Proxy Server – In certain environments, a proxy server may be utilized to scan hosts in remote or firewalled sites to increase scan capacity in large @@ -53,7 +56,7 @@ File System Solution-Specific Components system proxy server where the File System Proxy Service is installed as an add-on enabling Sensitive Data criteria for scans. -SharePoint Solution-Specific Components +**SharePoint Solution-Specific Components** - Enterprise Auditor SharePoint Agent Server – For agent-based scans, this application can be installed on the SharePoint application server that hosts the “Central Administration” component @@ -65,7 +68,7 @@ SharePoint Solution-Specific Components server where the Enterprise Auditor SharePoint Agent is installed as an add-on enabling Sensitive Data criteria for scans. -Activity Event Data Considerations +**Activity Event Data Considerations** - Netwrix Activity Monitor – Enterprise Auditor depends upon integration with the Activity Monitor for monitored event data for several solutions. See the @@ -77,7 +80,7 @@ Activity Event Data Considerations [Netwrix Threat Prevention Documentation](https://helpcenter.netwrix.com/category/threatprevention) for installation requirements and information on collecting activity data. -Target Environment Considerations +**Target Environment Considerations** The target environment encompasses all servers, devices, or infrastructure to be audited by Enterprise Auditor. Most solutions have additional target requirements. @@ -93,7 +96,7 @@ Additionally the server must meet these requirements: - US English language installation - Domain member -RAM, CPU, and Disk Space +**RAM, CPU, and Disk Space** These are dependent upon the size of the target environment. See the following topics for additional: @@ -104,14 +107,14 @@ additional: - [Box Solution Requirements on the Enterprise Auditor Console](/docs/accessanalyzer/11.6/requirements/box/box.md#box-solution-requirements-on-the-enterprise-auditor-console) - [Databases Solution Requirements on the Enterprise Auditor Console](/docs/accessanalyzer/11.6/requirements/databases/databases.md#databases-solution-requirements-on-the-enterprise-auditor-console) - [Dropbox Solution Requirements on the Enterprise Auditor Console](/docs/accessanalyzer/11.6/requirements/dropbox/dropbox.md#dropbox-solution-requirements-on-the-enterprise-auditor-console) -- [Entra ID Solution Requirements on the Enterprise Auditor Console](/docs/accessanalyzer/11.6/requirements/entraid/entraid.md#entra-idsolution-requirements-on-the-enterprise-auditor-console) +- [Entra ID Solution Requirements on the Enterprise Auditor Console](/docs/accessanalyzer/11.6/requirements/entraid/entraid.md#entra-id-solution-requirements-on-the-enterprise-auditor-console) - [Exchange Solution Requirements on the Enterprise Auditor Console](/docs/accessanalyzer/11.6/requirements/exchange/exchange.md#exchange-solution-requirements-on-the-enterprise-auditor-console) - [File System Solution Requirements on the Enterprise Auditor Console ](/docs/accessanalyzer/11.6/requirements/filesystem/filesystem.md#file-system-solution-requirements-on-the-enterprise-auditor-console) - [SharePoint Solution Requirements on the Enterprise Auditor Console](/docs/accessanalyzer/11.6/requirements/sharepoint/sharepoint.md#sharepoint-solution-requirements-on-the-enterprise-auditor-console) - [Unix Solution Requirements on the Enterprise Auditor Console](/docs/accessanalyzer/11.6/requirements/unix/unix.md#unix-solution-requirements-on-the-enterprise-auditor-console) - [Windows Solution Requirements on the Enterprise Auditor Console](/docs/accessanalyzer/11.6/requirements/windows/windows.md#windows-solution-requirements-on-the-enterprise-auditor-console) -Additional Server Requirements +**Additional Server Requirements** The following are additional requirements for the Console server: @@ -121,7 +124,7 @@ The following are additional requirements for the Console server: - Microsoft SQL Server supports TLS 1.2, which requires the Enterprise Auditor Console server to have either SQL Server Native Client 11 or Microsoft OleDB 18 installed -Additional Server Considerations +**Additional Server Considerations** The following are recommended for the Console server: @@ -129,15 +132,18 @@ The following are recommended for the Console server: - SQL Server Management Studio installed (Optional) - Font "arial-unicode-ms" installed (Needed for report Unicode character support) -Permissions for Installation +**Permissions for Installation** The following permissions are required to install and use the application: - Membership in the local Administrators group for the Enterprise Auditor Console server - **NOTE:** Role based access can be enabled for a least privilege user model. + :::note + Role based access can be enabled for a least privilege user model. + ::: + -Supported Browsers +**Supported Browsers** The following is a list of supported browsers for the Web Console and the Access Information Center: @@ -156,7 +162,7 @@ Additionally the server must meet this requirement: - US English language installation -RAM, CPU, and Disk Space +**RAM, CPU, and Disk Space** These are dependent upon the size of the target environment. See the following topics for additional: @@ -173,14 +179,14 @@ additional: - [Unix Solution Requirements on the SQL Server](/docs/accessanalyzer/11.6/requirements/unix/unix.md#unix-solution-requirements-on-the-sql-server) - [Windows Solution Requirements on the SQL Server](/docs/accessanalyzer/11.6/requirements/windows/windows.md#windows-solution-requirements-on-the-sql-server) -Additional Server Requirements +**Additional Server Requirements** The following are additional requirements for the SQL Server: - SQL Server must be equal or newer version than the version to be targeted - All SQL Server databases configured to use ‘Simple Recovery Model’ -Additional Server Considerations +**Additional Server Considerations** The following additional considerations are recommended for the SQL Server: @@ -192,7 +198,7 @@ The following additional considerations are recommended for the SQL Server: have either SQL Server Native Client 11 or Microsoft OleDB 18 installed. - _Optional_: SQL Server Management Studio installed on the Enterprise Auditor Console server -Database Permissions +**Database Permissions** The following permissions are required on the databases: diff --git a/docs/accessanalyzer/11.6/requirements/sharepoint/scanoptions/agentbasedscans/agentpermissions.md b/docs/accessanalyzer/11.6/requirements/sharepoint/scanoptions/agentbasedscans/agentpermissions.md index bf39be26c8..437cdd76c1 100644 --- a/docs/accessanalyzer/11.6/requirements/sharepoint/scanoptions/agentbasedscans/agentpermissions.md +++ b/docs/accessanalyzer/11.6/requirements/sharepoint/scanoptions/agentbasedscans/agentpermissions.md @@ -21,14 +21,14 @@ The Enterprise Auditor SharePoint Agent needs to be installed on the: - SharePoint® 2013 through SharePoint® 2019 - Windows® Server 2012 through Windows® Server 2022 -Additional Server Requirements +**Additional Server Requirements** The following are additional requirements for the Enterprise Auditor SharePoint Agent server: - .NET Framework 4.8 installed - Port Sharing network feature -Sensitive Data Discovery Auditing Requirement +**Sensitive Data Discovery Auditing Requirement** In addition to having the Sensitive Data Discovery Add-on be installed on the Enterprise Auditor Console server, The following is required to run Sensitive Data Discovery scans: @@ -37,11 +37,14 @@ Console server, The following is required to run Sensitive Data Discovery scans: Agent server - .NET Framework 4.7.2 or later -**NOTE:** The Sensitive Data Discovery Add-on installation package installs the appropriate JDK +:::note +The Sensitive Data Discovery Add-on installation package installs the appropriate JDK (Java) version on the server. The JDK deployed is prepackaged and does not require any configuration; it has been preconfigured to work with Enterprise Auditor and should never be customized through Java. It will not conflict with other JDKs or Java Runtimes in the same environment. +::: + If running Sensitive Data Discovery (SDD) scans, it will be necessary to increase the minimum amount of RAM. Each thread requires a minimum of 2 additional GB of RAM per host. For example, if the job @@ -159,7 +162,10 @@ account with the following permissions in order to collect all of the data: - WSS_CONTENT_APPLICATION_POOLS on the SharePoint Content databases - WSS_CONTENT_APPLICATION_POOLS on the SharePoint Configuration database -**NOTE:** If scans include Web Application scoping, this last permission requirement is already met. +:::note +If scans include Web Application scoping, this last permission requirement is already met. +::: + ## SharePoint Agent-Based Least Privilege Permission Model @@ -223,8 +229,11 @@ account with the following permissions in order to collect all of the data: - `proc_getDependentObjectsByBaseClass` - `proc_ReturnWebFeatures` - **NOTE:** The above four stored procedures would already have the correct permissions if Web + :::note + The above four stored procedures would already have the correct permissions if Web Application scoping is desired. + ::: + - `[dbo].proc_getSiteName` - `[dbo].proc_getSiteMap` diff --git a/docs/accessanalyzer/11.6/requirements/sharepoint/scanoptions/agentlessscans/onlinepermissions.md b/docs/accessanalyzer/11.6/requirements/sharepoint/scanoptions/agentlessscans/onlinepermissions.md index 3af6e3422e..fc80489c23 100644 --- a/docs/accessanalyzer/11.6/requirements/sharepoint/scanoptions/agentlessscans/onlinepermissions.md +++ b/docs/accessanalyzer/11.6/requirements/sharepoint/scanoptions/agentlessscans/onlinepermissions.md @@ -14,14 +14,14 @@ Console server across the network. The SharePoint agent-less scan architecture uses modern authentication in the target environment: -Tenant Global Administrator Role +**Tenant Global Administrator Role** - Tenant Global Administrator role is required to provision the application - Modern authentication enables Enterprise Auditor to scan SharePoint Online and all OneDrives in the target environment -Permissions for Microsoft Graph APIs +**Permissions for Microsoft Graph APIs** - Application Permissions: @@ -50,7 +50,7 @@ Permissions for Microsoft Graph APIs - Group.Read.All – Read all groups - User.Read.All – Read all users' full profiles -Permissions for Office 365 Management APIs +**Permissions for Office 365 Management APIs** - Application Permissions: @@ -58,7 +58,7 @@ Permissions for Office 365 Management APIs - ActivityFeed.ReadDlp – Read DLP policy events including detected sensitive data - ServiceHealth.Read – Read service health information for your organization -Permissions for SharePoint APIs +**Permissions for SharePoint APIs** - Application Permissions: diff --git a/docs/accessanalyzer/11.6/requirements/sharepoint/scanoptions/scanoptions.md b/docs/accessanalyzer/11.6/requirements/sharepoint/scanoptions/scanoptions.md index d92a4f9a0c..255995711d 100644 --- a/docs/accessanalyzer/11.6/requirements/sharepoint/scanoptions/scanoptions.md +++ b/docs/accessanalyzer/11.6/requirements/sharepoint/scanoptions/scanoptions.md @@ -23,7 +23,10 @@ conducted by the SharePoint Agent for the target environment. The final step in to transfer the data collected in the SQLite databases, or Tier 2 databases, on the Enterprise Auditor SharePoint Agent server back to the Enterprise Auditor Console server. -**NOTE:** Agent-based scans can only target on-premise environments. +:::note +Agent-based scans can only target on-premise environments. +::: + See the following topics for additional information: @@ -35,8 +38,11 @@ See the following topics for additional information: When SharePoint agent-less scans are run, it means all of the data collection processing is conducted by the Enterprise Auditor Console server across the network. -**NOTE:** Agent-less scans can target both on-premise and online environments. This is the only scan +:::note +Agent-less scans can target both on-premise and online environments. This is the only scan mode that can run Activity Auditing (SPAC) scans. +::: + For Activity Auditing (SPAC) scans, target the server where the Netwrix Activity Monitor has a deployed activity agent. diff --git a/docs/accessanalyzer/11.6/requirements/sharepoint/sharepoint.md b/docs/accessanalyzer/11.6/requirements/sharepoint/sharepoint.md index e6c4017065..7e59dc0d48 100644 --- a/docs/accessanalyzer/11.6/requirements/sharepoint/sharepoint.md +++ b/docs/accessanalyzer/11.6/requirements/sharepoint/sharepoint.md @@ -21,32 +21,44 @@ activity data to be scanned. See the [Netwrix Activity Monitor Documentation](https://helpcenter.netwrix.com/category/activitymonitor) for installation requirements and information on collecting activity data. -**NOTE:** For Activity Auditing (SPAC) scans, the audit logs generated by SharePoint must be +:::note +For Activity Auditing (SPAC) scans, the audit logs generated by SharePoint must be retained for more days than the number of days between the Enterprise Auditor scans. +::: -**_RECOMMENDED:_** When configuring the Netwrix Activity Monitor, select all events to be monitored + +:::info +When configuring the Netwrix Activity Monitor, select all events to be monitored in both the Documents and Items section and the List, Libraries, and Site section. +::: + The Sensitive Data Discovery Add-On must be installed on the Enterprise Auditor Console server, which enables Sensitive Data criteria for scans. -**NOTE:** If the Enterprise Auditor SharePoint Agent scan option is used, it is also be necessary +:::note +If the Enterprise Auditor SharePoint Agent scan option is used, it is also be necessary for the Sensitive Data Discovery Add-On to be installed on the servers as well. +::: + See the following topics for the SharePoint Agent and the target environment requirements: - [SharePoint Scan Options](/docs/accessanalyzer/11.6/requirements/sharepoint/scanoptions/scanoptions.md) - [SharePoint Support](/docs/accessanalyzer/11.6/requirements/sharepoint/sharepoint/sharepoint.md) -**NOTE:** You can use the **SP_RegisterAzureAppAuth** instant job to make the configuration for +:::note +You can use the **SP_RegisterAzureAppAuth** instant job to make the configuration for SharePoint Online easier. This job registers the necessary Microsoft Entra ID application and provisions it with the required permissions. See the [SP_RegisterAzureAppAuth Job](/docs/accessanalyzer/11.6/admin/jobs/instantjobs/sp_registerazureappauth.md) topic for additional information. +::: + ## SharePoint Solution Requirements on the Enterprise Auditor Console -RAM, CPU, and Disk Space +**RAM, CPU, and Disk Space** These are dependent upon the size of the target environment: @@ -57,26 +69,32 @@ These are dependent upon the size of the target environment: | Cores | 8 CPU | 8 CPU | 4 CPU | 2 CPU | | Disk Space | 460 GB | 280 GB | 160 GB | 80 GB | -**NOTE:** If running Sensitive Data Discovery (SDD) scans, it will be necessary to increase the +:::note +If running Sensitive Data Discovery (SDD) scans, it will be necessary to increase the minimum amount of RAM. Each thread requires a minimum of 2 additional GB of RAM per host.For example, if the job is configured to scan 8 hosts at a time , then an extra 16 GB of RAM are required (8x2=16). +::: + -Sensitive Data Discovery Auditing Requirement +**Sensitive Data Discovery Auditing Requirement** The following is required to run Sensitive Data Discovery scans: - Sensitive Data Discovery Add-On installed on the Enterprise Auditor Console server -**NOTE:** The Sensitive Data Discovery Add-on installation package installs the appropriate JDK +:::note +The Sensitive Data Discovery Add-on installation package installs the appropriate JDK (Java) version on the server. The JDK deployed is prepackaged and does not require any configuration; it has been preconfigured to work with Enterprise Auditor and should never be customized through Java. It will not conflict with other JDKs or Java Runtimes in the same environment. +::: + ## SharePoint Solution Requirements on the SQL Server -RAM, CPU, and Disk Space +**RAM, CPU, and Disk Space** These are dependent upon the size of the target environment. diff --git a/docs/accessanalyzer/11.6/requirements/sharepoint/sharepoint/sharepoint.md b/docs/accessanalyzer/11.6/requirements/sharepoint/sharepoint/sharepoint.md index c6113150cf..e1451663de 100644 --- a/docs/accessanalyzer/11.6/requirements/sharepoint/sharepoint/sharepoint.md +++ b/docs/accessanalyzer/11.6/requirements/sharepoint/sharepoint/sharepoint.md @@ -15,7 +15,7 @@ provide activity data to various SIEM products. Ports and permissions vary based on the scan mode option selected as well as the target environment. -Data Collectors +**Data Collectors** This solution employs the following data collector to scan the target environment: @@ -23,18 +23,21 @@ This solution employs the following data collector to scan the target environmen - [AzureADInventory Data Collector](/docs/accessanalyzer/11.6/admin/datacollector/azureadinventory/overview.md) - [SharePointAccess Data Collector](/docs/accessanalyzer/11.6/admin/datacollector/spaa/overview.md) -Permissions and Ports for ADInventory Data Collector Prerequisite +**Permissions and Ports for ADInventory Data Collector Prerequisite** The following permissions are needed: - Read access to directory tree - List Contents & Read Property on the Deleted Objects Container - **NOTE:** See the Microsoft + :::note + See the Microsoft [Searching for Deleted Objects](https://technet.microsoft.com/en-us/library/cc978013.aspx) article and the Microsoft [Dsacls](https://technet.microsoft.com/en-us/library/cc771151(v=ws.11).aspx) article for additional information. + ::: + The following firewall ports are needed: @@ -42,7 +45,7 @@ The following firewall ports are needed: - TCP 135-139 - Randomly allocated high TCP ports -Permissions and Ports for AzureADInventory Data Collector Prerequisite +**Permissions and Ports for AzureADInventory Data Collector Prerequisite** The following permissions are needed: @@ -84,11 +87,14 @@ See the [SharePoint Scan Options](/docs/accessanalyzer/11.6/requirements/sharepoint/scanoptions/scanoptions.md) topic for additional information. -**NOTE:** You can use the **SP_RegisterAzureAppAuth** instant job to make the configuration for +:::note +You can use the **SP_RegisterAzureAppAuth** instant job to make the configuration for SharePoint Online easier. This job registers the necessary Microsoft Entra ID application and provisions it with the required permissions. See the [SP_RegisterAzureAppAuth Job](/docs/accessanalyzer/11.6/admin/jobs/instantjobs/sp_registerazureappauth.md) topic for additional information. +::: + ## Supported SharePoint On-Premise diff --git a/docs/accessanalyzer/11.6/requirements/sharepoint/sharepoint/sharepoint/overview.md b/docs/accessanalyzer/11.6/requirements/sharepoint/sharepoint/sharepoint/overview.md index c1be4371c9..d505668ce9 100644 --- a/docs/accessanalyzer/11.6/requirements/sharepoint/sharepoint/sharepoint/overview.md +++ b/docs/accessanalyzer/11.6/requirements/sharepoint/sharepoint/sharepoint/overview.md @@ -44,13 +44,13 @@ It is also necessary to enable the Remote Registry Service on the Activity Agent For integration between the Activity Monitor and Enterprise Auditor, the credential used by Enterprise Auditor to read the activity log files must have also have this permission. -SharePoint Requirements +**SharePoint Requirements** See the [SharePoint On-Premise Activity Auditing Configuration](/docs/accessanalyzer/11.6/requirements/sharepoint/sharepoint/sharepoint/activity.md) topic for instructions. -Activity Monitor Archive Location +**Activity Monitor Archive Location** If the activity log files are being archived, configurable within the Netwrix Activity Monitor Console, then the credential used by Enterprise Auditor to read the activity log files must also diff --git a/docs/accessanalyzer/11.6/requirements/sharepoint/sharepoint/sharepointonline/access.md b/docs/accessanalyzer/11.6/requirements/sharepoint/sharepoint/sharepointonline/access.md index 3fbba116a5..92db88805d 100644 --- a/docs/accessanalyzer/11.6/requirements/sharepoint/sharepoint/sharepointonline/access.md +++ b/docs/accessanalyzer/11.6/requirements/sharepoint/sharepoint/sharepointonline/access.md @@ -11,10 +11,13 @@ Sensitive Data Discovery Auditing scans for the target SharePoint Online & OneDr environments. This involves creating and defining a Microsoft Entra ID application for app–only access to SharePoint Online. -**NOTE:** A user account with the Global Administrator role is required to register an app with +:::note +A user account with the Global Administrator role is required to register an app with Microsoft Entra ID. +::: -Configuration Settings from the Registered Application + +**Configuration Settings from the Registered Application** The following settings are needed from your tenant once you have registered the application: @@ -46,7 +49,7 @@ topic for additional information. The following permissions are required: -Permissions for Microsoft Graph API +**Permissions for Microsoft Graph API** - Application Permissions: @@ -75,7 +78,7 @@ Permissions for Microsoft Graph API - Group.Read.All – Read all groups - User.Read.All – Read all users' full profiles -Permissions for Office 365 Management APIs +**Permissions for Office 365 Management APIs** - Application Permissions: @@ -83,7 +86,7 @@ Permissions for Office 365 Management APIs - ActivityFeed.ReadDlp – Read DLP policy events including detected sensitive data - ServiceHealth.Read – Read service health information for your organization -Permissions for SharePoint +**Permissions for SharePoint** - Application Permissions: @@ -126,9 +129,12 @@ $cert=New-SelfSignedCertificate -CertStoreLocation Cert:\CurrentUser\My -DnsName Enterprise Auditor with the Export–Certificate cmdlet using the certificate path stored in the $certPath variable (see Step 1). -**NOTE:** The environment variable `SAINSTALLDIR` always points to the base Enterprise Auditor +:::note +The environment variable `SAINSTALLDIR` always points to the base Enterprise Auditor install directory; simply append the PrivateAssemblies to point to that folder with the following cmdlet: +::: + ``` Export-Certificate -Cert $cert -FilePath "$($env:SAINSTALLDIR)PrivateAssemblies\spaa_cert.cer" -Type CERT @@ -145,8 +151,11 @@ following cmdlet: Export-PfxCertificate -Cert $cert -FilePath "$($env:SAINSTALLDIR)PrivateAssemblies\spaa_cert.pfx" -Password (ConvertTo-SecureString -String "PasswordGoesHere" -Force -AsPlainText) ``` -**_RECOMMENDED:_** Change the string in the Password parameter from "PasswordGoesHere" to something +:::info +Change the string in the Password parameter from "PasswordGoesHere" to something more secure before running this cmdlet. +::: + - See the Microsoft [Export-PfxCertificate](https://docs.microsoft.com/en-us/powershell/module/pki/export-pfxcertificate) @@ -156,9 +165,12 @@ more secure before running this cmdlet. Follow the steps to register Enterprise Auditor with Microsoft Entra ID. -**NOTE:** The steps below are for the Microsoft Entra Admin Center. These steps might vary slightly +:::note +The steps below are for the Microsoft Entra Admin Center. These steps might vary slightly if you start from a different Microsoft portal. See the relevant Microsoft documentation for additional information. +::: + **Step 1 –** Sign into the [Microsoft Entra admin center](https://entra.microsoft.com/). @@ -182,9 +194,12 @@ application. Now that the application has been registered, permissions need to b Follow the steps to provision the upload your self-signed certificate. -**NOTE:** The steps below are for the Microsoft Entra Admin Center. These steps might vary slightly +:::note +The steps below are for the Microsoft Entra Admin Center. These steps might vary slightly if you start from a different Microsoft portal. See the relevant Microsoft documentation for additional information. +::: + **Step 1 –** Select the newly-created, registered application. If you left the Overview page, it will be listed in the **Identity** > **Applications** > **App registrations** > **All applications** @@ -207,9 +222,12 @@ The upload certificate public key .cer file is an application key credential. Follow the steps to grant permissions to the registered application. -**NOTE:** The steps below are for the Microsoft Entra Admin Center. These steps might vary slightly +:::note +The steps below are for the Microsoft Entra Admin Center. These steps might vary slightly if you start from a different Microsoft portal. See the relevant Microsoft documentation for additional information. +::: + **Step 1 –** Select the newly-created, registered application. If you left the Overview page, it will be listed in the **Identity** > **Applications** > **App registrations** > **All applications** @@ -288,9 +306,12 @@ Enterprise Auditor need to be collected. Follow the steps to find the registered application's Client ID. -**NOTE:** The steps below are for the Microsoft Entra Admin Center. These steps might vary slightly +:::note +The steps below are for the Microsoft Entra Admin Center. These steps might vary slightly if you start from a different Microsoft portal. See the relevant Microsoft documentation for additional information. +::: + **Step 1 –** Select the newly-created, registered application. If you left the Overview page, it will be listed in the **Identity** > **Applications** > **App registrations** > **All applications** diff --git a/docs/accessanalyzer/11.6/requirements/sharepoint/sharepoint/sharepointonline/activity.md b/docs/accessanalyzer/11.6/requirements/sharepoint/sharepoint/sharepointonline/activity.md index 06b10f7d1d..a6c6df8664 100644 --- a/docs/accessanalyzer/11.6/requirements/sharepoint/sharepoint/sharepointonline/activity.md +++ b/docs/accessanalyzer/11.6/requirements/sharepoint/sharepoint/sharepointonline/activity.md @@ -9,10 +9,13 @@ sidebar_position: 20 In order to collect logs and monitor SharePoint Online activity using the Netwrix Activity Monitor, it needs to be registered with Microsoft® Entra ID® (formerly Azure AD). -**NOTE:** A user account with the Global Administrator role is required to register an app with +:::note +A user account with the Global Administrator role is required to register an app with Microsoft Entra ID. +::: -Additional Requirement + +**Additional Requirement** In addition to registering the application with Microsoft Entra ID, the following is required: @@ -21,7 +24,7 @@ In addition to registering the application with Microsoft Entra ID, the followin See the [Enable Auditing for SharePoint Online](#enable-auditing-for-sharepoint-online) topic for additional information. -Configuration Settings from the Registered Application +**Configuration Settings from the Registered Application** The following settings are needed from your tenant once you have registered the application: @@ -29,10 +32,13 @@ The following settings are needed from your tenant once you have registered the - Client ID – This is the Application (client) ID for the registered application - Client Secret – This is the Client Secret Value generated when a new secret is created - **CAUTION:** It is not possible to retrieve the value after saving the new key. It must be + :::warning + It is not possible to retrieve the value after saving the new key. It must be copied first. + ::: + -Permissions for Microsoft Graph API +**Permissions for Microsoft Graph API** - Application: @@ -40,7 +46,7 @@ Permissions for Microsoft Graph API - Sites.Read.All – Read items in all site collections - User.Read.All – Read all users' full profiles -Permissions for Office 365 Management APIs +**Permissions for Office 365 Management APIs** - Application Permissions: @@ -51,9 +57,12 @@ Permissions for Office 365 Management APIs Follow the steps to register Activity Monitor with Microsoft Entra ID. -**NOTE:** The steps below are for the Microsoft Entra Admin Center. These steps might vary slightly +:::note +The steps below are for the Microsoft Entra Admin Center. These steps might vary slightly if you start from a different Microsoft portal. See the relevant Microsoft documentation for additional information. +::: + **Step 1 –** Sign into the [Microsoft Entra admin center](https://entra.microsoft.com/). @@ -70,7 +79,7 @@ registrations. - Redirect URI – Set the Redirect URI to **Public client/native** (Mobile and desktop) from the drop down menu. In the text box, enter the following: - Urn:ietf:wg:oauth:2.0:oob +**Urn:ietf:wg:oauth:2.0:oob** **Step 5 –** Click **Register**. @@ -81,9 +90,12 @@ application. Now that the application has been registered, permissions need to b Follow the steps to grant permissions to the registered application. -**NOTE:** The steps below are for the Microsoft Entra Admin Center. These steps might vary slightly +:::note +The steps below are for the Microsoft Entra Admin Center. These steps might vary slightly if you start from a different Microsoft portal. See the relevant Microsoft documentation for additional information. +::: + **Step 1 –** Select the newly-created, registered application. If you left the Overview page, it will be listed in the **Identity** > **Applications** > **App registrations** > **All applications** @@ -126,9 +138,12 @@ be collected. Follow the steps to find the registered application's Client ID. -**NOTE:** The steps below are for the Microsoft Entra Admin Center. These steps might vary slightly +:::note +The steps below are for the Microsoft Entra Admin Center. These steps might vary slightly if you start from a different Microsoft portal. See the relevant Microsoft documentation for additional information. +::: + **Step 1 –** Select the newly-created, registered application. If you left the Overview page, it will be listed in the **Identity** > **Applications** > **App registrations** > **All applications** @@ -145,7 +160,7 @@ ID. The Tenant ID is available in two locations within Microsoft Entra ID. -Registered Application Overview Blade +**Registered Application Overview Blade** You can copy the Tenant ID from the same page where you just copied the Client ID. Follow the steps to copy the Tenant ID from the registered application Overview blade. @@ -157,13 +172,16 @@ to copy the Tenant ID from the registered application Overview blade. This is needed for adding a SharePoint Online host in the Activity Monitor. Next generate the application’s Client Secret Key. -Overview Page +**Overview Page** Follow the steps to find the tenant name where the registered application resides. -**NOTE:** The steps below are for the Microsoft Entra Admin Center. These steps might vary slightly +:::note +The steps below are for the Microsoft Entra Admin Center. These steps might vary slightly if you start from a different Microsoft portal. See the relevant Microsoft documentation for additional information. +::: + **Step 1 –** Sign into the [Microsoft Entra admin center](https://entra.microsoft.com/). @@ -179,12 +197,18 @@ application’s Client Secret Key. Follow the steps to find the registered application's Client Secret, create a new key, and save its value when saving the new key. -**NOTE:** The steps below are for the Microsoft Entra Admin Center. These steps might vary slightly +:::note +The steps below are for the Microsoft Entra Admin Center. These steps might vary slightly if you start from a different Microsoft portal. See the relevant Microsoft documentation for additional information. +::: + -**CAUTION:** It is not possible to retrieve the value after saving the new key. It must be copied +:::warning +It is not possible to retrieve the value after saving the new key. It must be copied first. +::: + **Step 1 –** Select the newly-created, registered application. If you left the Overview page, it will be listed in the **Identity** > **Applications** > **App registrations** > **All applications** @@ -199,13 +223,19 @@ list. - Description – Enter a unique description for this secret - Expires – Select the duration. - **NOTE:** Setting the duration on the key to expire requires reconfiguration at the time of + :::note + Setting the duration on the key to expire requires reconfiguration at the time of expiration. It is best to configure it to expire in 1 or 2 years. + ::: + **Step 5 –** Click **Add** to generate the key. -**CAUTION:** If this page is left before the key is copied, then the key is not retrievable, and +:::warning +If this page is left before the key is copied, then the key is not retrievable, and this process will have to be repeated. +::: + **Step 6 –** The Client Secret will be displayed in the Value column of the table. You can use the Copy to clipboard button to copy the Client Secret. diff --git a/docs/accessanalyzer/11.6/requirements/sharepoint/sharepoint/sharepointonline/overview.md b/docs/accessanalyzer/11.6/requirements/sharepoint/sharepoint/sharepointonline/overview.md index 829bf744c1..ac66bb3cd9 100644 --- a/docs/accessanalyzer/11.6/requirements/sharepoint/sharepoint/sharepointonline/overview.md +++ b/docs/accessanalyzer/11.6/requirements/sharepoint/sharepoint/sharepointonline/overview.md @@ -21,11 +21,14 @@ See the [SharePoint Online Access & Sensitive Data Auditing Configuration](/docs/accessanalyzer/11.6/requirements/sharepoint/sharepoint/sharepointonline/access.md) topic for instructions. -**NOTE:** You can use the **SP_RegisterAzureAppAuth** instant job to make the configuration for +:::note +You can use the **SP_RegisterAzureAppAuth** instant job to make the configuration for SharePoint Online easier. This job registers the necessary Microsoft Entra ID application and provisions it with the required permissions. See the [SP_RegisterAzureAppAuth Job](/docs/accessanalyzer/11.6/admin/jobs/instantjobs/sp_registerazureappauth.md) topic for additional information. +::: + ## Access & Sensitive Data Auditing Port Requirements @@ -50,13 +53,13 @@ It is also necessary to enable the Remote Registry Service on the Activity Agent For integration between the Activity Monitor and Enterprise Auditor, the credential used by Enterprise Auditor to read the activity log files must have also have this permission. -SharePoint Requirements +**SharePoint Requirements** See the [SharePoint Online Activity Auditing Configuration](/docs/accessanalyzer/11.6/requirements/sharepoint/sharepoint/sharepointonline/activity.md) topic for instructions. -Activity Monitor Archive Location +**Activity Monitor Archive Location** If the activity log files are being archived, configurable within the Netwrix Activity Monitor Console, then the credential used by Enterprise Auditor to read the activity log files must also diff --git a/docs/accessanalyzer/11.6/requirements/unix/unix_1.md b/docs/accessanalyzer/11.6/requirements/unix/target.md similarity index 91% rename from docs/accessanalyzer/11.6/requirements/unix/unix_1.md rename to docs/accessanalyzer/11.6/requirements/unix/target.md index 58a4b25718..52af30d3f0 100644 --- a/docs/accessanalyzer/11.6/requirements/unix/unix_1.md +++ b/docs/accessanalyzer/11.6/requirements/unix/target.md @@ -16,7 +16,7 @@ The Enterprise Auditor for Unix Solution provides the ability to audit Unix serv - CentOS® 7+ - SUSE® 10+ -Data Collectors +**Data Collectors** This solution employs the following data collectors to scan the target environment: @@ -25,11 +25,11 @@ This solution employs the following data collectors to scan the target environme ## Permissions -For NIS Data Collector Prerequisite +**For NIS Data Collector Prerequisite** - No special permissions are needed aside from access to a NIS server -For Unix Data Collector +**For Unix Data Collector** - Root permissions in Unix/Linux @@ -40,12 +40,12 @@ If the Root permission is unavailable, a least privileged model can be used. See The following firewall ports are needed: -For NIS Data Collector Prerequisite +**For NIS Data Collector Prerequisite** - TCP 111 or UDP 111 - Randomly allocated high TCP ports -For Unix Data Collector +**For Unix Data Collector** - TCP 22 - User configurable @@ -67,7 +67,7 @@ Enterprise Auditor for Unix connects to your host in two ways: - Implementation of the SSH2 protocol built into Enterprise Auditor – This is how the Unix Data Collector interacts with and pulls information from your environment -Authentication Methods +**Authentication Methods** - SSH Login Required - SSH Private Key @@ -77,7 +77,7 @@ Authentication Methods - Open SSH - PuTTY Private Key -Device Connectivity +**Device Connectivity** - SSH port opened in software and hardware firewalls. Default is 22. @@ -108,7 +108,7 @@ rm -f [script] The 1.Users and Groups > 0.Collection > UX_UsersAndGroups Job requires permissions in the Unix environment to run the following commands: -Commands Used +**Commands Used** - `grep` - `egrep` @@ -125,7 +125,7 @@ Commands Used - `egrep /etc/default/passwd` (read access) - `cat /etc/security/passwd` (read access) -Perl Scripts Used +**Perl Scripts Used** ``` SA_UX_AIX_User.pl @@ -140,7 +140,7 @@ SA_UX_AIX_UserLastUpdate.pl The 2.PrivilegedAccess > Sudoers > 0.Collection > UX_MakeDirectory Job requires permissions in the Unix environment to run the following commands: -Commands Used +**Commands Used** - `mkdir /tmp/Stealthbits/` @@ -149,17 +149,20 @@ Commands Used The 2.PrivilegedAccess > Sudoers > 0.Collection > UX_ParseSudoers Job requires permissions in the Unix environment to run the following commands: -**NOTE:** To parse sudoers we either need root or an account that has access to use sudo without +:::note +To parse sudoers we either need root or an account that has access to use sudo without password prompt (:NOPASSWD) +::: -Commands Used + +**Commands Used** - `sudo chmod 500 SA_UX_ParseSudoers.pl` - `sudo ./SA_UX_ParseSudoers.pl` - `sudo rm SA_UX_ParseSudoers.pl` - `sudo rmdir /tmp/Stealthbits/` -Perl Scripts Used +**Perl Scripts Used** ``` SA_UX_ParseSudoers.pl @@ -172,7 +175,7 @@ This grants read access to  `/etc/sudoers` The 2.PrivilegedAccess > UX_Critical Files Job requires permissions in the Unix environment to run the following commands: -Commands Used +**Commands Used** - `ls -al /etc/` - `ls -al /etc/samba/` @@ -183,7 +186,7 @@ Commands Used The 3.Sharing > 0.Collection > UX_NFSConfiguration Job requires permissions in the Unix environment to run the following commands: -Perl Scripts Used +**Perl Scripts Used** ``` SA_UX_NFSConfiguration.pl @@ -199,7 +202,7 @@ This grants: The 3.Sharing > 0.Collection > UX_SambaConfiguration Job requires permissions in the Unix environment to run the following commands: -Perl Scripts Used +**Perl Scripts Used** ``` SA_UX_SambaConfiguration.pl diff --git a/docs/accessanalyzer/11.6/requirements/unix/unix.md b/docs/accessanalyzer/11.6/requirements/unix/unix.md index 716e67422f..3012e2b3db 100644 --- a/docs/accessanalyzer/11.6/requirements/unix/unix.md +++ b/docs/accessanalyzer/11.6/requirements/unix/unix.md @@ -12,12 +12,12 @@ Server, and Access Information Center. See the topic for the core requirements. See the -[Target Unix Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/unix/unix_1.md) +[Target Unix Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/unix/target.md) topic for target environment requirements. ## Unix Solution Requirements on the Enterprise Auditor Console -RAM, CPU, and Disk Space +**RAM, CPU, and Disk Space** These are dependent upon the size of the target environment: @@ -29,7 +29,7 @@ These are dependent upon the size of the target environment: ## Unix Solution Requirements on the SQL Server -RAM, CPU, and Disk Space +**RAM, CPU, and Disk Space** These are dependent upon the size of the target environment. diff --git a/docs/accessanalyzer/11.6/requirements/windows/windows_1.md b/docs/accessanalyzer/11.6/requirements/windows/target.md similarity index 85% rename from docs/accessanalyzer/11.6/requirements/windows/windows_1.md rename to docs/accessanalyzer/11.6/requirements/windows/target.md index fd318c1cbe..90cf96a7c4 100644 --- a/docs/accessanalyzer/11.6/requirements/windows/windows_1.md +++ b/docs/accessanalyzer/11.6/requirements/windows/target.md @@ -12,13 +12,13 @@ versions as targets: - Windows 7 and higher - Windows Server 2016 and later -Server and Desktop Requirements +**Server and Desktop Requirements** The following are requirements for the servers and desktops to be scanned: - WINRM Service installed -Data Collectors +**Data Collectors** This solution employs the following data collector to scan the target environment: @@ -43,53 +43,53 @@ This solution employs the following data collector to scan the target environmen The following firewall ports are needed: -For GroupPolicy Data Collector +**For GroupPolicy Data Collector** - TCP 389 - TCP 135-139 - Randomly allocated high TCP ports -For PowerShell Data Collector +**For PowerShell Data Collector** - Randomly allocated high TCP ports -For Registry Data Collector +**For Registry Data Collector** - TCP 135-139 - Randomly allocated high TCP ports -For Script Data Collector +**For Script Data Collector** - Randomly allocated high TCP ports -For Services Data Collector +**For Services Data Collector** - TCP 135-139 - Randomly allocated high TCP ports -For SMARTLog Data Collector +**For SMARTLog Data Collector** - TCP 135 - TCP 445 - Randomly allocated high TCP ports -For SystemInfo Data Collector +**For SystemInfo Data Collector** - TCP 135-139 - Randomly allocated high TCP ports -For TextSearch Data Collector +**For TextSearch Data Collector** - TCP 135-139 - Randomly allocated high TCP ports -For UsersGroups Data Collector +**For UsersGroups Data Collector** - TCP 135-139 - Randomly allocated high TCP ports - 445 -For WMICollector Data Collector +**For WMICollector Data Collector** - TCP 135-139 - Randomly allocated high TCP ports diff --git a/docs/accessanalyzer/11.6/requirements/windows/windows.md b/docs/accessanalyzer/11.6/requirements/windows/windows.md index 124c579c17..d7b2c400a4 100644 --- a/docs/accessanalyzer/11.6/requirements/windows/windows.md +++ b/docs/accessanalyzer/11.6/requirements/windows/windows.md @@ -12,12 +12,12 @@ Server, and Access Information Center. See the topic for the core requirements. See the -[Target Windows Server and Desktop Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/windows/windows_1.md) +[Target Windows Server and Desktop Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/windows/target.md) topic for target environment requirements. ## Windows Solution Requirements on the Enterprise Auditor Console -RAM, CPU, and Disk Space +**RAM, CPU, and Disk Space** These are dependent upon the size of the target environment: @@ -29,7 +29,7 @@ These are dependent upon the size of the target environment: ## Windows Solution Requirements on the SQL Server -RAM, CPU, and Disk Space +**RAM, CPU, and Disk Space** These are dependent upon the size of the target environment. diff --git a/docs/accessanalyzer/11.6/sensitivedatadiscovery/criteriaeditor/configuration.md b/docs/accessanalyzer/11.6/sensitivedatadiscovery/criteriaeditor/configuration.md index 5d1dc936b8..7693ced9bb 100644 --- a/docs/accessanalyzer/11.6/sensitivedatadiscovery/criteriaeditor/configuration.md +++ b/docs/accessanalyzer/11.6/sensitivedatadiscovery/criteriaeditor/configuration.md @@ -18,7 +18,10 @@ navigation pane. The options at the top of the Configuration Pane are: -**NOTE:** Configuration settings for System Criteria cannot be modified. +:::note +Configuration settings for System Criteria cannot be modified. +::: + - Navigation Path – Displays information on the current location within the Sensitive Data Criteria Editor @@ -50,7 +53,10 @@ The options at the top of the Configuration Pane are: The options at the bottom of the configuration pane are: -**NOTE:** Configuration settings for System Criteria cannot be modified. +:::note +Configuration settings for System Criteria cannot be modified. +::: + - Add – Add a sub-criteria to the required matched criteria list. The three types of sub-criteria that can be added are **Keyword**, **Pattern**, and **Summary**. See the following topics for @@ -69,8 +75,11 @@ The options at the bottom of the configuration pane are: - The maximum value is the number of sensitive data sub-criteria that has been added to the required matched criteria list - **CAUTION:** The character distance feature does not account for summaries that are nested + :::warning + The character distance feature does not account for summaries that are nested within other summaries. + ::: + - Matches should be within this proximity of characters – Match hits for this criteria should be within this many characters of one another in order for there to be a match. Adjust the slider to diff --git a/docs/accessanalyzer/11.6/sensitivedatadiscovery/criteriaeditor/regularexpression.md b/docs/accessanalyzer/11.6/sensitivedatadiscovery/criteriaeditor/regularexpression.md index 4993fe4d3d..8acd7725c2 100644 --- a/docs/accessanalyzer/11.6/sensitivedatadiscovery/criteriaeditor/regularexpression.md +++ b/docs/accessanalyzer/11.6/sensitivedatadiscovery/criteriaeditor/regularexpression.md @@ -21,9 +21,12 @@ The options on the Regular Expression window are: - Validation – Select a validation method from the Validation drop-down. The default value is **No validation required**. - **NOTE:** See the + :::note + See the [Sensitive Data System Criteria](/docs/accessanalyzer/11.6/sensitivedatadiscovery/systemcriteria.md) topic for additional information on validation methods. + ::: + - Sample Value – Text entered into the Sample Value text box is used to test pattern matches for the expression in the Expression text box diff --git a/docs/accessanalyzer/11.6/sensitivedatadiscovery/criteriaeditor/summary.md b/docs/accessanalyzer/11.6/sensitivedatadiscovery/criteriaeditor/summary.md index b46b125e28..b8c64b415f 100644 --- a/docs/accessanalyzer/11.6/sensitivedatadiscovery/criteriaeditor/summary.md +++ b/docs/accessanalyzer/11.6/sensitivedatadiscovery/criteriaeditor/summary.md @@ -45,8 +45,11 @@ The options on the Summary criteria configuration page are: - The maximum value is the number of sensitive data sub-criteria that has been added to the Required matched criteria list -**CAUTION:** The character distance feature does not account for summaries that are nested within +:::warning +The character distance feature does not account for summaries that are nested within other summaries. +::: + - Matches should be within this proximity of characters – Adjust the slider to set the default character distance required for match hits diff --git a/docs/accessanalyzer/11.6/sensitivedatadiscovery/overview.md b/docs/accessanalyzer/11.6/sensitivedatadiscovery/overview.md index dc1cf01ebf..16bac42cf7 100644 --- a/docs/accessanalyzer/11.6/sensitivedatadiscovery/overview.md +++ b/docs/accessanalyzer/11.6/sensitivedatadiscovery/overview.md @@ -35,15 +35,21 @@ solutions: - File System Solution - SharePoint Solution -**NOTE:** Changes made in the Sensitive Data Criteria Editor are global for Sensitive Data Discovery +:::note +Changes made in the Sensitive Data Criteria Editor are global for Sensitive Data Discovery in Enterprise Auditor. In other words, any changes to criteria affects all solutions using the Sensitive Data Discovery Add-on. +::: -**NOTE:** The Sensitive Data Discovery Add-on installation package installs the appropriate JDK + +:::note +The Sensitive Data Discovery Add-on installation package installs the appropriate JDK (Java) version on the server. The JDK deployed is prepackaged and does not require any configuration; it has been preconfigured to work with Enterprise Auditor and should never be customized through Java. It will not conflict with other JDKs or Java Runtimes in the same environment. +::: + See the [Sensitive Data Discovery Add-On Installation](/docs/accessanalyzer/11.6/install/sensitivedatadiscovery/overview.md) diff --git a/docs/accessanalyzer/11.6/sensitivedatadiscovery/supportedformats.md b/docs/accessanalyzer/11.6/sensitivedatadiscovery/supportedformats.md index 8a11940504..77a2e4fdbe 100644 --- a/docs/accessanalyzer/11.6/sensitivedatadiscovery/supportedformats.md +++ b/docs/accessanalyzer/11.6/sensitivedatadiscovery/supportedformats.md @@ -101,12 +101,15 @@ attachment as well. | Portable Network Graphic | .webp | | Tagged Image File Format | .TIF, .TIFF | -**NOTE:** The **FileSystem** > **0.Collection** > **1-SEEK System Scans** job can perform Optical +:::note +The **FileSystem** > **0.Collection** > **1-SEEK System Scans** job can perform Optical Character Recognition (OCR) scans for Raster image files by enabling the option on the SDD Audit Settings page in the File System Access Auditor Data Collector Wizard. This is an option for the Sensitive Data Scan category. See the [1-SEEK System Scans Job](/docs/accessanalyzer/11.6/solutions/filesystem/collection/1-seek_system_scans.md) topic for additional information. +::: + ### Spreadsheet diff --git a/docs/accessanalyzer/11.6/sensitivedatadiscovery/systemcriteria.md b/docs/accessanalyzer/11.6/sensitivedatadiscovery/systemcriteria.md index 452e096cfd..0ffbd84d11 100644 --- a/docs/accessanalyzer/11.6/sensitivedatadiscovery/systemcriteria.md +++ b/docs/accessanalyzer/11.6/sensitivedatadiscovery/systemcriteria.md @@ -8,135 +8,136 @@ sidebar_position: 30 The following is a list of default Sensitive Data System Criteria: -| Criteria | Metadata | Category | Validation | -| -------------------------------------- | ----------------------------------------------- | ---------------- | ---------- | -| ABA Routing Number | U.S., Financial Data | Financial Data | ✓ | -| Australian Driver's License | Australia, Driver's License, PII | Driver's License | | -| Australian Medicare Number (AMN) | Australia, Medical, PII | Medical | ✓ | -| Australian Passport Number | Australia, Passport, PII | Passport | | -| Australian Tax File Number (TFN) | Australia, National ID, PII | National ID | ✓ | -| Austrian IBAN | Austria, Financial Data, GDPR, IBAN | IBAN | ✓ | -| Austrian National ID | Austria, GDPR, National ID, PII | National ID | | -| Austrian SSN | Austria, GDPR, National ID, PII | National ID | | -| Authorized Keys | Credentials | Credentials | | -| AWS Connection Strings | Credentials | Credentials | | -| Belgian IBAN | Belgium, Financial Data, GDPR, IBAN | IBAN | ✓ | -| Belgian National ID | Belgium, GDPR, National ID, PII | National ID | | -| Belgian SSN | Belgium, GDPR, National ID, PII | National ID | | -| Bulgarian IBAN | Bulgaria, Financial Data, GDPR, IBAN | IBAN | ✓ | -| Bulgarian National ID | Bulgaria, GDPR, National ID, PII | National ID | | -| Canada SIN | Canada, National ID, PII | National ID | ✓ | -| CPT Codes | U.S., HIPAA, Medical | Medical | | -| Credit Cards | Financial Data, PCI | Financial Data | ✓ | -| Credit Card Magnetic Stripe | Financial Data, PCI | Financial Data | | -| Croatian IBAN | Croatia, Financial Data, GDPR, IBAN | IBAN | ✓ | -| CUSIP Number | U.S., Financial Data, SOX | Financial Data | ✓ | -| Cypriot IBAN | Cyprus, Financial Data, GDPR, IBAN, PII | IBAN | ✓ | -| Czech Birth Number | Czech Republic, GDPR, National ID, PII | National ID | | -| Czech IBAN | Czech Republic, Financial Data, GDPR, IBAN, PII | IBAN | ✓ | -| Czech National ID | Czech Republic, GDPR, National ID, PII | National ID | | -| Czech Passport | Czech Republic, GDPR, Passport, PII | Passport | | -| Danish IBAN | Denmark, Financial Data, GDPR, IBAN, PII | IBAN | ✓ | -| Danish National ID | Denmark, GDPR, National ID, PII | National ID | | -| DEA Registration Number | U.S., Medical | Medical | ✓ | -| DSA Private Key | Credentials | Credentials | | -| DSA Private Key (Encrypted) | Credentials | Credentials | | -| EC Private Key | Credentials | Credentials | | -| EC Private Key (Encrypted) | Credentials | Credentials | | -| Employer Identification Number (EIN) | U.S., Financial Data | Financial Data | | -| Estonian IBAN | Estonia, Financial Data, GDPR, IBAN | IBAN | ✓ | -| Estonian National ID | Estonia, GDPR, National ID, PII | National ID | | -| Financial Documents | Financial Data, SOX, U.S. | Financial Data | | -| Finnish IBAN | Finland, Financial Data, GDPR, IBAN | IBAN | ✓ | -| Finnish Personal ID | Finland, GDPR, National ID, PII | National ID | | -| French Drivers License | France, Driver's License, GDPR, PII | Driver's License | | -| French IBAN | France, Financial Data, GDPR, IBAN | IBAN | ✓ | -| French INSEE (SSN) | France, GDPR, National ID, PII | National ID | | -| French National ID | France, GDPR, National ID, PII | National ID | | -| French Passport | France, GDPR, Passport, PII | Passport | | -| French Tax ID | France, GDPR, National ID, PII | National ID | ✓ | -| French VAT | France, Financial Data, GDPR, VAT | Financial Data | | -| Generic Certificate | Credentials | Credentials | | -| Generic Private Key | Credentials | Credentials | | -| Generic Public Key | Credentials | Credentials | | -| German Driver's License | Germany, Driver's License, GDPR, PII | Driver's License | | -| German IBAN | Germany, Financial Data, GDPR, IBAN | IBAN | ✓ | -| German National ID | Germany, GDPR, National ID, PII | National ID | | -| German Passport | Germany, GDPR, Passport, PII | Passport | | -| German SSN | Germany, GDPR, National ID, PII | National ID | | -| German Tax ID | Germany, GDPR, National ID, PII | National ID | ✓ | -| German VAT | Germany, Financial Data, GDPR, VAT | Financial Data | | -| Google Cloud Keys & Connection Strings | Credentials | Credentials | | -| Greek IBAN | Greece, Financial Data, GDPR, IBAN | IBAN | ✓ | -| Greek National ID | Greece, GDPR, National ID, PII | National ID | | -| HCPCS Codes | U.S., HIPAA, Medical | Medical | | -| Hungarian IBAN | Hungary, Financial Data, GDPR, IBAN | IBAN | ✓ | -| Hungarian National ID | Hungary, GDPR, National ID, PII | National ID | | -| Hungarian Personal ID | Hungary, GDPR, National ID, PII | National ID | | -| Hungarian SIN | Hungary, GDPR, National ID, PII | National ID | | -| ICD-10 Insurance Codes | U.S., HIPAA, Medical | Medical | | -| IPv4 Address | Networking | Networking | | -| IPv6 Address | Networking | Networking | | -| Irish IBAN | Ireland, Financial Data, GDPR, IBAN | IBAN | ✓ | -| Irish National ID | Ireland, GDPR, National ID, PII | National ID | | -| Italian IBAN | Italy, Financial Data, GDPR, IBAN | IBAN | ✓ | -| Italian SSN | Italy, GDPR, National ID, PII | National ID | | -| ITAR Foreign Nationals | U.S., ITAR | ITAR | | -| ITAR Restricted Munitions | U.S., ITAR | ITAR | | -| ITIN Number | U.S., National ID, PII | National ID | | -| Kerberos Tickets | Credentials | Credentials | | -| Latvian IBAN | Latvia, Financial Data, GDPR, IBAN | IBAN | ✓ | -| Latvian Personal ID | Latvia, GDPR, National ID, PII | National ID | ✓ | -| Legal Documents | U.S., Legal Documents | Legal Documents | | -| Lithuanian IBAN | Lithuania, Financial Data, GDPR, IBAN | IBAN | ✓ | -| Lithuanian Personal ID | Lithuania, GDPR, National ID, PII | National ID | | -| Luxembourgian IBAN | Luxembourg, Financial Data, GDPR, IBAN | IBAN | ✓ | -| Maltan IBAN | Malta, Financial Data, GDPR, IBAN | IBAN | ✓ | -| Medical Diagnoses | U.S., HIPAA, Medical | Medical | | -| Medicare Beneficiary Identifier (MBI) | U.S., HIPAA, Medical | Medical | | -| Microsoft Azure Connection Strings | Credentials | Credentials | | -| National Drug Code | U.S., Medical | Medical | | -| National Provider Identifier (NPI) | U.S., Medical | Medical | ✓ | -| Netherland IBAN | Netherlands, Financial Data, GDPR, IBAN | IBAN | ✓ | -| Netherland Personal ID | Netherlands, GDPR, National ID, PII | National ID | | -| Norwegian Personal ID | Norway, GDPR, National ID, PII | National ID | | -| P7B/PKCS#7 Certificate | Credentials | Credentials | | -| Passport Application - Canada | Canada, Passport, PII | Passport | | -| Passport Application - USA | U.S., Passport, PII | Passport | | -| Passwords | Credentials | Credentials | | -| PGP Key Block | Credentials | Credentials | | -| Pharmaceuticals and Supplements | Medical | Medical | | -| Polish IBAN | Poland, Financial Data, GDPR, IBAN | IBAN | ✓ | -| Polish SSN | Poland, GDPR, National ID, PII | National ID | ✓ | -| Polish Tax ID | Poland, GDPR, National ID, PII | National ID | ✓ | -| Portuguese IBAN | Portugal, Financial Data, GDPR, IBAN | IBAN | ✓ | -| Romanian IBAN | Romania, Financial Data, GDPR, IBAN | IBAN | ✓ | -| Romanian Personal ID | Romania, GDPR, National ID, PII | National ID | ✓ | -| RSA Private Key | Credentials | Credentials | | -| RSA Private Key (Encrypted) | Credentials | Credentials | | -| Slack Token | Credentials | Credentials | | -| Slovak IBAN | Slovakia, Financial Data, GDPR, IBAN | IBAN | ✓ | -| Slovak Passport | Slovakia, GDPR, Passport, PII | Passport | | -| Slovenian IBAN | Slovenia, Financial Data, GDPR, IBAN | IBAN | ✓ | -| Spain Driver's License | Spain, Driver's License, GDPR, PII | Driver's License | | -| Spain IBAN | Spain, Financial Data, GDPR, IBAN | IBAN | ✓ | -| Spain National ID | Spain, GDPR, National ID, PII | National ID | | -| Spain Passport | Spain, GDPR, Passport, PII | Passport | | -| Spain SSN | Spain, GDPR, National ID, PII | National ID | | -| Spain Tax ID | Spain, GDPR, National ID, PII | National ID | ✓ | -| Spain VAT | Spain, Financial Data, GDPR, VAT | Financial Data | | -| Swedish IBAN | Sweden, Financial Data, GDPR, IBAN | IBAN | ✓ | -| Swedish Personal ID | Sweden, GDPR, National ID, PII | National ID | ✓ | -| SWIFT/BIC | Financial Data | Financial Data | | -| Swiss SSN | Switzerland, National ID, PII | National ID | | -| UK Drivers License | U.K., Driver's License, GDPR, PII | Driver's License | | -| UK IBAN | U.K., Financial Data, GDPR, IBAN | IBAN | ✓ | -| UK NHS | U.K., GDPR, Medical, PII | Medical | ✓ | -| UK NINO | U.K., GDPR, National ID, PII | National ID | | -| UK Passport | U.K., GDPR, Passport, PII | Passport | | -| UNIX etc/passwd | Credentials | Credentials | | -| US Address | U.S., Address | Address | | -| US Drivers License | U.S., Driver's License, PII | Driver's License | | -| US Passport | U.S., Passport, PII | Passport | | -| US SSN | U.S., National ID, PII | National ID | ✓ | -| US Tax Forms | U.S., Financial Data | Financial Data | | +| Criteria | Metadata | Category | Validation | +| --------------------------------------------- | ----------------------------------------------- | ---------------- | ---------- | +| ABA Routing Number | U.S., Financial Data | Financial Data | ✓ | +| Australian Driver's License | Australia, Driver's License, PII | Driver's License | | +| Australian Medicare Number (AMN) | Australia, Medical, PII | Medical | ✓ | +| Australian Passport Number | Australia, Passport, PII | Passport | | +| Australian Tax File Number (TFN) | Australia, National ID, PII | National ID | ✓ | +| Austrian IBAN | Austria, Financial Data, GDPR, IBAN | IBAN | ✓ | +| Austrian National ID | Austria, GDPR, National ID, PII | National ID | | +| Austrian SSN | Austria, GDPR, National ID, PII | National ID | | +| Authorized Keys | Credentials | Credentials | | +| AWS Connection Strings | Credentials | Credentials | | +| Belgian IBAN | Belgium, Financial Data, GDPR, IBAN | IBAN | ✓ | +| Belgian National ID | Belgium, GDPR, National ID, PII | National ID | | +| Belgian SSN | Belgium, GDPR, National ID, PII | National ID | | +| Bulgarian IBAN | Bulgaria, Financial Data, GDPR, IBAN | IBAN | ✓ | +| Bulgarian National ID | Bulgaria, GDPR, National ID, PII | National ID | | +| Canada SIN | Canada, National ID, PII | National ID | ✓ | +| CPT Codes | U.S., HIPAA, Medical | Medical | | +| Credit Cards | Financial Data, PCI | Financial Data | ✓ | +| Credit Card Magnetic Stripe | Financial Data, PCI | Financial Data | | +| Croatian IBAN | Croatia, Financial Data, GDPR, IBAN | IBAN | ✓ | +| CUSIP Number | U.S., Financial Data, SOX | Financial Data | ✓ | +| Cypriot IBAN | Cyprus, Financial Data, GDPR, IBAN, PII | IBAN | ✓ | +| Czech Birth Number | Czech Republic, GDPR, National ID, PII | National ID | | +| Czech IBAN | Czech Republic, Financial Data, GDPR, IBAN, PII | IBAN | ✓ | +| Czech National ID | Czech Republic, GDPR, National ID, PII | National ID | | +| Czech Passport | Czech Republic, GDPR, Passport, PII | Passport | | +| Danish IBAN | Denmark, Financial Data, GDPR, IBAN, PII | IBAN | ✓ | +| Danish National ID | Denmark, GDPR, National ID, PII | National ID | | +| DEA Registration Number | U.S., Medical | Medical | ✓ | +| DSA Private Key | Credentials | Credentials | | +| DSA Private Key (Encrypted) | Credentials | Credentials | | +| EC Private Key | Credentials | Credentials | | +| EC Private Key (Encrypted) | Credentials | Credentials | | +| Employer Identification Number (EIN) | U.S., Financial Data | Financial Data | | +| Estonian IBAN | Estonia, Financial Data, GDPR, IBAN | IBAN | ✓ | +| Estonian National ID | Estonia, GDPR, National ID, PII | National ID | | +| Financial Documents | Financial Data, SOX, U.S. | Financial Data | | +| Finnish IBAN | Finland, Financial Data, GDPR, IBAN | IBAN | ✓ | +| Finnish Personal ID | Finland, GDPR, National ID, PII | National ID | | +| French Drivers License | France, Driver's License, GDPR, PII | Driver's License | | +| French IBAN | France, Financial Data, GDPR, IBAN | IBAN | ✓ | +| French INSEE (SSN) | France, GDPR, National ID, PII | National ID | | +| French National ID | France, GDPR, National ID, PII | National ID | | +| French Passport | France, GDPR, Passport, PII | Passport | | +| French Tax ID | France, GDPR, National ID, PII | National ID | ✓ | +| French VAT | France, Financial Data, GDPR, VAT | Financial Data | | +| Generic Certificate | Credentials | Credentials | | +| Generic Private Key | Credentials | Credentials | | +| Generic Public Key | Credentials | Credentials | | +| German Driver's License | Germany, Driver's License, GDPR, PII | Driver's License | | +| German IBAN | Germany, Financial Data, GDPR, IBAN | IBAN | ✓ | +| German National ID | Germany, GDPR, National ID, PII | National ID | | +| German Passport | Germany, GDPR, Passport, PII | Passport | | +| German SSN | Germany, GDPR, National ID, PII | National ID | | +| German Tax ID | Germany, GDPR, National ID, PII | National ID | ✓ | +| German VAT | Germany, Financial Data, GDPR, VAT | Financial Data | | +| Google Cloud Keys & Connection Strings | Credentials | Credentials | | +| Greek IBAN | Greece, Financial Data, GDPR, IBAN | IBAN | ✓ | +| Greek National ID | Greece, GDPR, National ID, PII | National ID | | +| HCPCS Codes | U.S., HIPAA, Medical | Medical | | +| Hungarian IBAN | Hungary, Financial Data, GDPR, IBAN | IBAN | ✓ | +| Hungarian National ID | Hungary, GDPR, National ID, PII | National ID | | +| Hungarian Personal ID | Hungary, GDPR, National ID, PII | National ID | | +| Hungarian SIN | Hungary, GDPR, National ID, PII | National ID | | +| ICD-10 Insurance Codes | U.S., HIPAA, Medical | Medical | | +| IPv4 Address | Networking | Networking | | +| IPv6 Address | Networking | Networking | | +| Irish IBAN | Ireland, Financial Data, GDPR, IBAN | IBAN | ✓ | +| Irish National ID | Ireland, GDPR, National ID, PII | National ID | | +| Italian IBAN | Italy, Financial Data, GDPR, IBAN | IBAN | ✓ | +| Italian SSN | Italy, GDPR, National ID, PII | National ID | | +| ITAR Foreign Nationals | U.S., ITAR | ITAR | | +| ITAR Restricted Munitions | U.S., ITAR | ITAR | | +| ITIN Number | U.S., National ID, PII | National ID | | +| Kerberos Tickets | Credentials | Credentials | | +| Latvian IBAN | Latvia, Financial Data, GDPR, IBAN | IBAN | ✓ | +| Latvian Personal ID | Latvia, GDPR, National ID, PII | National ID | ✓ | +| Legal Documents | U.S., Legal Documents | Legal Documents | | +| Lithuanian IBAN | Lithuania, Financial Data, GDPR, IBAN | IBAN | ✓ | +| Lithuanian Personal ID | Lithuania, GDPR, National ID, PII | National ID | | +| Luxembourgian IBAN | Luxembourg, Financial Data, GDPR, IBAN | IBAN | ✓ | +| Maltan IBAN | Malta, Financial Data, GDPR, IBAN | IBAN | ✓ | +| Medical Diagnoses | U.S., HIPAA, Medical | Medical | | +| Medicare Beneficiary Identifier (MBI) | U.S., HIPAA, Medical | Medical | | +| Microsoft Azure Connection Strings | Credentials | Credentials | | +| National Drug Code | U.S., Medical | Medical | | +| National Provider Identifier (NPI) | U.S., Medical | Medical | ✓ | +| Netherland IBAN | Netherlands, Financial Data, GDPR, IBAN | IBAN | ✓ | +| Netherland Personal ID | Netherlands, GDPR, National ID, PII | National ID | | +| Norwegian Personal ID | Norway, GDPR, National ID, PII | National ID | | +| P7B/PKCS#7 Certificate | Credentials | Credentials | | +| Passport Application
  • Canada
| Canada, Passport, PII | Passport | | +| Passport Application
  • USA
| U.S., Passport, PII | Passport | | +| Passwords | Credentials | Credentials | | +| PGP Key Block | Credentials | Credentials | | +| Pharmaceuticals and Supplements | Medical | Medical | | +| Polish IBAN | Poland, Financial Data, GDPR, IBAN | IBAN | ✓ | +| Polish SSN | Poland, GDPR, National ID, PII | National ID | ✓ | +| Polish Tax ID | Poland, GDPR, National ID, PII | National ID | ✓ | +| Portuguese IBAN | Portugal, Financial Data, GDPR, IBAN | IBAN | ✓ | +| Romanian IBAN | Romania, Financial Data, GDPR, IBAN | IBAN | ✓ | +| Romanian Personal ID | Romania, GDPR, National ID, PII | National ID | ✓ | +| RSA Private Key | Credentials | Credentials | | +| RSA Private Key (Encrypted) | Credentials | Credentials | | +| Slack Token | Credentials | Credentials | | +| Slovak IBAN | Slovakia, Financial Data, GDPR, IBAN | IBAN | ✓ | +| Slovak Passport | Slovakia, GDPR, Passport, PII | Passport | | +| Slovenian IBAN | Slovenia, Financial Data, GDPR, IBAN | IBAN | ✓ | +| Spain Driver's License | Spain, Driver's License, GDPR, PII | Driver's License | | +| Spain IBAN | Spain, Financial Data, GDPR, IBAN | IBAN | ✓ | +| Spain National ID | Spain, GDPR, National ID, PII | National ID | | +| Spain Passport | Spain, GDPR, Passport, PII | Passport | | +| Spain SSN | Spain, GDPR, National ID, PII | National ID | | +| Spain Tax ID | Spain, GDPR, National ID, PII | National ID | ✓ | +| Spain VAT | Spain, Financial Data, GDPR, VAT | Financial Data | | +| Swedish IBAN | Sweden, Financial Data, GDPR, IBAN | IBAN | ✓ | +| Swedish Personal ID | Sweden, GDPR, National ID, PII | National ID | ✓ | +| SWIFT/BIC | Financial Data | Financial Data | | +| Swiss SSN | Switzerland, National ID, PII | National ID | | +| UK Drivers License | U.K., Driver's License, GDPR, PII | Driver's License | | +| UK IBAN | U.K., Financial Data, GDPR, IBAN | IBAN | ✓ | +| UK NHS | U.K., GDPR, Medical, PII | Medical | ✓ | +| UK NINO | U.K., GDPR, National ID, PII | National ID | | +| UK Passport | U.K., GDPR, Passport, PII | Passport | | +| UNIX etc/passwd | Credentials | Credentials | | +| US Address | U.S., Address | Address | | +| US Drivers License | U.S., Driver's License, PII | Driver's License | | +| US Passport | U.S., Passport, PII | Passport | | +| US SSN | U.S., National ID, PII | National ID | ✓ | +| US Tax Forms | U.S., Financial Data | Financial Data | | + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/activity/ad_activitycollection.md b/docs/accessanalyzer/11.6/solutions/activedirectory/activity/ad_activitycollection.md index 3630149314..362c7d0747 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/activity/ad_activitycollection.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/activity/ad_activitycollection.md @@ -35,11 +35,14 @@ The AD_ActivityCollection page has the following configurable parameters: - Enable to import AD events into the AIC - Enable to import authentication events into the AIC - **NOTE:** The import of AD events and authentication events is disabled by default. You must + :::note + The import of AD events and authentication events is disabled by default. You must enable these parameters for the activity data to be imported into the Netwrix Access Information Center. See the [(Optional) Configure Import of AD Activity into Netwrix Access Information Center](/docs/accessanalyzer/11.6/requirements/activedirectory/activedirectory/activity/activity.md#optional-configure-import-of-ad-activity-into-netwrix-access-information-center) topic for instructions. + ::: + - List of attributes to track for Object Modified changes - Number of days to retain activity data in the AIC @@ -53,8 +56,11 @@ topic for additional information. The AD Activity Collection query uses the ADActivity Data Collector to target the Activity Monitor archive logs for AD Activity. -**NOTE:** The query can be configured to connect directly to the network share where the archive +:::note +The query can be configured to connect directly to the network share where the archive logs are stored or the API Server. +::: + ![Queries for the AD_ActivityCollection Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/activity/queries.webp) @@ -68,10 +74,13 @@ The AD_ActivityCollection Job requires configuration to collect data. Follow the query configuration when Netwrix Activity Monitor is configured to host domain activity logs on an API server. -**NOTE:** Ensure the Activity Monitor API Server and the required Connection Profile are +:::note +Ensure the Activity Monitor API Server and the required Connection Profile are successfully set up. See the [Active Directory Activity Auditing Configuration](/docs/accessanalyzer/11.6/requirements/activedirectory/activedirectory/activity/activity.md) topic for additional information. +::: + **Step 1 –** Navigate to the **Jobs** > **Active Directory** > **6.Activity** > **0.Collection** > **AD_ActivityCollection** Job. Select the **Configure** > **Queries** node. @@ -106,10 +115,13 @@ last step. - Relative Timespan – Set the number of days of activity logs to collect when the scan is run - Absolute Timespan – Set the date range for activity logs to collect when the scan is run -**_RECOMMENDED:_** The threshold should be set to ensure the logs are collected before the Activity +:::info +The threshold should be set to ensure the logs are collected before the Activity Monitor domain output log retention expires. For example, if Enterprise Auditor runs the **AD_ActivityCollection** Job once a week (every 7 days), then the Activity Monitor output should be configured to retain at least 10 days of log files. +::: + **Step 10 –** Set the Retention period as desired. This is the number of days Enterprise Auditor keeps the collected data in the SQL Server database. @@ -136,10 +148,13 @@ The AD_ActivityCollection Job requires configuration to collect data. Follow the query configuration when Netwrix Activity Monitor is configured to store activity logs on a network share. -**NOTE:** Ensure the Activity Monitor domain output and the required Connection Profile are +:::note +Ensure the Activity Monitor domain output and the required Connection Profile are successfully set up. See the [File Archive Repository Option](/docs/accessanalyzer/11.6/requirements/activedirectory/activedirectory/activity/filearchive.md) topic for additional information. +::: + **Step 1 –** Navigate to the **Jobs** > **Active Directory** > **6.Activity** > **0.Collection** > **AD_ActivityCollection** Job. Select the **Configure** > **Queries** node. @@ -166,10 +181,13 @@ Click **Next**. - Relative Timespan – Set the number of days of activity logs to collect when the scan is run - Absolute Timespan – Set the date range for activity logs to collect when the scan is run -**_RECOMMENDED:_** The threshold should be set to ensure the logs are collected before the Activity +:::info +The threshold should be set to ensure the logs are collected before the Activity Monitor domain output log retention expires. For example, if Enterprise Auditor runs the **AD_ActivityCollection** Job once a week (every 7 days), then the Activity Monitor output should be configured to retain at least 10 days of log files. +::: + **Step 7 –** Set the Retention period as desired. This is the number of days Enterprise Auditor keeps the collected data in the SQL Server database. @@ -186,8 +204,11 @@ logs are archived. Navigate to the **Jobs** > **Active Directory** > **6.Activity** > **0.Collection** > **AD_ActivityCollection** Job. Select the **Configure** > **Analysis** node. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_ActivityCollection Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/activity/analysis.webp) @@ -211,12 +232,13 @@ The following analysis tasks are selected by default: The customizable parameters for this job allow you to configure importing of AD activity data into the Netwrix Access Information Center. -| Analysis Task | Customizable Parameter Name | Default Value | Value Indicates | -| ------------------------------- | --------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------- | -| AIC Import - AD Activity Events | #modifiedAttributeList | Default attributes: - givenName - sn - displayName - description - userPrincipalName - sAMAccountName - initials - title - department - company - manager - location - streetAddress - currentLocation - st - postalCode - c - otherTelephone - homePhone - ipPhone - mobile - facsimileTelephoneNumber - otherFacsimileTelephoneNumber - mail - wWWHomePage - employeeID - employeeType - employeeNumber - extensionAttribute1 - extensionAttribute2 - extensionAttribute3 - extensionAttribute4 - extensionAttribute5 - extensionAttribute6 - extensionAttribute7 - extensionAttribute8 - extensionAttribute9 - extensionAttribute10 - extensionAttribute11 - extensionAttribute12 - extensionAttribute13 - extensionAttribute14 - extensionAttribute15 | List of attributes to track for Object Modified changes | -| AIC Import - AD Activity Events | @ADEvents | False | Enable to import AD events into the AIC | -| AIC Import - AD Activity Events | @AuthEvents | False | Enable to import authentication events into the AIC | -| AIC Import - Activity Retention | @Days | 120 | Number of days to retain activity data in the AIC | +| Analysis Task | Customizable Parameter Name | Default Value | Value Indicates | +| ----------------------------------------------- | --------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------- | +| AIC Import
  • AD Activity Events
| #modifiedAttributeList | Default attributes:
  • givenName
  • sn
  • displayName
  • description
  • userPrincipalName
  • sAMAccountName
  • initials
  • title
  • department
  • company
  • manager
  • location
  • streetAddress
  • currentLocation
  • st
  • postalCode
  • c
  • otherTelephone
  • homePhone
  • ipPhone
  • mobile
  • facsimileTelephoneNumber
  • otherFacsimileTelephoneNumber
  • mail
  • wWWHomePage
  • employeeID
  • employeeType
  • employeeNumber
  • extensionAttribute1
  • extensionAttribute2
  • extensionAttribute3
  • extensionAttribute4
  • extensionAttribute5
  • extensionAttribute6
  • extensionAttribute7
  • extensionAttribute8
  • extensionAttribute9
  • extensionAttribute10
  • extensionAttribute11
  • extensionAttribute12
  • extensionAttribute13
  • extensionAttribute14
  • extensionAttribute15
| List of attributes to track for Object Modified changes | +| AIC Import
  • AD Activity Events
| @ADEvents | False | Enable to import AD events into the AIC | +| AIC Import
  • AD Activity Events
| @AuthEvents | False | Enable to import authentication events into the AIC | +| AIC Import
  • Activity Retention
| @Days | 120 | Number of days to retain activity data in the AIC | + See the [Configure the Customizable Parameters in an Analysis Task](/docs/accessanalyzer/11.6/admin/jobs/job/configure/analysis/analysiscustomizableparameters.md) diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/activity/ad_ldapqueries.md b/docs/accessanalyzer/11.6/solutions/activedirectory/activity/ad_ldapqueries.md index d84689d06e..7a86cc4b54 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/activity/ad_ldapqueries.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/activity/ad_ldapqueries.md @@ -12,15 +12,21 @@ can be used to troubleshoot performance issues, load balancing, and poorly confi ![AD_LDAPQueries Job in the Jobs Tree](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/activity/ldapjobstree.webp) -**_RECOMMENDED:_** Schedule this job to run with the 0.Collection job group. +:::info +Schedule this job to run with the 0.Collection job group. +::: + ## Analysis Tasks for the AD_LDAPQueries Job Navigate to the **Active Directory** > **6.Activity** > **LDAP** > **AD_LDAPQueries** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Except for the **Largest Queries** task, do not modify or deselect the remaining +:::warning +Except for the **Largest Queries** task, do not modify or deselect the remaining selected analysis tasks. The remaining analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_LDAPQueries Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/activity/ldapqueriesanalysis.webp) @@ -40,10 +46,11 @@ The following configurable analysis task can be optionally enabled: In addition to the tables created by the analysis tasks, the AD_LDAPQueries Job produces the follow pre-configured reports: -| Report | Description | Default Tags | Report Elements | -| -------------------- | ------------------------------------------------------------------- | ---------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Largest LDAP Queries | Shows LDAP queries returning the most objects, and their source. | CCPA GDPR SOX HIPPA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of three elements: - Bar – Displays top users by LDAP traffic - Table – Displays top users by LDAP traffic - Table – Displays Expensive LDAP Queries | -| LDAP Overview | Overview of hosts and users performing queries, and query security. | CCPA GDPR SOX HIPPA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of four elements: - Pie – Displays SSL query events view results - Pie – Displays query security flags - Table – Displays users performing LDAP queries - Table – Displays originating hosts | +| Report | Description | Default Tags | Report Elements | +| -------------------- | ------------------------------------------------------------------- | ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Largest LDAP Queries | Shows LDAP queries returning the most objects, and their source. | CCPA GDPR SOX HIPPA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of three elements:
  • Bar – Displays top users by LDAP traffic
  • Table – Displays top users by LDAP traffic
  • Table – Displays Expensive LDAP Queries
| +| LDAP Overview | Overview of hosts and users performing queries, and query security. | CCPA GDPR SOX HIPPA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of four elements:
  • Pie – Displays SSL query events view results
  • Pie – Displays query security flags
  • Table – Displays users performing LDAP queries
  • Table – Displays originating hosts
| + ### Configure the Largest Queries Analysis Task @@ -60,7 +67,10 @@ analysis task’s parameters. **Step 2 –** In the Analysis Selection view, select the **Largest Queries** analysis task and click **Analysis Configuration**. The SQL Script Editor opens. -**CAUTION:** Do not change any parameters where the Value states `Created during execution`. +:::warning +Do not change any parameters where the Value states `Created during execution`. +::: + ![Largest Queries analysis task in the SQL Script Editor](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/activity/ldapsqlscripteditor.webp) diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/activity/ad_lockouts.md b/docs/accessanalyzer/11.6/solutions/activedirectory/activity/ad_lockouts.md index 5a9dc11568..e0b59bd6d4 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/activity/ad_lockouts.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/activity/ad_lockouts.md @@ -12,15 +12,21 @@ troubleshooting. ![AD_Lockouts Job in the Jobs Tree](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/activity/lockoutsjobstree.webp) -**_RECOMMENDED:_** Schedule this job to run with the 0.Collection job group. +:::info +Schedule this job to run with the 0.Collection job group. +::: + ## Analysis Tasks for the AD_Lockouts Job Navigate to the **Active Directory** > **6.Activity** > **Lockouts** > **AD_Lockouts** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_Lockouts Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/activity/lockoutsanalysis.webp) @@ -34,6 +40,7 @@ The default analysis tasks are: In addition to the tables created by the analysis tasks, the AD_Lockouts Job produces the follow pre-configured reports: -| Report | Description | Default Tags | Report Elements | -| -------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- | -| Lockouts | This report tracks all lockouts for user accounts. For any lockout occurring in the past 30 days, failed authentications and host information are provided to aid troubleshooting. | CCPA GDPR SOX HIPPA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of two elements: - Table – Displays account lockouts details - Table –  Displays failed authentications in the past 30 days | +| Report | Description | Default Tags | Report Elements | +| -------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Lockouts | This report tracks all lockouts for user accounts. For any lockout occurring in the past 30 days, failed authentications and host information are provided to aid troubleshooting. | CCPA GDPR SOX HIPPA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of two elements:
  • Table – Displays account lockouts details
  • Table –  Displays failed authentications in the past 30 days
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/activity/changes/ad_computermodifications.md b/docs/accessanalyzer/11.6/solutions/activedirectory/activity/changes/ad_computermodifications.md index 3e3f202aa0..c3aec6e0f2 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/activity/changes/ad_computermodifications.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/activity/changes/ad_computermodifications.md @@ -13,8 +13,11 @@ The AD_ComputerModifications Job provides a report of all changes to computer ob Navigate to the **Active Directory** > **6.Activity** > **Changes** > **AD_ComputerModifications** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_ComputerModifications Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/activity/changes/computermodificationsanalysis.webp) @@ -28,6 +31,7 @@ The following non-configurable analysis tasks are selected by default: In addition to the tables created by the analysis tasks, the AD_ComputerModifications Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ------------------------ | ---------------------------------- | ---------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Computer Account Changes | Track changes to computer objects. | CPAA GDPR SOX HIPAA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of three elements: - Pie Chart – Displays Changes by Type - Table – Displays Changes by Computer - Table – Displays Computer Change Details | +| Report | Description | Default Tags | Report Elements | +| ------------------------ | ---------------------------------- | ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Computer Account Changes | Track changes to computer objects. | CPAA GDPR SOX HIPAA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of three elements:
  • Pie Chart – Displays Changes by Type
  • Table – Displays Changes by Computer
  • Table – Displays Computer Change Details
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/activity/changes/ad_groupmodifications.md b/docs/accessanalyzer/11.6/solutions/activedirectory/activity/changes/ad_groupmodifications.md index f4baf0c38d..525cb5f55e 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/activity/changes/ad_groupmodifications.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/activity/changes/ad_groupmodifications.md @@ -15,8 +15,11 @@ identify out of band changes. Navigate to the **Jobs** > **Active Directory** > **6.Activity** > **Changes** > **AD_GroupModifications** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_GroupModifications Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/activity/changes/groupmodificationsanalysis.webp) @@ -38,7 +41,8 @@ The following non-configurable analysis tasks are selected by default: In addition to the tables created by the analysis tasks, the AD_GroupModifications Job produces the following pre-configured reports: -| Report | Description | Default Tags | Report Elements | -| ------------------------ | ----------------------------------- | ---------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Group Changes | Tracks changes to group attributes. | CCPA GDPR SOX HIPPA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of three elements: - Pie Chart – Displays changes by type - Table – Displays changes by group - Table – Displays changes by group change details | -| Group Membership Changes | Tracks changes to group membership. | CCPA GDPR SOX HIPPA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of three elements: - Stacked Chart – Displays the most active groups in the past 30 days - Table – Displays group membership summary - Table – Displays group membership change details | +| Report | Description | Default Tags | Report Elements | +| ------------------------ | ----------------------------------- | ---------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Group Changes | Tracks changes to group attributes. | CCPA GDPR SOX HIPPA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of three elements:
  • Pie Chart – Displays changes by type
  • Table – Displays changes by group
  • Table – Displays changes by group change details
| +| Group Membership Changes | Tracks changes to group membership. | CCPA GDPR SOX HIPPA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of three elements:
  • Stacked Chart – Displays the most active groups in the past 30 days
  • Table – Displays group membership summary
  • Table – Displays group membership change details
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/activity/changes/ad_usermodifications.md b/docs/accessanalyzer/11.6/solutions/activedirectory/activity/changes/ad_usermodifications.md index c60bd634e7..61747ad802 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/activity/changes/ad_usermodifications.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/activity/changes/ad_usermodifications.md @@ -13,8 +13,11 @@ The AD_UserModifications Job provides a report of all changes to user objects. Navigate to the **Jobs** > **Active Directory** > **6.Activity** > **Changes** > **AD_UserModifications** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_UserModifications Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/activity/changes/usermodificationsanalysis.webp) @@ -28,6 +31,7 @@ The following non-configurable analysis tasks are selected by default: In addition to the tables created by the analysis tasks, the AD_UserModifications Job produces the following pre-configured reports: -| Report | Description | Default Tags | Report Elements | -| -------------------- | ------------------------------ | ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| User Account Changes | Track changes to user objects. | CCPA GDPR SOX HIPPA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of three elements: - Pie Chart – Displays changes by type - Table – Displays changes by user account - Table – Displays changes by user change details | +| Report | Description | Default Tags | Report Elements | +| -------------------- | ------------------------------ | ---------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| User Account Changes | Track changes to user objects. | CCPA GDPR SOX HIPPA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of three elements:
  • Pie Chart – Displays changes by type
  • Table – Displays changes by user account
  • Table – Displays changes by user change details
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/activity/changes/overview.md b/docs/accessanalyzer/11.6/solutions/activedirectory/activity/changes/overview.md index 881d9ae4ce..885dd271f2 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/activity/changes/overview.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/activity/changes/overview.md @@ -13,7 +13,10 @@ within the environment. The following Jobs make up the Changes Job Group: -**_RECOMMENDED:_** Schedule these jobs to run with the 0.Collection job group. +:::info +Schedule these jobs to run with the 0.Collection job group. +::: + - [AD_ComputerModifications Job](/docs/accessanalyzer/11.6/solutions/activedirectory/activity/changes/ad_computermodifications.md) – Reports on activity relating to changes made on computer objects diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/activity/groupusage/ad_accesschanges.md b/docs/accessanalyzer/11.6/solutions/activedirectory/activity/groupusage/ad_accesschanges.md index 9b8712edc4..fffd408a97 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/activity/groupusage/ad_accesschanges.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/activity/groupusage/ad_accesschanges.md @@ -15,8 +15,11 @@ highlighted, to show potential issues in access sprawl and provisioning. Navigate to the **Jobs** > **Active Directory** > **6.Activity** > **Group Usage** > **AD_AccessChanges** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_AccessChanges Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/activity/groupusage/accesschangesanalysis.webp) @@ -32,6 +35,7 @@ The following non-configurable analysis tasks are selected by default: In addition to the tables created by the analysis tasks, the AD_AccessChanges Job produces the following pre-configured reports: -| Report | Description | Default Tags | Report Elements | -| -------------- | ------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Access Changes | Highlights group membership additions that have created large changes in access within the environment. | CCPA GDPR SOX HIPPA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of three elements: - Bar Chart – Displays largest changes last week - Table – Displays groups by modified access - Table – Displays all group membership changes | +| Report | Description | Default Tags | Report Elements | +| -------------- | ------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Access Changes | Highlights group membership additions that have created large changes in access within the environment. | CCPA GDPR SOX HIPPA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of three elements:
  • Bar Chart – Displays largest changes last week
  • Table – Displays groups by modified access
  • Table – Displays all group membership changes
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/activity/groupusage/ad_grouphosts.md b/docs/accessanalyzer/11.6/solutions/activedirectory/activity/groupusage/ad_grouphosts.md index 8b953aac69..504425a67c 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/activity/groupusage/ad_grouphosts.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/activity/groupusage/ad_grouphosts.md @@ -13,8 +13,11 @@ The AD_GroupHosts Job attempts to identify where groups may be used to provide a Navigate to the **Jobs** > **Active Directory** > **6.Activity** > **GroupUsage** > **AD_GroupHosts** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_GroupHosts Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/activity/groupusage/grouphostsanalysis.webp) @@ -30,6 +33,7 @@ The default analysis tasks are: In addition to the tables created by the analysis tasks, the AD_GroupHosts Job produces the following pre-configured reports: -| Report | Description | Default Tags | Report Elements | -| ---------------- | ------------------------------------------------------------------- | ---------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Group Host Usage | Understand what groups are utilizing what hosts in the environment. | CCPA GDPR SOX HIPPA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of three elements: - Table – Displays security groups by target hosts - Table – Displays hosts by associated groups - Table – Displays authentication details | +| Report | Description | Default Tags | Report Elements | +| ---------------- | ------------------------------------------------------------------- | ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Group Host Usage | Understand what groups are utilizing what hosts in the environment. | CCPA GDPR SOX HIPPA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of three elements:
  • Table – Displays security groups by target hosts
  • Table – Displays hosts by associated groups
  • Table – Displays authentication details
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/activity/groupusage/ad_groupmemberactivity.md b/docs/accessanalyzer/11.6/solutions/activedirectory/activity/groupusage/ad_groupmemberactivity.md index eff7d4619e..3a7177d8c4 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/activity/groupusage/ad_groupmemberactivity.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/activity/groupusage/ad_groupmemberactivity.md @@ -25,9 +25,10 @@ The default analysis task is: In addition to the tables created by the analysis tasks, the AD_GroupMemberActivity Job produces the follow pre-configured report: -| Report | Description | Default Tags | Report Elements | -| --------------------- | ------------------------------------------------------------------------------------------ | ---------------------------------------------------------- | --------------------------------------------------------------------------------- | -| Group Member Activity | This report identifies actions taken by the members of each group within your environment. | CCPA GDPR SOX HIPPA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of one element: - Table – Displays group member activity | +| Report | Description | Default Tags | Report Elements | +| --------------------- | ------------------------------------------------------------------------------------------ | ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------- | +| Group Member Activity | This report identifies actions taken by the members of each group within your environment. | CCPA GDPR SOX HIPPA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of one element:
  • Table – Displays group member activity
| + ### Configure the Group Member Activity Analysis Task @@ -43,7 +44,10 @@ bottom of the SQL Script Editor. Follow the steps to customize an analysis task **Step 2 –** In the Analysis Selection view, select the Group Member Activity analysis task and click on **Analysis Configuration**. The SQL Script Editor opens. -**CAUTION:** Do not change any parameters where the Value states `Created during execution`. +:::warning +Do not change any parameters where the Value states `Created during execution`. +::: + ![Group Member Activity Analysis Task in the SQL Script Editor](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/activity/groupusage/groupmemberactivitysqlscripteditor.webp) diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/activity/groupusage/overview.md b/docs/accessanalyzer/11.6/solutions/activedirectory/activity/groupusage/overview.md index 686a0ef188..780d59793a 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/activity/groupusage/overview.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/activity/groupusage/overview.md @@ -14,7 +14,10 @@ used for authorization in applications. The following Jobs make up the Group Usage Job Group: -**_RECOMMENDED:_** Schedule these jobs to run with the 0.Collection job group. +:::info +Schedule these jobs to run with the 0.Collection job group. +::: + - [AD_AccessChanges Job](/docs/accessanalyzer/11.6/solutions/activedirectory/activity/groupusage/ad_accesschanges.md) – Reports on activity relating to access changes for Active Directory groups, highlighting diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/activity/operations/ad_authenticationprotocol.md b/docs/accessanalyzer/11.6/solutions/activedirectory/activity/operations/ad_authenticationprotocol.md index 7eb88e5a8b..fb646befff 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/activity/operations/ad_authenticationprotocol.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/activity/operations/ad_authenticationprotocol.md @@ -15,8 +15,11 @@ Navigate to the **Active Directory** > **6.Activity** > **Operations** > **AD_AuthenticationProtocol** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_AuthenticationProtocol Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/activity/operations/authenticationprotocolanalysis.webp) @@ -30,6 +33,7 @@ The default analysis tasks are: In addition to the tables created by the analysis tasks, the AD_AuthenticationProtocol Job produces the follow pre-configured reports: -| Report | Description | Default Tags | Report Elements | -| ------------------------ | -------------------------------------------------------------------- | ---------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------- | -| Authentication Protocols | Track the prevalence of NTLM versus Kerberos within the environment. | CCPA GDPR SOX HIPPA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of two elements: - Pie – Displays authentication protocols - Table –  Displays authentication protocols summary | +| Report | Description | Default Tags | Report Elements | +| ------------------------ | -------------------------------------------------------------------- | ---------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Authentication Protocols | Track the prevalence of NTLM versus Kerberos within the environment. | CCPA GDPR SOX HIPPA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of two elements:
  • Pie – Displays authentication protocols
  • Table –  Displays authentication protocols summary
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/activity/operations/ad_domaincontrollertraffic.md b/docs/accessanalyzer/11.6/solutions/activedirectory/activity/operations/ad_domaincontrollertraffic.md index 7ccfce47a4..1c4caa6d83 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/activity/operations/ad_domaincontrollertraffic.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/activity/operations/ad_domaincontrollertraffic.md @@ -17,8 +17,11 @@ Navigate to the **Active Directory** > **6.Activity** > **Operations** > **AD_DomainControllerTraffic** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_DomainControllerTraffic Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/activity/operations/dctrafficanalysis.webp) @@ -30,6 +33,7 @@ The default analysis task is: In addition to the tables created by the analysis tasks, the AD_DomainControllerTraffic Job produces the follow pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ------------------------- | -------------------------------------------------------------------------------------- | ---------------------------------------------------------- | ---------------------------------------------------------------------------------------- | -| Domain Controller Traffic | Identifies the amount of active directory events that occur on each domain controller. | CCPA GDPR SOX HIPPA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of one element: - Table –  Displays a Domain Controller summary | +| Report | Description | Default Tags | Report Elements | +| ------------------------- | -------------------------------------------------------------------------------------- | ---------------------------------------------------------- | -------------------------------------------------------------------------------------------------------- | +| Domain Controller Traffic | Identifies the amount of active directory events that occur on each domain controller. | CCPA GDPR SOX HIPPA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of one element:
  • Table –  Displays a Domain Controller summary
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/activity/operations/ad_hardcodeddcs.md b/docs/accessanalyzer/11.6/solutions/activedirectory/activity/operations/ad_hardcodeddcs.md index 2e2f9dcf59..333a4d29a7 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/activity/operations/ad_hardcodeddcs.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/activity/operations/ad_hardcodeddcs.md @@ -13,8 +13,11 @@ The AD_HardcodedDCs Job highlights machines that have communicated with only one Navigate to the **Active Directory** > **6.Activity** > **Operations** > **AD_HardcodedDCs** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_HardcodedDCs Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/activity/operations/hardcodeddcsanalysis.webp) @@ -27,6 +30,7 @@ The default analysis tasks are: In addition to the tables created by the analysis tasks, the AD_Hardcoded DCs Job produces the follow pre-configured reports: -| Report | Description | Default Tags | Report Elements | -| ------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Hardcoded DCs | This report identifies hosts which may have hardcoded domain controller information in server or application settings. Each host identified in this report has only contacted one domain controller. | CCPA GDPR SOX HIPPA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of three elements: - Pie –  Displays top domain controllers - Table – Displays hardcoded domain controller summary - Table – Displays host details | +| Report | Description | Default Tags | Report Elements | +| ------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Hardcoded DCs | This report identifies hosts which may have hardcoded domain controller information in server or application settings. Each host identified in this report has only contacted one domain controller. | CCPA GDPR SOX HIPPA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of three elements:
  • Pie –  Displays top domain controllers
  • Table – Displays hardcoded domain controller summary
  • Table – Displays host details
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/activity/operations/ad_loadbalancing.md b/docs/accessanalyzer/11.6/solutions/activedirectory/activity/operations/ad_loadbalancing.md index 7e5b80f221..453ac313fb 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/activity/operations/ad_loadbalancing.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/activity/operations/ad_loadbalancing.md @@ -16,8 +16,11 @@ domain controllers which may be decommissioned. Navigate to the **Active Directory** > **6.Activity** > **Operations** > **AD_LoadBalancing** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Task for the AD_LoadBalancing Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/activity/operations/loadbalancinganalysis.webp) @@ -29,6 +32,7 @@ The default analysis task is: In addition to the tables created by the analysis tasks, the AD_LoadBalancing Job produces the follow pre-configured reports: -| Report | Description | Default Tags | Report Elements | -| ------------------ | ------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Domain Controllers | This report identifies the distribution of change events and authentication events between domain controllers in the monitored environment. | CCPA GDPR SOX HIPPA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of three elements: - Bar Chart – Displays top DCs by authentication traffic - Bar Chart – Displays top DCs by change traffic - Table – Displays domain controller traffic details | +| Report | Description | Default Tags | Report Elements | +| ------------------ | ------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Domain Controllers | This report identifies the distribution of change events and authentication events between domain controllers in the monitored environment. | CCPA GDPR SOX HIPPA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of three elements:
  • Bar Chart – Displays top DCs by authentication traffic
  • Bar Chart – Displays top DCs by change traffic
  • Table – Displays domain controller traffic details
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/activity/operations/ad_machineowners.md b/docs/accessanalyzer/11.6/solutions/activedirectory/activity/operations/ad_machineowners.md index 5a28cde7d6..c8d5c3464b 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/activity/operations/ad_machineowners.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/activity/operations/ad_machineowners.md @@ -13,8 +13,11 @@ The AD_MachineOwners Job helps to identify the owner of a particular host. Navigate to the **Active Directory** > **6.Activity** > **Operations** > **AD_MachineOwners** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_MachineOwners Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/activity/operations/machineownersanalysis.webp) @@ -28,6 +31,7 @@ The default analysis tasks are: In addition to the tables created by the analysis tasks, the AD_MachineOwners Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| -------------- | ------------------------------------------------------------- | ---------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | -| Machine Owners | Identify owners of machines based on authentication patterns. | CCPA GDPR SOX HIPPA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of two elements: - Bar Chart– Displays top users by machines owned - Table – Displays machine owners | +| Report | Description | Default Tags | Report Elements | +| -------------- | ------------------------------------------------------------- | ---------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | +| Machine Owners | Identify owners of machines based on authentication patterns. | CCPA GDPR SOX HIPPA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of two elements:
  • Bar Chart– Displays top users by machines owned
  • Table – Displays machine owners
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/activity/operations/overview.md b/docs/accessanalyzer/11.6/solutions/activedirectory/activity/operations/overview.md index 9ea071b137..4552081067 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/activity/operations/overview.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/activity/operations/overview.md @@ -14,7 +14,10 @@ controller traffic and activity, and authentication protocols being used in the The following Jobs make up the Operations Job Group: -**_RECOMMENDED:_** Schedule these jobs to run with the 0.Collection job group. +:::info +Schedule these jobs to run with the 0.Collection job group. +::: + - [AD_AuthenticationProtocol Job](/docs/accessanalyzer/11.6/solutions/activedirectory/activity/operations/ad_authenticationprotocol.md) – Shows what protocols are being used to authenticate across the environment and will help to diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/activity/overview.md b/docs/accessanalyzer/11.6/solutions/activedirectory/activity/overview.md index 6a96eff728..75fcf872d1 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/activity/overview.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/activity/overview.md @@ -14,7 +14,10 @@ injection on domain controllers. The jobs that comprise the 6.Activity Job Group collect data, process analysis tasks, and generate reports. -_Remember,_ this job group requires the Active Directory Activity license. +:::tip +Remember, this job group requires the Active Directory Activity license. +::: + ![6.Activity Job Group in the Jobs Tree](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/activity/jobstree.webp) diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/activity/privilegedaccounts/ad_adminaccounts.md b/docs/accessanalyzer/11.6/solutions/activedirectory/activity/privilegedaccounts/ad_adminaccounts.md index 25632d9e2d..96c52bc28b 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/activity/privilegedaccounts/ad_adminaccounts.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/activity/privilegedaccounts/ad_adminaccounts.md @@ -13,8 +13,11 @@ The AD_AdminAccounts Job shows all actions taken by domain administrators within Navigate to the **Jobs** > **Active Directory** > **6.Activity** > **Privileged Accounts** > **AD_AdminAccounts** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_AdminAccounts Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/activity/privilegedaccounts/adminaccountsanalysis.webp) @@ -30,10 +33,11 @@ The default analysis tasks are: In addition to the tables created by the analysis tasks, the AD_AdminAccounts Job produces the follow pre-configured reports: -| Report | Description | Default Tags | Report Elements | -| --------------------- | ------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Admin Activity | Highlights administrative account activity events. | CCPA GDPR SOX HIPPA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of two elements: - Bar Chart– Displays least active administrators - Table – Displays administrative user activity details | -| Admin Authentications | Authenticating from many different clients increases the risk of Administrator credentials being compromised. | GDPR SOX HIPPA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of three elements: - Bar Chart – Displays the top admin accounts by client usage - Table – Displays all client usage - Table – Displays administrator authentication | +| Report | Description | Default Tags | Report Elements | +| --------------------- | ------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Admin Activity | Highlights administrative account activity events. | CCPA GDPR SOX HIPPA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of two elements:
  • Bar Chart– Displays least active administrators
  • Table – Displays administrative user activity details
| +| Admin Authentications | Authenticating from many different clients increases the risk of Administrator credentials being compromised. | GDPR SOX HIPPA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of three elements:
  • Bar Chart – Displays the top admin accounts by client usage
  • Table – Displays all client usage
  • Table – Displays administrator authentication
| + ### Configure the Summarize Administrative Account Activity Analysis Task @@ -49,7 +53,10 @@ the bottom of the SQL Script Editor. Follow the steps to customize an analysis t **Step 2 –** In the Analysis Selection view, select the **Summarizes Administrative Account Activity** analysis task and click **Analysis Configuration**. The SQL Script Editor opens. -**CAUTION:** Do not change any parameters where the Value states `Created during execution`. +:::warning +Do not change any parameters where the Value states `Created during execution`. +::: + ![Summarizes Administrative Account Activity analysis task in the SQL Script Editor](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/activity/privilegedaccounts/adminaccountssqlscripteditor.webp) diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/activity/privilegedaccounts/ad_serviceaccountauth.md b/docs/accessanalyzer/11.6/solutions/activedirectory/activity/privilegedaccounts/ad_serviceaccountauth.md index eaa430a9f5..01f936f4ab 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/activity/privilegedaccounts/ad_serviceaccountauth.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/activity/privilegedaccounts/ad_serviceaccountauth.md @@ -14,8 +14,11 @@ servicePrincipalName, was active within the environment. Navigate to the **Jobs** > **Active Directory** > **6.Activity** > **Operations** > **AD_ServiceAccountAuth** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Task for the AD_ServiceAccountAuth Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/activity/privilegedaccounts/serviceaccountauthanalysis.webp) @@ -26,6 +29,7 @@ The following non-configurable analysis task is selected by default: In addition to the tables created by the analysis tasks, the AD_ServiceAccountAuth Job produces the follow pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ---------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------- | -| Service Accounts | Because many service accounts may not ever perform a logon, tracking authentication can be a better way to identify stale service accounts. | CCPA GDPR SOX HIPPA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of two elements: - Bar Chart– Displays stale service accounts - Table – Displays account details | +| Report | Description | Default Tags | Report Elements | +| ---------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- | +| Service Accounts | Because many service accounts may not ever perform a logon, tracking authentication can be a better way to identify stale service accounts. | CCPA GDPR SOX HIPPA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of two elements:
  • Bar Chart– Displays stale service accounts
  • Table – Displays account details
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/activity/privilegedaccounts/overview.md b/docs/accessanalyzer/11.6/solutions/activedirectory/activity/privilegedaccounts/overview.md index 85cab16a26..67d2f35a24 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/activity/privilegedaccounts/overview.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/activity/privilegedaccounts/overview.md @@ -13,7 +13,10 @@ potential abuses or unused accounts which can be deprovisioned. The following Jobs make up the Privileged Accounts Job Group: -**_RECOMMENDED:_** Schedule these jobs to run with the 0.Collection job group. +:::info +Schedule these jobs to run with the 0.Collection job group. +::: + - [AD_AdminAccounts Job](/docs/accessanalyzer/11.6/solutions/activedirectory/activity/privilegedaccounts/ad_adminaccounts.md) – Shows all actions taken by domain administrators within the environment being compromised diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/activity/recommended.md b/docs/accessanalyzer/11.6/solutions/activedirectory/activity/recommended.md index 5ec7164d08..d5f02c1d54 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/activity/recommended.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/activity/recommended.md @@ -9,7 +9,7 @@ sidebar_position: 10 The **Active Directory** > **6.Activity** Job Group has been configured by default to run with the out-of-the-box settings. It can be run directly or scheduled. -Dependencies +**Dependencies** - Successfully execute the **.Active Directory Inventory** Job Group - Netwrix Activity Monitor 4.1+ is archiving AD Activity Logs @@ -19,39 +19,42 @@ Dependencies Job Group - (Optional) Successfully execute the **FileSystem** > **0.Collection** Job Group -Targeted Host(s) +**Targeted Host(s)** Netwrix Activity Monitor API Server or the host with the network share housing archived log files. -Connection Profile +**Connection Profile** Connection Profiles must be set directly on the [0.Collection > AD_ActivityCollection Job](/docs/accessanalyzer/11.6/solutions/activedirectory/activity/ad_activitycollection.md) in order to connect to either the SAM API Server or the host with the network share housing the archived log files. -Access Token +**Access Token** Required for SAM API Server integration for the [0.Collection > AD_ActivityCollection Job](/docs/accessanalyzer/11.6/solutions/activedirectory/activity/ad_activitycollection.md). -Scheduling Frequency +**Scheduling Frequency** This group can be scheduled to run as desired. -**_RECOMMENDED:_** Run from the 6.Activity Job Group level in order to correlate 0.Collection job +:::info +Run from the 6.Activity Job Group level in order to correlate 0.Collection job group data with other jobs. +::: -History Retention + +**History Retention** History is not supported. Turning on history will cause issues with data analysis and reporting. -Multi-Console Support +**Multi-Console Support** Multiple Enterprise Auditor Consoles are not supported. This group should be run from a single Enterprise Auditor Console. -Workflow +**Workflow** **Step 1 –** Successfully run the **.Active Directory Inventory** Job Group. diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/ad_securityassessment.md b/docs/accessanalyzer/11.6/solutions/activedirectory/ad_securityassessment.md index 36a7d4cf4f..13eee28e3b 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/ad_securityassessment.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/ad_securityassessment.md @@ -15,7 +15,7 @@ category with corresponding details that can be used to prioritize and remediate ## Recommended Configurations for the AD_SecurityAssessment Job -Dependencies +**Dependencies** One or more of the following job groups or jobs must be run to produce results: @@ -50,26 +50,29 @@ One or more of the following job groups or jobs must be run to produce results: - Windows > Privileged Accounts > Service Accounts > SG_ServiceAccounts -**NOTE:** If any of the above jobs are not completed, the AD_SecurityAssessment job will run but all +:::note +If any of the above jobs are not completed, the AD_SecurityAssessment job will run but all checks will not be assessed. +::: -Target Host + +**Target Host** This job group does not collect data. No target host is required. -Connection Profile +**Connection Profile** No specific Connection Profile is required. -Schedule Frequency +**Schedule Frequency** Scheduled to run as desired -History Retention +**History Retention** History is not supported. Turning on history will cause issues with data analysis and reporting. -Multi-console Support +**Multi-console Support** Multiple StealthAUDIT consoles are not supported. This job should be run from a single StealthAUDIT console. @@ -79,8 +82,11 @@ console. Navigate to the **Jobs** > Active Directory > AD_SecurityAssessment > Configure node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/securityassessmentanalysis.webp) @@ -92,6 +98,7 @@ The following non-configurable analysis task is selected by default: In addition to the tables created by the analysis task, the AD_SecurityAssessment job produces the following preconfigured report: -| Report | Description | Default Tags | Report Elements | -| ---------------------- | ----------------------------------------------------------------------------------------------------------------------------- | ------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| AD Security Assessment | This report identifies security risks within a targeted Active Directory environment based on results of previously run jobs. | GDPR SOX PCI HIPAA | This report is comprised of four elements: - Table – Provides Scope of Audit on domains - Pie Chart – Displays Findings by Severity - Table – Provides Findings by Category - Table – Provides Details on Risk | +| Report | Description | Default Tags | Report Elements | +| ---------------------- | ----------------------------------------------------------------------------------------------------------------------------- | ------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| AD Security Assessment | This report identifies security risks within a targeted Active Directory environment based on results of previously run jobs. | GDPR SOX PCI HIPAA | This report is comprised of four elements:
  • Table – Provides Scope of Audit on domains
  • Pie Chart – Displays Findings by Severity
  • Table – Provides Findings by Category
  • Table – Provides Details on Risk
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/ad_cleanupprogress.md b/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/ad_cleanupprogress.md index 77843139f6..e8e7aff194 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/ad_cleanupprogress.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/ad_cleanupprogress.md @@ -13,7 +13,7 @@ corresponding details that can be used to prioritize and remediate security issu ![AD_CleanupProgress Job in the Jobs Tree](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/cleanupprogressjobstree.webp) -Workflow +**Workflow** **Step 1 –** Ensure the following prerequisites are met: @@ -34,8 +34,11 @@ satisfied. Navigate to the **Active Directory** > **Cleanup** > **AD_CleanupProgress** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the AD_CleanupProgress Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/cleanupprogressanalysis.webp) @@ -47,8 +50,9 @@ The default analysis task is: In addition to the table created by the analysis task, the AD_CleanupProgress Job produces the following pre-configured reports. -| Report | Description | Default Tags | Report Elements | -| ------------------------ | ------------------------------------------------------------------ | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Computer Cleanup Summary | This report tracks Active Directory computer exceptions over time. | None | This report is comprised of two elements: - Line Chart – Displays a daily computer exceptions trend - Table – Provides details on daily computer exceptions | -| Group Cleanup Summary | This report tracks Active Directory group exceptions over time. | None | This report is comprised of two elements: - Line Chart – Displays a daily group exceptions trend - Table – Provides details on daily group exceptions | -| User Cleanup Summary | This report tracks Active Directory user exceptions over time. | None | This report is comprised of two elements: - Line Chart – Displays a daily user exceptions trend - Table – Provides details on daily user exceptions | +| Report | Description | Default Tags | Report Elements | +| ------------------------ | ------------------------------------------------------------------ | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Computer Cleanup Summary | This report tracks Active Directory computer exceptions over time. | None | This report is comprised of two elements:
  • Line Chart – Displays a daily computer exceptions trend
  • Table – Provides details on daily computer exceptions
| +| Group Cleanup Summary | This report tracks Active Directory group exceptions over time. | None | This report is comprised of two elements:
  • Line Chart – Displays a daily group exceptions trend
  • Table – Provides details on daily group exceptions
| +| User Cleanup Summary | This report tracks Active Directory user exceptions over time. | None | This report is comprised of two elements:
  • Line Chart – Displays a daily user exceptions trend
  • Table – Provides details on daily user exceptions
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/computers/ad_deprovisioncomputers.md b/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/computers/ad_deprovisioncomputers.md index e31f418b2e..9da40d7630 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/computers/ad_deprovisioncomputers.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/computers/ad_deprovisioncomputers.md @@ -68,14 +68,20 @@ topic for additional information. Navigate to the **Active Directory** > **Cleanup** > **3.Computers** > **AD_DeprovisionComputers** > **Configure** node and select **Actions** to view the actions. -**CAUTION:** Do not enable the actions unless it is required. Disable the actions after execution to +:::warning +Do not enable the actions unless it is required. Disable the actions after execution to prevent making unintended and potentially harmful changes to Active Directory. +::: + ![Action Tasks for the AD_DeprovisionComputers Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/computers/deprovisioncomputersaction.webp) The action tasks are: -**CAUTION:** The action tasks must be executed together and in order. +:::warning +The action tasks must be executed together and in order. +::: + - Move Computers – Move computers to staging OU for deletion diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/computers/ad_deprovisioncomputers_status.md b/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/computers/ad_deprovisioncomputers_status.md index 3b2304cb50..8c2cc40ffe 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/computers/ad_deprovisioncomputers_status.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/computers/ad_deprovisioncomputers_status.md @@ -15,8 +15,11 @@ Navigate to the **Active Directory** > **Cleanup** > **3.Computers** > **AD_DeprovisionComputers_Status** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for AD_DeprovisionComputers_Status Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/computers/deprovisioncomputersstatusanalysis.webp) @@ -28,6 +31,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis task, the AD_DeprovisionComputers_Status Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ----------------------- | ---------------------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Computer Deprovisioning | This report tracks actions taken each day of the Stale Computer Deprovisioning campaign. | None | This report is comprised of three elements: - Line Chart – Displays cleanup progress - Table – Provides details on computer deprovisioning - Table – Provides action details | +| Report | Description | Default Tags | Report Elements | +| ----------------------- | ---------------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Computer Deprovisioning | This report tracks actions taken each day of the Stale Computer Deprovisioning campaign. | None | This report is comprised of three elements:
  • Line Chart – Displays cleanup progress
  • Table – Provides details on computer deprovisioning
  • Table – Provides action details
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/computers/overview.md b/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/computers/overview.md index 662d9550e1..a5e6716cd1 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/computers/overview.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/computers/overview.md @@ -18,7 +18,7 @@ The jobs in the 3.Computers Job Group are: - [AD_DeprovisionComputers_Status Job](/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/computers/ad_deprovisioncomputers_status.md) – Tracks all actions taken by the included deprovisioning workflow -Workflow +**Workflow** **Step 1 –** Ensure the following prerequisites are met: diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/groups/deprovision/ad_deprovisiongroups.md b/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/groups/deprovision/ad_deprovisiongroups.md index 3c065985fd..09343e4d10 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/groups/deprovision/ad_deprovisiongroups.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/groups/deprovision/ad_deprovisiongroups.md @@ -70,14 +70,20 @@ topic for additional information. Navigate to the **Active Directory** > **Cleanup** > **1.Groups** > **1. Deprovision Groups** > **AD_DeprovisonGroups** > **Configure** node and select **Actions** to view the action tasks. -**CAUTION:** Do not enable the actions unless it is required. Disable the actions after execution to +:::warning +Do not enable the actions unless it is required. Disable the actions after execution to prevent making unintended and potentially harmful changes to Active Directory. +::: + ![Action Tasks for the AD_DepvisionGroups Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/groups/deprovision/deprovisiongroupsaction.webp) The action tasks are: -**CAUTION:** The action tasks must be executed together and in order. +:::warning +The action tasks must be executed together and in order. +::: + - Move Groups – Move groups to staging OU diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/groups/deprovision/ad_deprovisiongroups_status.md b/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/groups/deprovision/ad_deprovisiongroups_status.md index e03158fa5f..26d57ef7a0 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/groups/deprovision/ad_deprovisiongroups_status.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/groups/deprovision/ad_deprovisiongroups_status.md @@ -14,8 +14,11 @@ Navigate to the **Active Directory** > **Cleanup** > **1.Groups** > **1. Deprovi **AD_Deprovision Groups_Status** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis tasks is +:::warning +Do not modify or deselect the selected analysis task. The analysis tasks is preconfigured for this job. +::: + ![Analysis Task for the AD_DeprovisionGroups_Status Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/groups/deprovision/deprovisiongroupsstatusanalysis.webp) @@ -27,6 +30,7 @@ The default analysis task is: In addition to the table created by the analysis task, the AD_DeprovisionGroups_Status Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| -------------------- | ------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Group Deprovisioning | This report tracks actions taken each day of the Stale Group Deprovisioning campaign. | None | This report is comprised of three elements: - Line Chart – Displays cleanup progress - Table – Provides details on cleanup progress - Table – Provides action details | +| Report | Description | Default Tags | Report Elements | +| -------------------- | ------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Group Deprovisioning | This report tracks actions taken each day of the Stale Group Deprovisioning campaign. | None | This report is comprised of three elements:
  • Line Chart – Displays cleanup progress
  • Table – Provides details on cleanup progress
  • Table – Provides action details
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/groups/overview.md b/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/groups/overview.md index f84fe005bc..69157e4be8 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/groups/overview.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/groups/overview.md @@ -33,7 +33,7 @@ The jobs in the 1.Groups Job Group are: provisioned inside the environment. This overwrites the Notes field with data from Enterprise Auditor. -Workflow +**Workflow** **Step 1 –** Ensure the following prerequisites are met: diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/groups/stamping/ad_groupcleanup_permissions.md b/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/groups/stamping/ad_groupcleanup_permissions.md index fdef053ca7..da7bd8ea2a 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/groups/stamping/ad_groupcleanup_permissions.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/groups/stamping/ad_groupcleanup_permissions.md @@ -15,8 +15,11 @@ Navigate to the **Active Directory** > **Cleanup** > **1.Groups** > **2. Group S **AD_GroupCleanup_Permissions** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_GroupCleanup_Permissions Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/groups/stamping/groupcleanuppermissionsanalysis.webp) @@ -44,7 +47,8 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the AD_GroupCleanup_Permissions Job produces the following pre-configured reports. -| Report | Description | Default Tags | Report Elements | -| ------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Group Direct Permission Details | This report shows all direct permissions found by DAG for FileSystem, DAG for SharePoint, or imported into the Access Information Center from other sources. | None | This report is comprised of one element: - Table – Provides group direct permission details | -| Group Permission Summary | This report identifies what types of resources each security group is being used to apply permissions. | None | This report is comprised of four elements: - Table – Provides details on permission scans - Table – Provides details on group access - Table – Provides details on toxic conditions - Table – Provides a group overview | +| Report | Description | Default Tags | Report Elements | +| ------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Group Direct Permission Details | This report shows all direct permissions found by DAG for FileSystem, DAG for SharePoint, or imported into the Access Information Center from other sources. | None | This report is comprised of one element:
  • Table – Provides group direct permission details
| +| Group Permission Summary | This report identifies what types of resources each security group is being used to apply permissions. | None | This report is comprised of four elements:
  • Table – Provides details on permission scans
  • Table – Provides details on group access
  • Table – Provides details on toxic conditions
  • Table – Provides a group overview
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/groups/stamping/ad_groupstamping.md b/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/groups/stamping/ad_groupstamping.md index 10e41d85dd..ee05c3fe4a 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/groups/stamping/ad_groupstamping.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/groups/stamping/ad_groupstamping.md @@ -15,8 +15,11 @@ Auditor. Navigate to the **Active Directory** > **Cleanup** > **1.Groups** > **2. Group Stamping AD_GroupStamping** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_GroupStamping Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/groups/stamping/groupstampinganalysis.webp) @@ -29,9 +32,10 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the AD_GroupStamping Job produces the following pre-configured reports. -| Report | Description | Default Tags | Report Elements | -| -------------- | ------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Group Stamping | This report tracks all actions taken with the included group stamping workflow. | None | This report is comprised of three elements: - Line Chart – Displays daily actions - Table – Provides details on daily actions - Table – Provides action details | +| Report | Description | Default Tags | Report Elements | +| -------------- | ------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Group Stamping | This report tracks all actions taken with the included group stamping workflow. | None | This report is comprised of three elements:
  • Line Chart – Displays daily actions
  • Table – Provides details on daily actions
  • Table – Provides action details
| + ## Action Tasks for the AD_GroupStamping Job diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/overview.md b/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/overview.md index c49ec117d2..9ed0e1a904 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/overview.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/overview.md @@ -10,12 +10,18 @@ The **Active Directory** > **Cleanup** Job Group identifies potential stale and computers, and groups as well as issues with group membership. Remediation workflows are included to deprovision unnecessary objects. -**CAUTION:** Apply changes only to intended target Active Directory objects, and ensure only the +:::warning +Apply changes only to intended target Active Directory objects, and ensure only the changes required are enabled. Enabling and executing action modules without consideration can negatively impact Active Directory. +::: -**_RECOMMENDED:_** Run the actions in a test environment before making changes to a production + +:::info +Run the actions in a test environment before making changes to a production environment. +::: + ![Cleanup Job Group Overview page](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/overviewpage.webp) diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/recommended.md b/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/recommended.md index c97db90adf..4ae21882f5 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/recommended.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/recommended.md @@ -8,7 +8,7 @@ sidebar_position: 10 The recommended configurations for the Cleanup Job Group are: -Dependencies +**Dependencies** The Cleanup job group has the following prerequisites: @@ -26,19 +26,19 @@ The Cleanup job group has the following prerequisites: Individual jobs and job groups within the Cleanup Job Group may have their own prerequisites and dependencies. See the relevant job or job group topic for additional information. -Target Hosts +**Target Hosts** None -Schedule Frequency +**Schedule Frequency** Most of the jobs in this job group can be scheduled to run as desired. The AD_Cleanup Progress Job should be scheduled to run every day. -History Retention +**History Retention** Not supported -Multi-console Support +**Multi-console Support** Not supported diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/users/ad_deprovisionusers.md b/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/users/ad_deprovisionusers.md index 3897b5fa39..cea5ac58ca 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/users/ad_deprovisionusers.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/users/ad_deprovisionusers.md @@ -73,14 +73,20 @@ topic for additional information. Navigate to the **Active Directory** > **Cleanup** > **2.Users** > **AD_DeprovisionUsers** > **Configure** node and select **Actions** to view the actions. -**CAUTION:** Do not enable the actions unless it is required. Disable the actions after execution to +:::warning +Do not enable the actions unless it is required. Disable the actions after execution to prevent making unintended and potentially harmful changes to Active Directory. +::: + ![Action Tasks for the AD_DeprovisionUsers Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/users/deprovisionusersaction.webp) The action tasks are: -**CAUTION:** The action tasks must be executed together and in order. +:::warning +The action tasks must be executed together and in order. +::: + - Move Users – Move users to staging OU for deletion diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/users/ad_deprovisionusers_status.md b/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/users/ad_deprovisionusers_status.md index 430791588e..dc8b444b5a 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/users/ad_deprovisionusers_status.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/users/ad_deprovisionusers_status.md @@ -13,8 +13,11 @@ The AD_DeprovisionUsers_Status Job tracks all actions taken by the included depr Navigate to the **Active Directory** > **Cleanup** > **2.Users** > **AD_DeprovisionUsers_Status** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the AD_DeprovisionUsers_Status Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/users/deprovisionusersstatusanalysis.webp) @@ -26,6 +29,7 @@ The default analysis task is: In addition to the tables and views created by the analysis task, the AD_DeprovisionUsers_Status Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ------------------- | ------------------------------------------------------------------------------------ | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| User Deprovisioning | This report tracks actions taken each day of the Stale User Deprovisioning campaign. | None | This report is comprised of three elements: - Line Chart – Displays cleanup progress - Table – Provides details on user deprovisioning - Table – Provides action details | +| Report | Description | Default Tags | Report Elements | +| ------------------- | ------------------------------------------------------------------------------------ | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| User Deprovisioning | This report tracks actions taken each day of the Stale User Deprovisioning campaign. | None | This report is comprised of three elements:
  • Line Chart – Displays cleanup progress
  • Table – Provides details on user deprovisioning
  • Table – Provides action details
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/users/overview.md b/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/users/overview.md index 4f06319b68..2f5566ba8e 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/users/overview.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/users/overview.md @@ -17,7 +17,7 @@ The jobs in the 2.Users Job Group are: - [AD_DeprovisionUsers_Status Job](/docs/accessanalyzer/11.6/solutions/activedirectory/cleanup/users/ad_deprovisionusers_status.md) – Tracks and reports all actions taken by the included Deprovisioning workflow -Workflow +**Workflow** **Step 1 –** Ensure the following prerequisites are met: diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/computers/ad_computerdelegation.md b/docs/accessanalyzer/11.6/solutions/activedirectory/computers/ad_computerdelegation.md index e87007310a..de43e6d6b7 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/computers/ad_computerdelegation.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/computers/ad_computerdelegation.md @@ -19,8 +19,11 @@ blog article for more information about this configuration and the related secur Navigate to the **Active Directory** > **3.Computers** > **AD_ComputerDelegation** > Configure node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the analysis task. The analysis task is preconfigured for +:::warning +Do not modify or deselect the analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Task for the AD_ComputerDelegation Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/computers/computerdelegationanalysis.webp) @@ -32,6 +35,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis task, the AD_ComputerDelegation Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Computers Trusted for Delegation | This report highlights which computers are trusted for delegation, which accounts are sensitive, and whether the delegation is constrained or unconstrained. | None | This report is comprised of three elements: - Stacked Bar Chart – Displays computers trusted for delegation by domain - Table – Provides details on computers trusted for delegation - Table – Provides details on computers trusted for delegation by domain | +| Report | Description | Default Tags | Report Elements | +| -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Computers Trusted for Delegation | This report highlights which computers are trusted for delegation, which accounts are sensitive, and whether the delegation is constrained or unconstrained. | None | This report is comprised of three elements:
  • Stacked Bar Chart – Displays computers trusted for delegation by domain
  • Table – Provides details on computers trusted for delegation
  • Table – Provides details on computers trusted for delegation by domain
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/computers/ad_stalecomputers.md b/docs/accessanalyzer/11.6/solutions/activedirectory/computers/ad_stalecomputers.md index 0308a364b0..d03cf6a3ca 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/computers/ad_stalecomputers.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/computers/ad_stalecomputers.md @@ -29,38 +29,43 @@ topic for additional information. Navigate to the **Active Directory** > **3.Computers** > **AD_StaleComputers** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the **2. Summarize by Domain** analysis task. This analysis +:::warning +Do not modify or deselect the **2. Summarize by Domain** analysis task. This analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the AD_StaleComputers Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/computers/stalecomputersanalysis.webp) The default analysis tasks are: -- 1. Identify Stale Computers +- **1. Identify Stale Computers** - Identifies computer objects that are disabled or have exceeded the defined threshold of inactivity - Creates the SA_AD_StaleComputers_Details table accessible under the job’s Results node - Definition of a stale computer can be customized -- 2. Summarize by Domain – Creates the SA_AD_StaleComputers_DomainSummay table accessible under +- **2. Summarize by Domain** – Creates the SA_AD_StaleComputers_DomainSummay table accessible under the job’s Results node In addition to the tables and views created by the analysis tasks, the AD_StaleComputers Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| --------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Stale Computers | This report presents potentially stale computers. Computers are considered stale if they have never logged onto the domain, have not logged onto the domain in the past 90 days, or are disabled. **NOTE:** The definition of a stale computer is customizable. | None | This report is comprised of three elements: - Stacked Bar Chart – Displays stale computers by domain - Table – Provides details on computers - Table – Provides summary of stale computers | +| Report | Description | Default Tags | Report Elements | +| --------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Stale Computers | This report presents potentially stale computers. Computers are considered stale if they have never logged onto the domain, have not logged onto the domain in the past 90 days, or are disabled.
**NOTE:** The definition of a stale computer is customizable. | None | This report is comprised of three elements:
  • Stacked Bar Chart – Displays stale computers by domain
  • Table – Provides details on computers
  • Table – Provides summary of stale computers
| + ### Customizable Analysis Parameters for the AD_StaleComputers Job Analysis parameters that can be customized have the following default values: -| Analysis Task | Customizable Parameter Name | Default Value | Value Indicates | -| --------------------------- | --------------------------- | ------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------- | -| 1. Identify Stale Computers | @days_since_last_logon | 90 | A computer object that has been inactive for 90 days or more | -| 1. Identify Stale Computers | @consider_disable | 1 | A computer object that has been disabled: - Value 1 = Disabled computers are included as stale - Value 0 = Disabled computers are not included as stale | +| Analysis Task | Customizable Parameter Name | Default Value | Value Indicates | +| --------------------------- | --------------------------- | ------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| 1. Identify Stale Computers | @days_since_last_logon | 90 | A computer object that has been inactive for 90 days or more | +| 1. Identify Stale Computers | @consider_disable | 1 | A computer object that has been disabled:
  • Value 1 = Disabled computers are included as stale
  • Value 0 = Disabled computers are not included as stale
| + See the [Configure the Customizable Parameters in an Analysis Task](/docs/accessanalyzer/11.6/admin/jobs/job/configure/analysis/analysiscustomizableparameters.md) diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/computers/recommended.md b/docs/accessanalyzer/11.6/solutions/activedirectory/computers/recommended.md index 80db337031..521cf0da01 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/computers/recommended.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/computers/recommended.md @@ -9,31 +9,34 @@ sidebar_position: 10 The **Active Directory** > **3.Computers** Job Group has been configured by default to run with the default settings. It can be run directly or scheduled. -Dependencies +**Dependencies** The **.Active Directory Inventory** Job Group needs to be successfully executed prior to running this job group. -Target Host +**Target Host** This job group does not collect data. No target host is required. -Connection Profile +**Connection Profile** This job group does not collect data. No specific Connection Profile is required. -Schedule Frequency +**Schedule Frequency** The data analyzed by the 3.Computers Job Group jobs is collected by the .Active Directory Inventory Job Group. Therefore, it is recommended to schedule these jobs to run after the .Active Directory Inventory job group collection has completed. These jobs can be scheduled to run as desired. -Run at the Job Group Level +**Run at the Job Group Level** -**_RECOMMENDED:_** Run the jobs in the 3.Computers Job Group together and in order by running the +:::info +Run the jobs in the 3.Computers Job Group together and in order by running the entire job group, instead of the individual jobs. +::: -Analysis Configuration + +**Analysis Configuration** The 3.Computers Job Group should be run with the default analysis configurations. Most of the analysis tasks are preconfigured for this Job Group. @@ -43,7 +46,7 @@ Some analysis tasks have customizable parameters: - The **Active Directory** > **3.Computers** > **AD_StaleComputers** Job defines stale users. The parameters can be customized. -Workflow +**Workflow** **Step 1 –** Prerequisite: Successful execution of the .Active Directory Inventory Job Group. diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/domains/ad_dcsummary.md b/docs/accessanalyzer/11.6/solutions/activedirectory/domains/ad_dcsummary.md index aaf2900e05..f24ad1ae00 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/domains/ad_dcsummary.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/domains/ad_dcsummary.md @@ -15,8 +15,11 @@ bridgehead server, whether it is a global catalog, and the time server it syncs Navigate to the **Active Directory > 5.Domains > AD_DCSummary > Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task(s). The analysis task(s) are +:::warning +Do not modify or deselect the selected analysis task(s). The analysis task(s) are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/domains/dcsummaryanalysis.webp) @@ -30,6 +33,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis task, the AD_DCSummary Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| --------------------------- | ----------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Domain Controllers Overview | This report identifies domain controllers' roles and attributes within each domain. | None | This report is comprised of two elements: - Bar Chart – Displays domain controllers by domain - Table – Provides details on domain controllers by domain | +| Report | Description | Default Tags | Report Elements | +| --------------------------- | ----------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Domain Controllers Overview | This report identifies domain controllers' roles and attributes within each domain. | None | This report is comprised of two elements:
  • Bar Chart – Displays domain controllers by domain
  • Table – Provides details on domain controllers by domain
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/domains/ad_domaininfo.md b/docs/accessanalyzer/11.6/solutions/activedirectory/domains/ad_domaininfo.md index 92d884dbd0..1780735a76 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/domains/ad_domaininfo.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/domains/ad_domaininfo.md @@ -15,7 +15,10 @@ functional levels, and types and directions of trusts. The AD_DomainInfo Job uses the ActiveDirectory Data Collector and the LDAP Data Collector for the following queries: -**CAUTION:** Do not modify the queries. The queries are preconfigured for this job. +:::warning +Do not modify the queries. The queries are preconfigured for this job. +::: + ![Query Selection](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/domains/domaininfoquery.webp) @@ -27,16 +30,22 @@ The queries for this job are: - Trust Filtering – Queries the host specified to retrieve domain trust information - dSHeuristics – Returns dSHeuristics Unicode string using LDAP -**NOTE:** See the Active Directory Data Collector and LDAP Data Collector sections for additional +:::note +See the Active Directory Data Collector and LDAP Data Collector sections for additional information +::: + ## Analysis Tasks for the AD_DomainInfo Job Navigate to the **Active Directory > 5.Domains > AD_DomainInfo > Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/domains/domaininfoanalysis.webp) @@ -54,8 +63,9 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the AD_DomainInfo Job produces the following pre-configured reports: -| Report | Description | Default Tags | Report Elements | -| ------- | ----------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------- | -| Domains | This report lists the forest sites and presents the total number of domain controllers, GC Servers, and users per site. | None | This report is comprised of two elements: - Stacked Bar Chart – Displays domains - Table – Provides details on domains | -| Sites | This report lists the sites and counts the domain controllers, global catalogue servers, and users of each. | None | This report is comprised of two elements: - Bar Chart – Displays sites by user count - Table – Provides details on sites by user count | -| Trusts | This report lists the domains and presents the trust information, including type, direction, and transitivity. | None | This report is comprised of one elements: - Table – Provides details on domains and trusts | +| Report | Description | Default Tags | Report Elements | +| ------- | ----------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Domains | This report lists the forest sites and presents the total number of domain controllers, GC Servers, and users per site. | None | This report is comprised of two elements:
  • Stacked Bar Chart – Displays domains
  • Table – Provides details on domains
| +| Sites | This report lists the sites and counts the domain controllers, global catalogue servers, and users of each. | None | This report is comprised of two elements:
  • Bar Chart – Displays sites by user count
  • Table – Provides details on sites by user count
| +| Trusts | This report lists the domains and presents the trust information, including type, direction, and transitivity. | None | This report is comprised of one elements:
  • Table – Provides details on domains and trusts
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/domains/ad_dsrmsettings.md b/docs/accessanalyzer/11.6/solutions/activedirectory/domains/ad_dsrmsettings.md index 60e5975e06..4af4cd9c59 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/domains/ad_dsrmsettings.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/domains/ad_dsrmsettings.md @@ -17,8 +17,11 @@ security vulnerability. Additional information on this registry key is available Navigate to the **Active Directory > 5.Domains > AD_DSRMSettings > Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task(s). The analysis task(s) are +:::warning +Do not modify or deselect the selected analysis task(s). The analysis task(s) are preconfigured for this job. +::: + ![dsrmsettingsanalysis](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/domains/dsrmsettingsanalysis.webp) @@ -32,6 +35,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the AD_DSRMSettings Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------- | -| DSRM Admin Security | This report highlights domain controller registry settings for the DSRMAdminLogonBehavior key. If this key is set to 1 or 2, the DSRM Admin account can be used to log in to the domain controller even if it has not been started in DSRM. This is a potential vulnerability. See the Microsoft [Restartable AD DS Step-by-Step Guide](https://technet.microsoft.com/en-us/library/cc732714(v=ws.10).aspx) for additional information. | None | This report is comprised of two elements: - Pie Chart – Displays DSRM admin logon  by domain controller - Table – Provides details on domain controllers | +| Report | Description | Default Tags | Report Elements | +| ------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| DSRM Admin Security | This report highlights domain controller registry settings for the DSRMAdminLogonBehavior key. If this key is set to 1 or 2, the DSRM Admin account can be used to log in to the domain controller even if it has not been started in DSRM. This is a potential vulnerability. See the Microsoft [Restartable AD DS Step-by-Step Guide](https://technet.microsoft.com/en-us/library/cc732714(v=ws.10).aspx) for additional information. | None | This report is comprised of two elements:
  • Pie Chart – Displays DSRM admin logon  by domain controller
  • Table – Provides details on domain controllers
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/domains/collection/ad_domaincontrollers.md b/docs/accessanalyzer/11.6/solutions/activedirectory/domains/collection/ad_domaincontrollers.md index 9ffefd8f9d..d19ffdb97d 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/domains/collection/ad_domaincontrollers.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/domains/collection/ad_domaincontrollers.md @@ -14,8 +14,11 @@ analyzed in order to provide information on domains, sites, and trusts. The AD_DomainControllers Job uses the LDAP Data Collector and the ActiveDirectory Data Collector for the following queries: -**CAUTION:** Except the first query, do not modify the remaining queries. The remaining queries are +:::warning +Except the first query, do not modify the remaining queries. The remaining queries are preconfigured for this job. +::: + ![Query Selection](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/domains/collection/domaincontrollersquery.webp) @@ -35,15 +38,21 @@ The queries for this job are: - Preferred Bridgehead Servers – Targets one domain controller per domain known to Enterprise Auditor to list the preferred bridgehead servers for each site - **NOTE:** See the Active Directory Data Collector and LDAP Data Collector sections for + :::note + See the Active Directory Data Collector and LDAP Data Collector sections for additional information. + ::: + ### Connect Securely with TLS/SSL The Domain Controller Listing Query in the AD_DomainControllers Job is configured to use the LDAP Data Collector. This query can be optionally configured to connect securely with TLS/SSL. -**CAUTION:** Do not modify any other settings in this query. +:::warning +Do not modify any other settings in this query. +::: + **Step 1 –** Navigate to the job’s > **Configure** node and select **Queries**. diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/domains/collection/ad_dsrm.md b/docs/accessanalyzer/11.6/solutions/activedirectory/domains/collection/ad_dsrm.md index 76d93de0a9..629a722f8b 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/domains/collection/ad_dsrm.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/domains/collection/ad_dsrm.md @@ -16,7 +16,10 @@ potential security vulnerability. Additional information on this registry key is The AD_TimeSync Job uses the Registry Data Collector for the following query: -**CAUTION:** Do not modify this query. The query is preconfigured for this job. +:::warning +Do not modify this query. The query is preconfigured for this job. +::: + ![Query Selection](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/domains/collection/dsrmquery.webp) diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/domains/collection/ad_timesync.md b/docs/accessanalyzer/11.6/solutions/activedirectory/domains/collection/ad_timesync.md index 0db40664db..52ab6cb129 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/domains/collection/ad_timesync.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/domains/collection/ad_timesync.md @@ -13,7 +13,10 @@ domain controller within the domain. The AD_TimeSync Job uses the Registry Data Collector for the following query: -**CAUTION:** Do not modify this query. The query is preconfigured for this job. +:::warning +Do not modify this query. The query is preconfigured for this job. +::: + ![Query Selection](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/domains/collection/timesyncquery.webp) diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/domains/recommended.md b/docs/accessanalyzer/11.6/solutions/activedirectory/domains/recommended.md index de3f3257f3..c4d52f12aa 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/domains/recommended.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/domains/recommended.md @@ -9,11 +9,11 @@ sidebar_position: 10 The **Active Directory > 5.Domains** job group has been configured by default to run with the default settings. It can be run directly or scheduled. -Dependencies +**Dependencies** This job group does not have dependencies. -Targeted Hosts +**Targeted Hosts** The **AD_DomainControllers** job has been configured to inherit its host from the **5.Domains > 0.Collection > Settings > Host List Assignment** node. It is set to target the ONE DOMAIN CONTROLLER @@ -30,21 +30,24 @@ The **5.Domains > AD_DomainInfo** job needs to be set to run against the followi - Custom host list with one domain controller per forest -Connection Profile +**Connection Profile** A Connection Profile should be assigned at the **5.Domains > Settings > Connection** node with Domain Administrator privileges. -Schedule Frequency +**Schedule Frequency** This job group can be scheduled to run as desired. -Run at the Job Group Level +**Run at the Job Group Level** -**_RECOMMENDED:_** Run the jobs in the **5.Domains** job group together and in order by running the +:::info +Run the jobs in the **5.Domains** job group together and in order by running the entire job group, instead of the individual jobs. +::: -Query Configuration + +**Query Configuration** The 5.Domains > 0.Collection > AD_DomainControllers job should be run with the default query configurations. Most of these queries are preconfigured for this Job Group and should not be @@ -55,7 +58,7 @@ The following query can be modified to use a secure connection with TLS/SSL: - Domain Controller Listing Query which uses the [LDAP Data Collector](/docs/accessanalyzer/11.6/admin/datacollector/ldap.md) -Workflow +**Workflow** **Step 1 –** Set the host on the AD_DomainInfo job. diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/grouppolicy/ad_cpassword.md b/docs/accessanalyzer/11.6/solutions/activedirectory/grouppolicy/ad_cpassword.md index 8801441502..a292e2aaea 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/grouppolicy/ad_cpassword.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/grouppolicy/ad_cpassword.md @@ -20,7 +20,10 @@ once this policy has been removed. The AD_CPassword Job uses the PowerShell Data Collector for the following query: -**CAUTION:** Do not modify the query. The query is preconfigured for this job +:::warning +Do not modify the query. The query is preconfigured for this job +::: + ![Query for the AD_CPassword Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/grouppolicy/cpasswordquery.webp) @@ -36,6 +39,7 @@ The queries for this job are: In addition to the tables created by the data collector, the AD_CPassword Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ----------------------------- | ---------------------------------------------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------- | -| Potential Plaintext Passwords | This report highlights domain contollers where this vulnerability exists, and provides the path of the XML file in question. | None | This report is comprised of one elements: - Table – Provides details on potential plaintext passwords | +| Report | Description | Default Tags | Report Elements | +| ----------------------------- | ---------------------------------------------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------- | +| Potential Plaintext Passwords | This report highlights domain contollers where this vulnerability exists, and provides the path of the XML file in question. | None | This report is comprised of one elements:
  • Table – Provides details on potential plaintext passwords
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/grouppolicy/ad_grouppolicy.md b/docs/accessanalyzer/11.6/solutions/activedirectory/grouppolicy/ad_grouppolicy.md index 53f20d1f3e..a2c5695c66 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/grouppolicy/ad_grouppolicy.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/grouppolicy/ad_grouppolicy.md @@ -13,7 +13,10 @@ provides details on the containers they are linked to, and the settings that are The AD_GroupPolicy Job uses the GroupPolicy Data Collector for the following query: -**CAUTION:** Do not modify the queries. The queries are preconfigured for this job. +:::warning +Do not modify the queries. The queries are preconfigured for this job. +::: + ![Queries for the AD_GroupPolicy Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/grouppolicy/grouppolicyquery.webp) @@ -31,22 +34,26 @@ The queries for this job are: Navigate to the **Active Directory** > **4.GroupPolicy** > **AD_GroupPolicy** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_GroupPolicy Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/grouppolicy/grouppolicyanalysis.webp) The default analysis tasks are: -- 1. Group Policy Analysis – Creates an interim processing table in the database for use by +- **1. Group Policy Analysis** – Creates an interim processing table in the database for use by downstream analysis and report generation -- 2. Combined User and Computer Settings – Creates the SA_AD_GroupPolicy_SettingList table +- **2. Combined User and Computer Settings** – Creates the SA_AD_GroupPolicy_SettingList table accessible under the job’s Results node In addition to the tables and views created by the analysis tasks, the AD_GroupPolicy Job produces the following pre-configured reports: -| Report | Description | Default Tags | Report Elements | -| ------------ | -------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| GPO Details | This report lists all Group Policies and their settings. | None | This report is comprised of four elements: - Bar Chart – Displays GPO count by domain - Table – Provides details on policies by domain - Table – Provides details on GPO count by domain - Table – Provides details on settings | -| GPO Overview | This report lists all Group Policies and their settings. | None | This report is comprised of three elements: - Bar Chart – Displays GPO configuration by domain - Table – Provides details on GPOs - Table – Provides details on GPO configuration by domain | +| Report | Description | Default Tags | Report Elements | +| ------------ | -------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| GPO Details | This report lists all Group Policies and their settings. | None | This report is comprised of four elements:
  • Bar Chart – Displays GPO count by domain
  • Table – Provides details on policies by domain
  • Table – Provides details on GPO count by domain
  • Table – Provides details on settings
| +| GPO Overview | This report lists all Group Policies and their settings. | None | This report is comprised of three elements:
  • Bar Chart – Displays GPO configuration by domain
  • Table – Provides details on GPOs
  • Table – Provides details on GPO configuration by domain
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/grouppolicy/ad_overlappinggpos.md b/docs/accessanalyzer/11.6/solutions/activedirectory/grouppolicy/ad_overlappinggpos.md index 5ec6b90df7..cbcaedb3c9 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/grouppolicy/ad_overlappinggpos.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/grouppolicy/ad_overlappinggpos.md @@ -14,8 +14,11 @@ These GPO settings should be cleaned up or consolidated. Navigate to the **Active Directory** > **4. Group Policy** > **AD_OverlappingGPOs** > **Configure** node and select Analysis to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected first analysis task. The first analysis task is +:::warning +Do not modify or deselect the selected first analysis task. The first analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the AD_OverlappingGPOs Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/grouppolicy/overlappinggposanalysis.webp) @@ -26,7 +29,10 @@ The default analysis tasks are: The following analysis tasks are deselected by default: -**NOTE:** Deselect the **Conflicting** analysis task before selecting the analysis tasks below. +:::note +Deselect the **Conflicting** analysis task before selecting the analysis tasks below. +::: + - Redundant – Restores the SA_AD_OverlappingGPOs_Redundant table to be visible under the job’s Results node @@ -42,7 +48,8 @@ The following analysis tasks are deselected by default: In addition to the tables and views created by the analysis tasks, the AD_OverlappingGPOs Job produces the following pre-configured reports: -| Report | Description | Default Tags | Report Elements | -| ---------------- | ----------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Conflicting GPOs | This report lists group policy objects that apply conflicting settings. | None | This report is comprised of four elements: - Bar Chart – Displays GPOs by conflicts - Table – Provides details on GPOs by conflicts - Table – Provides details on GPOs Details - Table – Provides details on OUs with conflicting GPOs | -| Redundant GPOs | This report lists group policy objects that apply redundant settings. | None | This report is comprised of four elements: - Bar Chart – Displays GPOs by redundant children - Table – Provides details on GPOs by redundant children - Table – Provides details on overlapping GPOs - Table – Provides details on OUs with most redundancies | +| Report | Description | Default Tags | Report Elements | +| ---------------- | ----------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Conflicting GPOs | This report lists group policy objects that apply conflicting settings. | None | This report is comprised of four elements:
  • Bar Chart – Displays GPOs by conflicts
  • Table – Provides details on GPOs by conflicts
  • Table – Provides details on GPOs Details
  • Table – Provides details on OUs with conflicting GPOs
| +| Redundant GPOs | This report lists group policy objects that apply redundant settings. | None | This report is comprised of four elements:
  • Bar Chart – Displays GPOs by redundant children
  • Table – Provides details on GPOs by redundant children
  • Table – Provides details on overlapping GPOs
  • Table – Provides details on OUs with most redundancies
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/grouppolicy/ad_passwordpolicies.md b/docs/accessanalyzer/11.6/solutions/activedirectory/grouppolicy/ad_passwordpolicies.md index d4de1c6598..5c17007784 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/grouppolicy/ad_passwordpolicies.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/grouppolicy/ad_passwordpolicies.md @@ -14,7 +14,10 @@ different password policies within a single domain. The AD_PasswordPolicies Job uses the LDAP Data Collector for the following query: -**CAUTION:** Do not modify the query. The query is preconfigured for this job. +:::warning +Do not modify the query. The query is preconfigured for this job. +::: + ![Query for the AD_PasswordPolicies Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/grouppolicy/passwordpoliciesquery.webp) @@ -32,8 +35,11 @@ The query for this job is: Navigate to the **Active Directory** > **4.GroupPolicy** > **AD_PasswordPolicies** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Task for the AD_PasswordPolicies Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/grouppolicy/passwordpoliciesanalysis.webp) @@ -45,6 +51,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis task, the AD_UserDelegation Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ------------------------------ | ----------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------- | -| Fine-Grained Password Policies | This report highlights fine-grained password policies on all targeted domain controllers. | None | This report is comprised of one element: - Table – Provides details on fine-grained password policy details | +| Report | Description | Default Tags | Report Elements | +| ------------------------------ | ----------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------- | +| Fine-Grained Password Policies | This report highlights fine-grained password policies on all targeted domain controllers. | None | This report is comprised of one element:
  • Table – Provides details on fine-grained password policy details
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/grouppolicy/recommended.md b/docs/accessanalyzer/11.6/solutions/activedirectory/grouppolicy/recommended.md index 38114f231a..4db5174f78 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/grouppolicy/recommended.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/grouppolicy/recommended.md @@ -9,11 +9,11 @@ sidebar_position: 10 The **Active Directory** > **4.Group Policy** Job Group has been configured to run with the default settings. It can be run directly or scheduled. -Dependencies +**Dependencies** This job group does not have dependencies. -Targeted Hosts +**Targeted Hosts** The AD_GroupPolicy Job has been configured to inherit its host from the **4.Group Policy** > **Settings** > **Host List Assignment** node. It is set to target the **Default domain controller** @@ -27,23 +27,26 @@ The **Default domain controller** and **ONE DOMAIN CONTROLLER PER DOMAIN** host host lists based on the host inventory value in the **isDomainController** field in the Host Master Table. -Connection Profile +**Connection Profile** A Connection Profile must be set directly on the collection jobs with Domain Administrator privileges. -Schedule Frequency +**Schedule Frequency** This job group can be scheduled to run as desired. -Run at the Job Group Level +**Run at the Job Group Level** -**_RECOMMENDED:_** Run the jobs in the 4.Group Policy Job Group together and in order by running the +:::info +Run the jobs in the 4.Group Policy Job Group together and in order by running the entire job group, instead of the individual jobs. However, these jobs can be run independently, with the exception of the AD_OverlappingGPOs Job, which is dependent upon the AD_GroupPolicy Job for data collection. +::: -Workflow + +**Workflow** **Step 1 –** Run a host discovery query to discover domain controllers. diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/groups/ad_circularnesting.md b/docs/accessanalyzer/11.6/solutions/activedirectory/groups/ad_circularnesting.md index 0b688df2fa..feefff68c8 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/groups/ad_circularnesting.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/groups/ad_circularnesting.md @@ -14,8 +14,11 @@ pose administrative and operational challenges with identifying effective access Navigate to the **Active Directory** > **1.Groups** > **AD_CircularNesting** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_CircularNesting Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/groups/circularnestinganalysis.webp) @@ -29,6 +32,7 @@ The default analysis tasks are : In addition to the tables and views created by the analysis tasks, the AD_CircularNesting Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ---------------- | ---------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Circular Nesting | This report identifies instances of circular nesting within the environment. | None | This report is comprised of three elements: - Bar Chart – Displays circular nesting by domain - Table – Provides details on circular nesting - Table – Provides details on circular nesting by domain | +| Report | Description | Default Tags | Report Elements | +| ---------------- | ---------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Circular Nesting | This report identifies instances of circular nesting within the environment. | None | This report is comprised of three elements:
  • Bar Chart – Displays circular nesting by domain
  • Table – Provides details on circular nesting
  • Table – Provides details on circular nesting by domain
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/groups/ad_dclogongroups.md b/docs/accessanalyzer/11.6/solutions/activedirectory/groups/ad_dclogongroups.md index ce74ef6fef..bc466e577a 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/groups/ad_dclogongroups.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/groups/ad_dclogongroups.md @@ -16,8 +16,11 @@ limited to only those individuals who require this level of administrative privi Navigate to the **Active Directory** > **1.Groups** > **AD_DCLogonGroups** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_DCLogonGroups Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/groups/dclogongroupsanalysis.webp) @@ -33,6 +36,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the AD_CircularNesting Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ------------------------------ | --------------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Domain Controller Logon Rights | This report displays effective membership for groups with logon rights to domain controllers. | None | This report is comprised of three elements: - Stacked Bar Chart – Displays largest groups - Table – Provides details on membership - Table – Provides summary of membership | +| Report | Description | Default Tags | Report Elements | +| ------------------------------ | --------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Domain Controller Logon Rights | This report displays effective membership for groups with logon rights to domain controllers. | None | This report is comprised of three elements:
  • Stacked Bar Chart – Displays largest groups
  • Table – Provides details on membership
  • Table – Provides summary of membership
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/groups/ad_duplicategroups.md b/docs/accessanalyzer/11.6/solutions/activedirectory/groups/ad_duplicategroups.md index 98b5dc9a29..129d955b2c 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/groups/ad_duplicategroups.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/groups/ad_duplicategroups.md @@ -14,8 +14,11 @@ the same group membership as one another and are suitable candidates for cleanup Navigate to the **Active Directory** > **1.Groups** > **AD_DuplicateGroups** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Task for the AD_DuplicateGroups Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/groups/duplicategroupsanalysis.webp) @@ -27,6 +30,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis task, the AD_DuplicateGroups Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ---------------- | ------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Duplicate Groups | This report identifies duplicate groups within the audited domains. | None | This report is comprised of three elements: - Bar Chart – Displays domains by number of groups with duplicates - Table – Provides details on duplicate groups - Table – Provides details on domains by number of groups with duplicates | +| Report | Description | Default Tags | Report Elements | +| ---------------- | ------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Duplicate Groups | This report identifies duplicate groups within the audited domains. | None | This report is comprised of three elements:
  • Bar Chart – Displays domains by number of groups with duplicates
  • Table – Provides details on duplicate groups
  • Table – Provides details on domains by number of groups with duplicates
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/groups/ad_emptygroups.md b/docs/accessanalyzer/11.6/solutions/activedirectory/groups/ad_emptygroups.md index 6ab2c2868c..8fbfd00926 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/groups/ad_emptygroups.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/groups/ad_emptygroups.md @@ -14,8 +14,11 @@ consolidation or cleanup. Navigate to the **Active Directory** > **1.Groups** > **AD_EmptyGroups** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_EmptyGroups Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/groups/emptygroupsanalysis.webp) @@ -32,7 +35,8 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the AD_EmptyGroups Job produces the following pre-configured reports: -| Report | Description | Default Tags | Report Elements | -| ------------------ | --------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Empty Groups | This report identifies all groups without any members. | None | This report is comprised of three elements: - Bar Chart – Displays top domains by empty group counts - Table – Provides details on empty groups - Table – Provides details on empty groups by domain | -| Single User Groups | This report identifies groups which only contain a single user. | None | This report is comprised of three elements: - Bar Chart – Displays top domains by single user groups - Table – Provides details on groups - Table – Provides details on single user groups by domain | +| Report | Description | Default Tags | Report Elements | +| ------------------ | --------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Empty Groups | This report identifies all groups without any members. | None | This report is comprised of three elements:
  • Bar Chart – Displays top domains by empty group counts
  • Table – Provides details on empty groups
  • Table – Provides details on empty groups by domain
| +| Single User Groups | This report identifies groups which only contain a single user. | None | This report is comprised of three elements:
  • Bar Chart – Displays top domains by single user groups
  • Table – Provides details on groups
  • Table – Provides details on single user groups by domain
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/groups/ad_groupprobableowners.md b/docs/accessanalyzer/11.6/solutions/activedirectory/groups/ad_groupprobableowners.md index 2f2ea449cd..2dc21e5f43 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/groups/ad_groupprobableowners.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/groups/ad_groupprobableowners.md @@ -15,8 +15,11 @@ requests. Navigate to the **Active Directory** > **1.Groups** > **AD_GroupProbableOwners** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_GroupProbableOwners Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/groups/groupprobableownersanalysis.webp) @@ -30,6 +33,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the AD_GroupProbableOwner Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| --------------- | ----------------------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Probable Owners | This report identifies the most probable manager or department, based on effective member attributes. | None | This report is comprised of three elements: - Stacked Bar Chart – Displays top domains by blank manager field - Table – Provides details on probable ownership - Table – Provides summary of managers | +| Report | Description | Default Tags | Report Elements | +| --------------- | ----------------------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Probable Owners | This report identifies the most probable manager or department, based on effective member attributes. | None | This report is comprised of three elements:
  • Stacked Bar Chart – Displays top domains by blank manager field
  • Table – Provides details on probable ownership
  • Table – Provides summary of managers
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/groups/ad_largestgroups.md b/docs/accessanalyzer/11.6/solutions/activedirectory/groups/ad_largestgroups.md index 0667be012e..b255371f11 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/groups/ad_largestgroups.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/groups/ad_largestgroups.md @@ -15,8 +15,11 @@ access to resources, or how much access is being granted to resources through th Navigate to the **Active Directory** > **1.Groups** > **AD_LargestGroups** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Task for the AD_LargestGroups Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/groups/largestgroupsanalysis.webp) @@ -28,6 +31,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis task, the AD_LargestGroups Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| -------------- | ------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------- | -| Largest Groups | This report identifies the largest groups within the audited environment. | None | This report is comprised of two elements: - Bar Chart – Displays largest groups - Table – Provides details on groups | +| Report | Description | Default Tags | Report Elements | +| -------------- | ------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------ | +| Largest Groups | This report identifies the largest groups within the audited environment. | None | This report is comprised of two elements:
  • Bar Chart – Displays largest groups
  • Table – Provides details on groups
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/groups/ad_mailsecuritygroups.md b/docs/accessanalyzer/11.6/solutions/activedirectory/groups/ad_mailsecuritygroups.md index 1ac5fd7d30..5d33a70f83 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/groups/ad_mailsecuritygroups.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/groups/ad_mailsecuritygroups.md @@ -13,8 +13,11 @@ The AD_MailSecurityGroups Job identifies mail-enabled security groups within Act Navigate to the **Active Directory** > **1.Groups** > **AD_MailSecurityGroups** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_MailSecurityGroups Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/groups/mailsecuritygroupsanalysis.webp) @@ -30,6 +33,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the AD_MailSecurityGroups Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ---------------------------- | ------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Mail Enabled Security Groups | This report displays summary data for mail enabled security groups. | None | This report is comprised of three elements: - Stacked Bar Chart – Displays mail enabled security groups per domain - Table – Provides summary of mail enabled security groups - Table – Provides summary of mail enabled security groups by domain | +| Report | Description | Default Tags | Report Elements | +| ---------------------------- | ------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Mail Enabled Security Groups | This report displays summary data for mail enabled security groups. | None | This report is comprised of three elements:
  • Stacked Bar Chart – Displays mail enabled security groups per domain
  • Table – Provides summary of mail enabled security groups
  • Table – Provides summary of mail enabled security groups by domain
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/groups/ad_nestedgroups.md b/docs/accessanalyzer/11.6/solutions/activedirectory/groups/ad_nestedgroups.md index e7b7ba7202..ff31e7ba0a 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/groups/ad_nestedgroups.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/groups/ad_nestedgroups.md @@ -16,8 +16,11 @@ avoid difficulties in understanding effective membership and access. Navigate to the **Active Directory** > **1.Groups** > **AD_NestedGroups** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_NestedGroups Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/groups/nestedgroupsanalysis.webp) @@ -30,6 +33,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the AD_NestedGroups Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ------------- | --------------------------------------------------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Nested Groups | This report identifies the groups with the largest amount of nested groups, and how many levels of nesting there are. | None | This report is comprised of three elements: - Bar Chart – Displays top groups by nesting - Table – Provides details on nested groups - Table – Provides details on top groups by nesting | +| Report | Description | Default Tags | Report Elements | +| ------------- | --------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Nested Groups | This report identifies the groups with the largest amount of nested groups, and how many levels of nesting there are. | None | This report is comprised of three elements:
  • Bar Chart – Displays top groups by nesting
  • Table – Provides details on nested groups
  • Table – Provides details on top groups by nesting
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/groups/ad_sensitivesecuritygroups.md b/docs/accessanalyzer/11.6/solutions/activedirectory/groups/ad_sensitivesecuritygroups.md index 2eb45d9059..e90130e624 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/groups/ad_sensitivesecuritygroups.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/groups/ad_sensitivesecuritygroups.md @@ -16,8 +16,11 @@ who require this level of administrative privileges. Navigate to the **Active Directory** > **1.Groups** > **AD_SensitiveSecurityGroups** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_SensitiveSecurityGroups Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/groups/sensitivesecuritygroupsanalysis.webp) @@ -33,6 +36,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the AD_SensitiveSecurityGroups Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ----------------------------------- | ------------------------------------------------------------------------ | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Sensitive Security Group Membership | This report displays effective membership for sensitive security groups. | None | This report is comprised of three elements: - Stacked Bar Chart – Displays largest groups - Table – Provides details on membership - Table – Provides summary of group membership | +| Report | Description | Default Tags | Report Elements | +| ----------------------------------- | ------------------------------------------------------------------------ | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Sensitive Security Group Membership | This report displays effective membership for sensitive security groups. | None | This report is comprised of three elements:
  • Stacked Bar Chart – Displays largest groups
  • Table – Provides details on membership
  • Table – Provides summary of group membership
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/groups/ad_stalegroups.md b/docs/accessanalyzer/11.6/solutions/activedirectory/groups/ad_stalegroups.md index b579e94205..e80d0cffd9 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/groups/ad_stalegroups.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/groups/ad_stalegroups.md @@ -15,8 +15,11 @@ days, or are disabled. These group memberships should be reviewed and possibly r Navigate to the **Active Directory** > **1.Groups** > **AD_StaleGroups** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_StaleGroups Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/groups/stalegroupsanalysis.webp) @@ -32,6 +35,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the AD_StaleGroups Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Stale Effective Membership (A.K.A. Stale Groups) | This report identifies groups with stale effective membership. A stale user is defined as someone who has not logged into the domain in over 60 days, is expired, or currently disabled. | None | This report is comprised of three elements: - Bar Chart – Displays group membership - Table – Provides details on membership - Table – Provides details on group membership | +| Report | Description | Default Tags | Report Elements | +| ------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Stale Effective Membership (A.K.A. Stale Groups) | This report identifies groups with stale effective membership. A stale user is defined as someone who has not logged into the domain in over 60 days, is expired, or currently disabled. | None | This report is comprised of three elements:
  • Bar Chart – Displays group membership
  • Table – Provides details on membership
  • Table – Provides details on group membership
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/groups/recommended.md b/docs/accessanalyzer/11.6/solutions/activedirectory/groups/recommended.md index 020915f35e..63a9a82ec0 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/groups/recommended.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/groups/recommended.md @@ -9,32 +9,35 @@ sidebar_position: 10 The Active Directory > **1.Groups** Job Group has been configured by default to run with the default settings. It can be run directly or scheduled. -Dependencies +**Dependencies** The **.Active Directory Inventory** Job Group needs to be successfully executed prior to running this job group. -Target Host +**Target Host** This job group does not collect data. No target host is required. -Connection Profile +**Connection Profile** This job group does not collect data. No specific Connection Profile is required. -Schedule Frequency +**Schedule Frequency** The data analyzed by the **1.Groups** Job Group jobs is collected by the **.Active Directory Inventory** Job Group. Therefore, it is recommended to schedule these jobs to run after the .Active Directory Inventory job group collection has completed. These jobs can be scheduled to run as desired. -Run at the Job Group Level +**Run at the Job Group Level** -**_RECOMMENDED:_** Run the jobs in the **1.Groups** Job Group together and in order by running the +:::info +Run the jobs in the **1.Groups** Job Group together and in order by running the entire job group, instead of the individual jobs. +::: -Analysis Configuration + +**Analysis Configuration** The **1.Groups** Job Group should be run with the default analysis configurations. Most of the analysis tasks are preconfigured for this job group. @@ -46,10 +49,13 @@ Some analysis tasks have customizable parameters: - Customize within **.Active Directory Inventory** > **3-AD_Exceptions** Job analysis tasks - **NOTE:** Changes to an exception’s definition will affect all jobs dependent upon that + :::note + Changes to an exception’s definition will affect all jobs dependent upon that exception as well as all Access Information Center Exceptions reports. + ::: + -Workflow +**Workflow** **Step 1 –** Prerequisite: Run the **.Active Directory Inventory** Job Group. diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/overview.md b/docs/accessanalyzer/11.6/solutions/activedirectory/overview.md index c5cf16c239..367b26dc81 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/overview.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/overview.md @@ -11,22 +11,25 @@ information administrators need for Active Directory configuration, operational troubleshooting, analyzing effective permissions, and tracking who is making what changes within an organization. -Supported Platforms +**Supported Platforms** - Windows Server 2016 and later - Windows 2003 Forest level or higher -**NOTE:** See the Microsoft +:::note +See the Microsoft [Windows Server end of support and Microsoft 365 Apps](https://learn.microsoft.com/en-us/deployoffice/endofsupport/windows-server-support) article for additional information. +::: -Requirements, Permissions, and Ports + +**Requirements, Permissions, and Ports** See the [Active Directory Domain Target Requirements](/docs/accessanalyzer/11.6/requirements/activedirectory/activedirectory/overview.md) topic for additional information. -Location +**Location** The Active Directory Solution requires a special Enterprise Auditor license. It can be installed from the Enterprise Auditor Instant Job Wizard. Once installed into the Jobs tree, navigate to the @@ -40,8 +43,11 @@ e.g. 1.Groups Job Group. Other job groups run both data collection and analysis The AD_SecurityAssessment Job summarizes security related results from both the Active Directory Solution and the Active Directory Permissions Analyzer Solution. -**NOTE:** The Cleanup Job Group requires additional licenses to function. See the +:::note +The Cleanup Job Group requires additional licenses to function. See the [Active Directory Job Groups](#active-directory-job-groups) topic for additional information. +::: + See the [Instant Job Wizard](/docs/accessanalyzer/11.6/admin/jobs/instantjobs/overview.md) diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/users/ad_directmembership.md b/docs/accessanalyzer/11.6/solutions/activedirectory/users/ad_directmembership.md index a2f7107124..fd391e0c5a 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/users/ad_directmembership.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/users/ad_directmembership.md @@ -14,8 +14,11 @@ may indicate unnecessary user accounts that are suitable candidates for review a Navigate to the **Active Directory** > **2.Users** > **AD_DirectMembership** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_DirectMembership Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/users/directmembershipanalysis.webp) @@ -29,6 +32,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the AD_DirectMembership Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ------------------- | ------------------------------------------------------ | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| No Group Membership | This report identifies users with no group membership. | None | This report is comprised of three elements: - Bar Chart – Displays top domains by users with no membership - Table – Provides details on all users with no group membership - Table – Provides details on top domains by users with no membership | +| Report | Description | Default Tags | Report Elements | +| ------------------- | ------------------------------------------------------ | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| No Group Membership | This report identifies users with no group membership. | None | This report is comprised of three elements:
  • Bar Chart – Displays top domains by users with no membership
  • Table – Provides details on all users with no group membership
  • Table – Provides details on top domains by users with no membership
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/users/ad_duplicateusers.md b/docs/accessanalyzer/11.6/solutions/activedirectory/users/ad_duplicateusers.md index 8948237a1d..2bc50f46ee 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/users/ad_duplicateusers.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/users/ad_duplicateusers.md @@ -15,8 +15,11 @@ access than their normal account. Navigate to the **Active Directory** > **2.Users** > **AD_DuplicateUsers** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_DuplicateUsers Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/users/duplicateusersanalysis.webp) @@ -30,6 +33,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the AD_DuplicateUsers Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ----------------------- | -------------------------------------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Duplicate User Accounts | This report identifies user accounts which may belong to a single employee, based on a variety of common attributes. | None | This report is comprised of three elements: - Bar Chart – Displays a domain summary - Table – Provides details on matches - Table – Provides details on duplicate user accounts by domain | +| Report | Description | Default Tags | Report Elements | +| ----------------------- | -------------------------------------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Duplicate User Accounts | This report identifies user accounts which may belong to a single employee, based on a variety of common attributes. | None | This report is comprised of three elements:
  • Bar Chart – Displays a domain summary
  • Table – Provides details on matches
  • Table – Provides details on duplicate user accounts by domain
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/users/ad_orphanedusers.md b/docs/accessanalyzer/11.6/solutions/activedirectory/users/ad_orphanedusers.md index bf2fd624f5..db9439102e 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/users/ad_orphanedusers.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/users/ad_orphanedusers.md @@ -14,8 +14,11 @@ should be reviewed and appropriate management should be assigned. Navigate to the **Active Directory** > **2.Users** > **AD_OrphanedUsers** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_OrphanedUsers Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/users/orphanedusersanalysis.webp) @@ -28,6 +31,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the AD_OrphanedUsers Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| -------------- | --------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Orphaned Users | A user is considered orphans when their manager is disabled or stale. | None | This report is comprised of three elements: - Bar Chart – Displays top domains by orphaned users - Table – Provides details on orphaned users - Provides details on top domains by orphaned users | +| Report | Description | Default Tags | Report Elements | +| -------------- | --------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Orphaned Users | A user is considered orphans when their manager is disabled or stale. | None | This report is comprised of three elements:
  • Bar Chart – Displays top domains by orphaned users
  • Table – Provides details on orphaned users
  • Provides details on top domains by orphaned users
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/users/ad_passwordstatus.md b/docs/accessanalyzer/11.6/solutions/activedirectory/users/ad_passwordstatus.md index d0e1be833f..3cc70fc705 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/users/ad_passwordstatus.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/users/ad_passwordstatus.md @@ -14,8 +14,11 @@ or compromised if not addressed. Navigate to the **Active Directory** > **2.Users** > **AD_PasswordStatus** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigure for this job. +::: + ![Analysis Tasks for the AD_PasswordStatus Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/users/passwordstatusanalysis.webp) @@ -29,6 +32,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the AD_PasswordStatus Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| --------------- | ---------------------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Password Status | This report identifies the password status of all users and highlights potential issues. | None | This report is comprised of three elements: - Stacked Bar Chart – Displays password issues by domain - Table – Provides details on users - Provides details on password issues by domain | +| Report | Description | Default Tags | Report Elements | +| --------------- | ---------------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Password Status | This report identifies the password status of all users and highlights potential issues. | None | This report is comprised of three elements:
  • Stacked Bar Chart – Displays password issues by domain
  • Table – Provides details on users
  • Provides details on password issues by domain
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/users/ad_serviceaccounts.md b/docs/accessanalyzer/11.6/solutions/activedirectory/users/ad_serviceaccounts.md index d6fdb5bb04..ba693345e2 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/users/ad_serviceaccounts.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/users/ad_serviceaccounts.md @@ -10,7 +10,10 @@ The AD_ServiceAccounts Job offers information about service accounts and if they Kerberoasting. An account is deemed vulnerable to a Kerberoasting attack if the msDS-SupportedEncryptionTypes value supports RC4 as the highest encryption type. -_Remember,_ the 1-AD_Scan Job needs to be configured to collect these Custom Attributes: +:::tip +Remember, the 1-AD_Scan Job needs to be configured to collect these Custom Attributes: +::: + - servicePrincipalName – Provides service account information. See the Microsoft [Service Principal Names](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/cc961723(v=technet.10)) @@ -22,8 +25,11 @@ _Remember,_ the 1-AD_Scan Job needs to be configured to collect these Custom Att Navigate to the **Active Directory** > **2.Users** > **AD_ServiceAccounts** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Task for the AD_ServiceAccounts Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/users/serviceaccountsanalysis.webp) @@ -35,6 +41,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis task, the AD_ServiceAccounts Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ---------------- | ---------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Service Accounts | This report provides details on service accounts in the audited environment. | None | This report is comprised of three elements: - Bar Chart – Displays service accounts by domain - Table – Provides details on service accounts - Table – Provides details on service accounts by domain | +| Report | Description | Default Tags | Report Elements | +| ---------------- | ---------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Service Accounts | This report provides details on service accounts in the audited environment. | None | This report is comprised of three elements:
  • Bar Chart – Displays service accounts by domain
  • Table – Provides details on service accounts
  • Table – Provides details on service accounts by domain
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/users/ad_sidhistory.md b/docs/accessanalyzer/11.6/solutions/activedirectory/users/ad_sidhistory.md index 04bb07bbcd..4b886a2ec4 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/users/ad_sidhistory.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/users/ad_sidhistory.md @@ -16,8 +16,11 @@ with administrative rights, both of which may be indicators of compromise. Navigate to the **Active Directory** > **2.Users** > **AD_SIDHistory** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_SIDHistory Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/users/sidhistoryanalysis.webp) @@ -31,6 +34,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the AD_PasswordStatus Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| SID History | This report lists historical SIDs in the audited environment. Additionally, it highlights exceptions involving the SIDHistory attribute on AD user objects. Considered in particular are when a user has a historical SID from their current domain, or when a non-admin user has a historical SID with administrative rights. | None | This report is comprised of three elements: - Bar Chart – Displays historical SIDs by domain - Table – Provides details on SID history - Table – Provides details on historical SIDs by domain | +| Report | Description | Default Tags | Report Elements | +| ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| SID History | This report lists historical SIDs in the audited environment. Additionally, it highlights exceptions involving the SIDHistory attribute on AD user objects. Considered in particular are when a user has a historical SID from their current domain, or when a non-admin user has a historical SID with administrative rights. | None | This report is comprised of three elements:
  • Bar Chart – Displays historical SIDs by domain
  • Table – Provides details on SID history
  • Table – Provides details on historical SIDs by domain
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/users/ad_staleusers.md b/docs/accessanalyzer/11.6/solutions/activedirectory/users/ad_staleusers.md index ac347c55eb..7888a1ba95 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/users/ad_staleusers.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/users/ad_staleusers.md @@ -10,20 +10,26 @@ The AD_StaleUsers job identifies potentially stale users based on the amount of last login to the domain, or if the account has been disabled. These accounts should be reviewed and cleaned up in order to increase security and reduce complexity. -**NOTE:** The definition of a stale user is set by the .Active Directory Inventory solution. These +:::note +The definition of a stale user is set by the .Active Directory Inventory solution. These parameters, including the number of days since last login to be considered stale (by default 60 days), can be customized within the **.Active Directory Inventory** > **3-AD_Exceptions** job's **Stale Users** analysis task. See the [3-AD_Exceptions Job](/docs/accessanalyzer/11.6/solutions/activedirectoryinventory/3-ad_exceptions.md) topic for additional information. +::: + ## Analysis Tasks for the AD_StaleUsers Job Navigate to the **Active Directory** > **2.Users** > **AD_StaleUsers** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_StaleUsers Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/users/staleusersanalysis.webp) @@ -36,6 +42,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the AD_StaleUsers job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Stale Users | This report identifies user accounts which have not logged into the domain for an extended amount of time or are currently disabled. A user account is considered stale if the last logon is over 60 days ago, is currently disabled, or expired. | None | This report is comprised of three elements: - Stacked Bar Chart – Displays users by domain - Table – Provides details on users - Table – Provides details on users by domain | +| Report | Description | Default Tags | Report Elements | +| ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Stale Users | This report identifies user accounts which have not logged into the domain for an extended amount of time or are currently disabled. A user account is considered stale if the last logon is over 60 days ago, is currently disabled, or expired. | None | This report is comprised of three elements:
  • Stacked Bar Chart – Displays users by domain
  • Table – Provides details on users
  • Table – Provides details on users by domain
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/users/ad_userattributecompletion.md b/docs/accessanalyzer/11.6/solutions/activedirectory/users/ad_userattributecompletion.md index 45856aa37b..0c1deb094c 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/users/ad_userattributecompletion.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/users/ad_userattributecompletion.md @@ -15,8 +15,11 @@ within Active Directory which are lacking appropriate information. Navigate to the **Active Directory** > **2.Users** > **AD_UserAttributeCompletion** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_UserAttributeCompletion Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/users/userattributecompletionanalysis.webp) @@ -30,6 +33,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the AD_UserAttributeCompletion Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| User Attribute Completion | This report identifies which attributes are present within User fields in Active Directory, and which ones are blank for a majority of objects. | None | This report is comprised of three elements: - Stacked Bar Chart – Displays completeness by attribute - Table – Provides details on users with blank attributes - Table –Provides details on completeness by attribute | +| Report | Description | Default Tags | Report Elements | +| ------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| User Attribute Completion | This report identifies which attributes are present within User fields in Active Directory, and which ones are blank for a majority of objects. | None | This report is comprised of three elements:
  • Stacked Bar Chart – Displays completeness by attribute
  • Table – Provides details on users with blank attributes
  • Table –Provides details on completeness by attribute
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/users/ad_userdelegation.md b/docs/accessanalyzer/11.6/solutions/activedirectory/users/ad_userdelegation.md index 173b79eb9f..3dc971d4a7 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/users/ad_userdelegation.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/users/ad_userdelegation.md @@ -17,8 +17,11 @@ blog article for more information about this configuration and the related secur Navigate to the **Active Directory** > **2.Users** > **AD_UserDelegation** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Task for the AD_UserDelegation Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/users/userdelegationanalysis.webp) @@ -30,6 +33,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis task, the AD_UserDelegation Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ---------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Users Trusted for Delegation | This report highlights which users are trusted for delegation, which accounts are sensitive, and whether the delegation is constrained or unconstrained. | None | This report is comprised of three elements: - Bar Chart – Displays users trusted for delegation by domain - Table – Provides details on users trusted for delegation - Table – Provides details on users trusted for delegation by domain | +| Report | Description | Default Tags | Report Elements | +| ---------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Users Trusted for Delegation | This report highlights which users are trusted for delegation, which accounts are sensitive, and whether the delegation is constrained or unconstrained. | None | This report is comprised of three elements:
  • Bar Chart – Displays users trusted for delegation by domain
  • Table – Provides details on users trusted for delegation
  • Table – Provides details on users trusted for delegation by domain
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/users/ad_usertoken.md b/docs/accessanalyzer/11.6/solutions/activedirectory/users/ad_usertoken.md index 89a307be12..dc4a5200be 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/users/ad_usertoken.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/users/ad_usertoken.md @@ -17,8 +17,11 @@ article for more information about estimated token size. Navigate to the **Active Directory** > **2.Users** > **AD_UserToken** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Task for the AD_UserToken Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/users/usertokenanalysis.webp) @@ -30,6 +33,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis task, the AD_UserToken Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ---------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------- | -| User Token | A user's token size is directly related to the number of SIDs associated with their user account, taking into account historical SIDs and effective membership. | None | This report is comprised of two elements: - Stacked Bar Chart – Displays top users by estimated token size - Table – Provides details on user tokens | +| Report | Description | Default Tags | Report Elements | +| ---------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| User Token | A user's token size is directly related to the number of SIDs associated with their user account, taking into account historical SIDs and effective membership. | None | This report is comprised of two elements:
  • Stacked Bar Chart – Displays top users by estimated token size
  • Table – Provides details on user tokens
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/users/ad_weakpasswords.md b/docs/accessanalyzer/11.6/solutions/activedirectory/users/ad_weakpasswords.md index be343b5752..8575b38a4a 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/users/ad_weakpasswords.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/users/ad_weakpasswords.md @@ -66,7 +66,10 @@ Collector Wizard opens. ![Password Security Data Collection Wizard Scan options page](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/users/optionsweakpassword.webp) -**CAUTION:** Read the warning prior to enabling the cleartext password feature. +:::warning +Read the warning prior to enabling the cleartext password feature. +::: + **Step 4 –** On the Options page, configure the scan options by enabling communication with the Active Directory via SSL or returning cleartext password entries. @@ -91,8 +94,11 @@ The Weak Passwords query is now configured. Navigate to the **Active Directory** > **2.Users** > **AD_WeakPasswords** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_WeakPasswords Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectory/users/weakpasswordsanalysis.webp) @@ -110,6 +116,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the AD_UserDelegation Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| --------------------- | ------------------------------------------------------------------------------------------------------------------ | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Weak Passwords Checks | This job identifies accounts in the organization with weak passwords that can be easily decrypted or brute forced. | None | This report is comprised of three elements: - Bar Chart – Displays password weaknesses - Table – Provides details on password weaknesses - Table – Provides details on exceptions and user counts | +| Report | Description | Default Tags | Report Elements | +| --------------------- | ------------------------------------------------------------------------------------------------------------------ | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Weak Passwords Checks | This job identifies accounts in the organization with weak passwords that can be easily decrypted or brute forced. | None | This report is comprised of three elements:
  • Bar Chart – Displays password weaknesses
  • Table – Provides details on password weaknesses
  • Table – Provides details on exceptions and user counts
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectory/users/recommended.md b/docs/accessanalyzer/11.6/solutions/activedirectory/users/recommended.md index 3c89bd650c..d45aae4a32 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectory/users/recommended.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectory/users/recommended.md @@ -9,7 +9,7 @@ sidebar_position: 10 The **Active Directory** > **2.Users** Job Group has been configured by default to run with the out-of-the-box settings. It can be run directly or scheduled. -Dependencies +**Dependencies** - The **.Active Directory Inventory** Job Group needs to be successfully executed prior to running this job group @@ -26,40 +26,49 @@ Dependencies [PasswordSecurity: Dictionaries](/docs/accessanalyzer/11.6/admin/datacollector/passwordsecurity/dictionaries.md) topic for additional information. - **_RECOMMENDED:_** If this job is not to be used, disable the job to prevent execution when the + :::info + If this job is not to be used, disable the job to prevent execution when the job group is executed. + ::: -Targeted Host(s) + +**Targeted Host(s)** Only the **AD_WeakPasswords** Job requires a host list. The host list assignment has been configured under the **2. Users** > **AD_WeakPasswords** > **Configure** > **Hosts** node. It is set to target the **ONE DOMAIN CONTROLLER PER DOMAIN** host list. This host list is a dynamic host list based on the host inventory value in the **isDomainController** field in the Host Master Table. -Connection Profile +**Connection Profile** Only the **AD_WeakPasswords** Job requires a Connection Profile. It must be set directly on the **AD_WeakPasswords** Job (through the Job Properties window) with Domain Administrator privileges. -**NOTE:** The **AD_WeakPassword** Job can be executed with a least privilege credential. See the +:::note +The **AD_WeakPassword** Job can be executed with a least privilege credential. See the [Active Directory Auditing Configuration](/docs/accessanalyzer/11.6/requirements/activedirectory/activedirectory/access.md) topic for additional information. +::: + -Schedule Frequency +**Schedule Frequency** The data analyzed by the **2.Users** Job Group jobs is collected by the **.Active Directory Inventory** Job Group. Therefore, it is recommended to schedule these jobs to run after the **.Active Directory Inventory** job group collection has completed. These jobs can be scheduled to run as desired. -Run at the Job Group Level +**Run at the Job Group Level** Run the jobs in the **2.Users** Job Group together and in order by running the entire job group, instead of the individual jobs. -_Remember,_ if the **AD_WeakPassword** Job is not to be executed, it can be disabled. +:::tip +Remember, if the **AD_WeakPassword** Job is not to be executed, it can be disabled. +::: + -Analysis Configuration +**Analysis Configuration** The **2.Users** Job Group should be run with the default analysis configurations. Most of the analysis tasks are preconfigured for this Job Group. @@ -71,10 +80,13 @@ Some analysis tasks have customizable parameters: - Customize within **.Active Directory Inventory** > **3-AD_Exceptions** Job analysis tasks - **NOTE:** Changes to an exception’s definition will affect all jobs dependent upon that + :::note + Changes to an exception’s definition will affect all jobs dependent upon that exception as well as all Access Information Center Exceptions reports. + ::: -Workflow + +**Workflow** **Step 1 –** Prerequisite: Ensure the **.Active Directory Inventory** Job Group has been successfully run. @@ -85,9 +97,12 @@ successfully run. - ONE DOMAIN CONTROLLER PER DOMAIN - **NOTE:** Default dynamic host lists are populated from hosts in the Host Master Table that meet + :::note + Default dynamic host lists are populated from hosts in the Host Master Table that meet the host inventory criteria for the list. Ensure the appropriate host lists have been populated through host inventory results. + ::: + **Step 3 –** Set a Connection Profile on the job that runs the data collection. diff --git a/docs/accessanalyzer/11.6/solutions/activedirectoryinventory/1-ad_scan.md b/docs/accessanalyzer/11.6/solutions/activedirectoryinventory/1-ad_scan.md index 670aea049f..84a2ac1f7c 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectoryinventory/1-ad_scan.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectoryinventory/1-ad_scan.md @@ -39,8 +39,11 @@ opens. **Step 3 –** Select the **Data Source** tab, and click **Configure**. The Active Directory Inventory DC Wizard opens. -**CAUTION:** Do not make changes to other wizard pages as they have been pre-configured for the +:::warning +Do not make changes to other wizard pages as they have been pre-configured for the purpose of this job. +::: + ![Active Directory Inventory DC Wizard Options page](/img/product_docs/accessanalyzer/11.6/solutions/activedirectoryinventory/scandcwizardoptions.webp) @@ -64,10 +67,13 @@ topic for additional information. **Step 6 –** Navigate to the Summary page. Click **Finish** to save any setting modifications or click **Cancel** if no changes were made. Then click **OK** to close the Query Properties window. -**NOTE:** In order for the Access Information Center to populate NFS permissions within File System +:::note +In order for the Access Information Center to populate NFS permissions within File System reports, the .Active Directory Inventory Job Group must be configured to collect the **uid** and **uidNumber** attributes for Users. See the [NFS Permissions for the AIC ](#nfs-permissions-for-the-aic) topic for additional information. +::: + The 1-AD_Scan Job is now ready to run with the customized settings. If any custom attributes are added to the data collection, the **Create Extended Attributes View** analysis task can be enabled @@ -78,8 +84,11 @@ in order to have visibility into the collected data. View the analysis tasks by navigating to the **.Active Directory Inventory** > **1-AD_Scan** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the 1-AD_Scan Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectoryinventory/scananalysis.webp) @@ -108,9 +117,10 @@ In addition to the tables and views explained in the [Standard Reference Tables & Views for the ADInventory Data Collector](/docs/accessanalyzer/11.6/admin/datacollector/adinventory/standardtables.md) topic, the 1-AD_Scan Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ------------------------ | ------------------------------------------------------------------ | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Active Directory Summary | This report provides a summary of all audited domains and objects. | None | This report is comprised of four elements: - Table – Displays general statistics in the Users, Groups, and Computers in All Audited Domains - Pie Chart – Displays Principals by Object Class - Pie Chart – Displays Principals by Audited Domain - Table – Displays detailed statistical information for each of the AD objects | +| Report | Description | Default Tags | Report Elements | +| ------------------------ | ------------------------------------------------------------------ | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Active Directory Summary | This report provides a summary of all audited domains and objects. | None | This report is comprised of four elements:
  • Table – Displays general statistics in the Users, Groups, and Computers in All Audited Domains
  • Pie Chart – Displays Principals by Object Class
  • Pie Chart – Displays Principals by Audited Domain
  • Table – Displays detailed statistical information for each of the AD objects
| + ## NFS Permissions for the AIC @@ -131,8 +141,11 @@ the 1-AD_Scan Job. **Step 2 –** Navigate to the Options page. Ensure the **Collect only updates since last scan** option is deselected. -**NOTE:** Whenever query configurations are modified, it is necessary to do a full scan. After the +:::note +Whenever query configurations are modified, it is necessary to do a full scan. After the first full scan, differential scanning can be re-enabled. +::: + ![Active Directory Inventory DC Wizard Custom Attributes page](/img/product_docs/accessanalyzer/11.6/solutions/activedirectoryinventory/scandcwizardcustomattributesnfs.webp) @@ -162,7 +175,10 @@ task. The .Active Directory Inventory Job Group is now collecting attributes required for NFS data to be visible within the Access Information Center. -_Remember,_ it is necessary to re-enable differential scanning after Step 5 if desired. +:::tip +Remember, it is necessary to re-enable differential scanning after Step 5 if desired. +::: + See the Resource Audit topics in the [Netwrix Access Information Center Documentation](https://helpcenter.netwrix.com/category/accessinformationcenter) diff --git a/docs/accessanalyzer/11.6/solutions/activedirectoryinventory/2-ad_changes.md b/docs/accessanalyzer/11.6/solutions/activedirectoryinventory/2-ad_changes.md index f5944f1e8f..e559a5c91a 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectoryinventory/2-ad_changes.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectoryinventory/2-ad_changes.md @@ -21,8 +21,11 @@ topic for additional information. View the analysis tasks by navigating to the **.Active Directory Inventory** > **2-AD_Changes** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the 2-AD_Changes Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectoryinventory/changesanalysis.webp) @@ -116,15 +119,16 @@ topic for additional information. In addition to the tables and views created by the analysis tasks, the 2-AD_Changes Job produces the following pre-configured reports: -| Report | Description | Default Tags | Report Elements | -| ---------------------------------------------------- | ------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Attribute Changes | This report tracks attribute changes within Active Directory. | None | This report is comprised of three elements: - Bar graph – Displays Attribute Changes (Past 24 Hours) - Table – Provides details on attribute changes (Past 24 Hours) - Table – Provides details on changes | -| Group Membership Changes (A.K.A. Most Active Groups) | This report tracks group membership changes in Active Directory. | None | This report is comprised of three elements: - Bar graph – Displays Most Active Groups (Past 24 Hours) - Table – Provides details on the most active groups (Past 24 Hours) - Table – Provides details on the most active groups | -| New Principals | This report identifies when principals have been created on the targeted domains. | None | This report is comprised of two elements: - Bar graph – Displays New Principals by Domain (Past 24 Hours) - Table – Provides details on the new principals by domain | -| Object Moves | This report tracks object moves in Active Directory. | None | This report is comprised of two elements: - Table – Displays Most Active OUs (Past 24 Hours) - Table – Provides details on the most active OUs | -| Org Changes (A.K.A. Organizational Changes) | This report tracks organizational moves such as manager, title or department changes. | None | This report is comprised of three elements: - Bar graph – Displays Organizational Changes (Past 24 Hours) - Table – Provides details on organizational changes (Past 24 Hours) - Table – Provides details on the organizational changes | -| Principal Deletions (A.K.A. Past 24 Hours) | This report identifies when principals have been deleted from the targeted domains. | None | This report is comprised of three elements: - Bar graph – Displays Deleted Principals by Domain (Past 24 Hours) - Table – Provides details on deleted principals by domain (Past 24 Hours) - Table – Provides details on the principals by domain | -| User Account Status Changes | This report tracks user account status changes. | None | This report is comprised of three elements: - Bar graph – Displays User Account Control Changes (Past 24 Hours) - Table – Provides details on user account control changes (Past 24 Hours) - Table – Provides details on the user account control changes | +| Report | Description | Default Tags | Report Elements | +| ---------------------------------------------------- | ------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Attribute Changes | This report tracks attribute changes within Active Directory. | None | This report is comprised of three elements:
  • Bar graph – Displays Attribute Changes (Past 24 Hours)
  • Table – Provides details on attribute changes (Past 24 Hours)
  • Table – Provides details on changes
| +| Group Membership Changes (A.K.A. Most Active Groups) | This report tracks group membership changes in Active Directory. | None | This report is comprised of three elements:
  • Bar graph – Displays Most Active Groups (Past 24 Hours)
  • Table – Provides details on the most active groups (Past 24 Hours)
  • Table – Provides details on the most active groups
| +| New Principals | This report identifies when principals have been created on the targeted domains. | None | This report is comprised of two elements:
  • Bar graph – Displays New Principals by Domain (Past 24 Hours)
  • Table – Provides details on the new principals by domain
| +| Object Moves | This report tracks object moves in Active Directory. | None | This report is comprised of two elements:
  • Table – Displays Most Active OUs (Past 24 Hours)
  • Table – Provides details on the most active OUs
| +| Org Changes (A.K.A. Organizational Changes) | This report tracks organizational moves such as manager, title or department changes. | None | This report is comprised of three elements:
  • Bar graph – Displays Organizational Changes (Past 24 Hours)
  • Table – Provides details on organizational changes (Past 24 Hours)
  • Table – Provides details on the organizational changes
| +| Principal Deletions (A.K.A. Past 24 Hours) | This report identifies when principals have been deleted from the targeted domains. | None | This report is comprised of three elements:
  • Bar graph – Displays Deleted Principals by Domain (Past 24 Hours)
  • Table – Provides details on deleted principals by domain (Past 24 Hours)
  • Table – Provides details on the principals by domain
| +| User Account Status Changes | This report tracks user account status changes. | None | This report is comprised of three elements:
  • Bar graph – Displays User Account Control Changes (Past 24 Hours)
  • Table – Provides details on user account control changes (Past 24 Hours)
  • Table – Provides details on the user account control changes
| + ### Notification Analysis Tasks for the 2-AD_Changes Job @@ -145,7 +149,10 @@ and select **Analysis**. ![Notification Data Analysis Module SMTP properties page](/img/product_docs/accessanalyzer/11.6/solutions/activedirectoryinventory/notificationanalysissmtp.webp) -**CAUTION:** Do not make changes to the pages preceding the SMTP page. +:::warning +Do not make changes to the pages preceding the SMTP page. +::: + **Step 3 –** Use the **Next** button to navigate to the email configuration SMTP page. diff --git a/docs/accessanalyzer/11.6/solutions/activedirectoryinventory/3-ad_exceptions.md b/docs/accessanalyzer/11.6/solutions/activedirectoryinventory/3-ad_exceptions.md index eb84e3980e..bd2a6ebf39 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectoryinventory/3-ad_exceptions.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectoryinventory/3-ad_exceptions.md @@ -37,8 +37,11 @@ View the analysis tasks by navigating to the **.Active Directory Inventory** > * **Configure** node and select **Analysis**. Analysis tasks with configuration parameters that define the security concerns within them can be modified. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the 3-AD_Exceptions Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectoryinventory/exceptionsanalysis.webp) @@ -119,25 +122,27 @@ The following analysis tasks are selected by default: In addition to the tables and views created by the analysis tasks, the 3-AD_Exceptions Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ----------------------------------------- | ---------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Exceptions Summary (A.K.A. AD Exceptions) | This report summarizes common issues with user accounts and group membership | None | This report is comprised of three elements: - Pie Chart – Displays exceptions by class - Table – Provides exceptions by count - Table – Provides details on exceptions | +| Report | Description | Default Tags | Report Elements | +| ----------------------------------------- | ---------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Exceptions Summary (A.K.A. AD Exceptions) | This report summarizes common issues with user accounts and group membership | None | This report is comprised of three elements:
  • Pie Chart – Displays exceptions by class
  • Table – Provides exceptions by count
  • Table – Provides details on exceptions
| + ### Customize Analysis Parameters for the 3-AD_Exceptions Job Exception definitions that can be customized have the following default values for the customizable parameters: -| Analysis Task | Customizable Parameter Name | Default Value | Value Indicates | -| -------------------- | --------------------------- | --------------------------------------------------- | --------------------------------------------------------------------- | -| Large Groups | @LARGE_THRESHOLD | 10 | A group object with 10 members or more | -| Deeply Nested Groups | @NESTING_THRESHOLD | 1 | A group object nested 1 level or deeper within another group object | -| Stale Users | @STALE_THRESHOLD | 60 | A user object that has been inactive for 60 days or more | -| | @INCLUDE_DISABLED | True | A user object that has been disabled | -| | @INCLUDE_EXPIRED | True | A user object that has expired | -| Stale Membership | @STALE_THRESHOLD | 10 | A group with 10% of its effective members are stale users | -| Large Token | @TOKEN_THRESHOLD | 10 | A user object with effective membership in more than 10 group objects | -| Admin Historical SID | #ADMIN_GROUPS | - Domain Admins - Enterprise Admins - Schema Admins | List of administrative groups | +| Analysis Task | Customizable Parameter Name | Default Value | Value Indicates | +| -------------------- | --------------------------- | ------------------------------------------------------------------------------- | --------------------------------------------------------------------- | +| Large Groups | @LARGE_THRESHOLD | 10 | A group object with 10 members or more | +| Deeply Nested Groups | @NESTING_THRESHOLD | 1 | A group object nested 1 level or deeper within another group object | +| Stale Users | @STALE_THRESHOLD | 60 | A user object that has been inactive for 60 days or more | +| | @INCLUDE_DISABLED | True | A user object that has been disabled | +| | @INCLUDE_EXPIRED | True | A user object that has expired | +| Stale Membership | @STALE_THRESHOLD | 10 | A group with 10% of its effective members are stale users | +| Large Token | @TOKEN_THRESHOLD | 10 | A user object with effective membership in more than 10 group objects | +| Admin Historical SID | #ADMIN_GROUPS |
  • Domain Admins
  • Enterprise Admins
  • Schema Admins
| List of administrative groups | + See the [Configure the Customizable Parameters in an Analysis Task](/docs/accessanalyzer/11.6/admin/jobs/job/configure/analysis/analysiscustomizableparameters.md) diff --git a/docs/accessanalyzer/11.6/solutions/activedirectoryinventory/overview.md b/docs/accessanalyzer/11.6/solutions/activedirectoryinventory/overview.md index dbc1f60166..71aa4e379b 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectoryinventory/overview.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectoryinventory/overview.md @@ -14,33 +14,39 @@ solutions. Key information includes user status, user attributes, and group memb collected data is accessed by other Enterprise Auditor solutions and the Netwrix Access Information Center for analysis. -**NOTE:** This solution is required for using the Access Information Center. +:::note +This solution is required for using the Access Information Center. +::: + This topic covers information on using the ADInventory Data Collector and the .Active Directory Inventory Job Group. -Supported Platforms +**Supported Platforms** - Windows 2003 Forest level or higher -Permissions +**Permissions** - Read access to directory tree - List Contents & Read Property on the Deleted Objects Container - **NOTE:** See the Microsoft + :::note + See the Microsoft [Searching for Deleted Objects](https://technet.microsoft.com/en-us/library/cc978013.aspx) article and the Microsoft [Dsacls](https://technet.microsoft.com/en-us/library/cc771151(v=ws.11).aspx) article for additional information. + ::: + -Ports +**Ports** - TCP 389 - TCP 135-139 - Randomly allocated high TCP ports -Location +**Location** The .Active Directory Inventory Solution is a core component of all Enterprise Auditor installations. Typically this solution is instantiated during installation, but it can be installed diff --git a/docs/accessanalyzer/11.6/solutions/activedirectoryinventory/recommended.md b/docs/accessanalyzer/11.6/solutions/activedirectoryinventory/recommended.md index f1d1c9e823..4078b5bedc 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectoryinventory/recommended.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectoryinventory/recommended.md @@ -10,11 +10,11 @@ The .Active Directory Inventory Solution has been configured by default to run w out-of-the-box settings, but some settings are optional for configuration. It can be run directly or scheduled. -Dependencies +**Dependencies** This job group does not have dependencies. -Targeted Hosts +**Targeted Hosts** The host list assignment has been configured under the **.Active Directory Inventory** > **Settings** > **Host List Assignment** node. It is set to target the Default domain controller host @@ -27,7 +27,7 @@ The Default domain controller host list and ONE DOMAIN CONTROLLER PER DOMAIN hos host lists based on the host inventory value in the isDomainController field in the Host Master Table. -Connection Profile +**Connection Profile** The Connection Profile has been configured under the **.Active Directory Inventory** > **Settings** > **Connection** node. It is set to Use the Default Profile, as configured at the @@ -37,33 +37,36 @@ targeted domains. If targeting multiple domains, ensure the assigned Connection Profile has the necessary permissions on all targeted domains. -History Retention +**History Retention** Not supported and should be turned off -Multi-Console Support +**Multi-Console Support** Not supported -Schedule Frequency +**Schedule Frequency** + +:::info +Schedule the .Active Directory Inventory Job Group to run once a day. +::: -**_RECOMMENDED:_** Schedule the .Active Directory Inventory Job Group to run once a day. If there are frequent AD changes within the target environment, then it can be executed more often. It is best to rerun it anytime AD changes might have occurred. -Run at the Solution Level +**Run at the Solution Level** The jobs in the .Active Directory Inventory Job Group should be run together and in order by running the entire solution, instead of the individual jobs. -Query Configuration +**Query Configuration** The solution is best run with the default query configuration. However, a possible modification might be to include configurations of the scan options or additional custom attributes within the [1-AD_Scan Job](/docs/accessanalyzer/11.6/solutions/activedirectoryinventory/1-ad_scan.md). -Analysis Configuration +**Analysis Configuration** The solution is best run with the default analysis configuration. However, possible modifications might be to: @@ -73,7 +76,7 @@ might be to: - Customize exception analysis parameters within the [3-AD_Exceptions Job](/docs/accessanalyzer/11.6/solutions/activedirectoryinventory/3-ad_exceptions.md) -Workflow +**Workflow** The .Active Directory Inventory Job Group has been set to run against the following default dynamic host list: diff --git a/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/ad_brokeninheritance.md b/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/ad_brokeninheritance.md index c17e530eb4..5c3c6814f4 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/ad_brokeninheritance.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/ad_brokeninheritance.md @@ -18,8 +18,11 @@ The AD_BrokenInheritance Job is located in the 6.Broken Inheritance Job Group. Navigate to the **Active Directory Permissions Analyzer** > **6.BrokenInheritance** > **AD_BrokenInheritance** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_BrokenInheritance Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/brokeninheritanceanalysis.webp) @@ -33,6 +36,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the AD_BrokenInheritance Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ---------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Broken Inheritance by Domain | This report highlights instances of broken inheritance on Active Directory objects. This information is summarized by domain. | None | This report is comprised of three elements: - Bar Chart – Displays broken inheritance by domain - Table – Provides summary of broken inheritance by OU - Table – Provides details on broken inheritance | +| Report | Description | Default Tags | Report Elements | +| ---------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Broken Inheritance by Domain | This report highlights instances of broken inheritance on Active Directory objects. This information is summarized by domain. | None | This report is comprised of three elements:
  • Bar Chart – Displays broken inheritance by domain
  • Table – Provides summary of broken inheritance by OU
  • Table – Provides details on broken inheritance
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/ad_openaccess.md b/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/ad_openaccess.md index 91daabf9ae..e9b43c22a3 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/ad_openaccess.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/ad_openaccess.md @@ -19,8 +19,11 @@ The AD_OpenAccess Job is located in the 5.Open Access Job Group. Navigate to the **Active Directory Permissions Analyzer** > **5.Open Access** > **AD_OpenAccess** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_OpenAccess Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/openaccessanalysis.webp) @@ -34,6 +37,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the AD_OpenAccess Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| --------------------- | ---------------------------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Open Access by Domain | This report highlights instances of open access on AD objects, and summarizes open access by domain. | None | This report is comprised of three elements: - Bar Chart – Displays open access by domain - Table – Provides details on open access - Table – Provides details on open access by domain | +| Report | Description | Default Tags | Report Elements | +| --------------------- | ---------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Open Access by Domain | This report highlights instances of open access on AD objects, and summarizes open access by domain. | None | This report is comprised of three elements:
  • Bar Chart – Displays open access by domain
  • Table – Provides details on open access
  • Table – Provides details on open access by domain
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/ad_oupermissions.md b/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/ad_oupermissions.md index cb51810147..edc1183870 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/ad_oupermissions.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/ad_oupermissions.md @@ -18,8 +18,11 @@ The AD_OUPermissions Job is located in the 3.OUs Job Group. Navigate to the **Active Directory Permissions Analyzer** > **3.OUs** > **AD_OUPermissions** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_OUPermissions Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/oupermissionsanalysis.webp) @@ -33,6 +36,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the AD_OUPermissions Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| -------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| OU Permissions | This report highlights instances where permissions are applied to Active Directory organizational units. This information is summarized at the domain and enterprise levels. | None | This report is comprised of three elements: - Bar Chart – Displays OU permissions by domain - Pie Chart – Displays OU permissions by type - Table – Provides details on OU permissions | +| Report | Description | Default Tags | Report Elements | +| -------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| OU Permissions | This report highlights instances where permissions are applied to Active Directory organizational units. This information is summarized at the domain and enterprise levels. | None | This report is comprised of three elements:
  • Bar Chart – Displays OU permissions by domain
  • Pie Chart – Displays OU permissions by type
  • Table – Provides details on OU permissions
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/ad_shadowaccess.md b/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/ad_shadowaccess.md index f02ffe5b68..45628b6e7a 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/ad_shadowaccess.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/ad_shadowaccess.md @@ -32,10 +32,13 @@ topic for additional information. Navigate to the **Active Directory Permissions Analyzer** > **AD_ShadowAccess** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks, with the exception of the +:::warning +Do not modify or deselect the selected analysis tasks, with the exception of the **Calculate Shadow Access** analysis tasks. The analysis tasks are preconfigured for this job. The **Calculate Shadow Access** analysis task is the only analysis task that has customizable parameters. +::: + ![Analysis Tasks for the AD_ShadowAccess Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/shadowaccessanalysis.webp) @@ -60,10 +63,11 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the AD_ShadowAccess Job produces the following pre-configured reports. -| Report | Description | Default Tags | Report Elements | -| ---------------------------- | ---------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Domain Shadow Access | This report will calculate the shortest path between highly sensitive privileges and non-privileged users. | None | This report is comprised of five elements: - Bar Chart – Displays summary information on targeted domain - Table – Provides details on targeted domain in table form - Table – Provides details on exploited permissions - Table – Provides details on vulnerabilities - Table – Provides details on domain users and attack paths that can be used against those domain users | -| Sensitive Data Shadow Access | This report will calculate the shortest path between highly sensitive data and non-privileged users. | None | This report is comprised of five elements: - Bar Chart – Displays summary information on sensitive data - Table – Provides details on sensitive data in table form - Table – Provides details on exploited permissions - Table – Provides details on vulnerabilities - Table – Provides details on domain users and attack paths that can be used against those domain users | +| Report | Description | Default Tags | Report Elements | +| ---------------------------- | ---------------------------------------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Domain Shadow Access | This report will calculate the shortest path between highly sensitive privileges and non-privileged users. | None | This report is comprised of five elements:
  • Bar Chart – Displays summary information on targeted domain
  • Table – Provides details on targeted domain in table form
  • Table – Provides details on exploited permissions
  • Table – Provides details on vulnerabilities
  • Table – Provides details on domain users and attack paths that can be used against those domain users
| +| Sensitive Data Shadow Access | This report will calculate the shortest path between highly sensitive data and non-privileged users. | None | This report is comprised of five elements:
  • Bar Chart – Displays summary information on sensitive data
  • Table – Provides details on sensitive data in table form
  • Table – Provides details on exploited permissions
  • Table – Provides details on vulnerabilities
  • Table – Provides details on domain users and attack paths that can be used against those domain users
| + See the [Report Functions for the AD_ShadowAccess Job](#report-functions-for-the-ad_shadowaccess-job) topic @@ -109,7 +113,10 @@ Double-click on the current value and change as desired. - If the variable type is a table, select the cell and click **Edit Table** to modify the value. -**CAUTION:** Do not change any parameters where the Value states `Created during execution`. +:::warning +Do not change any parameters where the Value states `Created during execution`. +::: + **Step 4 –** Click **Save and Close** to finalize the customization and close the SQL Script Editor window. @@ -126,9 +133,12 @@ and attack paths within the targeted environments. Navigate to the **Active Directory Permissions Analyzer** > **AD_ShadowAccess** > **Results** node to view the AD_ShadowAccess job reports. -**NOTE:** These reports can also be accessed through the Web Console. See the +:::note +These reports can also be accessed through the Web Console. See the [Viewing Generated Reports](/docs/accessanalyzer/11.6/admin/report/view.md) topic for additional information. +::: + ![Exploited Permissions and Vulnerabilities on Shadow Access reports](/img/product_docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/shadowaccessreport1.webp) diff --git a/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/collection/ad_computerrights.md b/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/collection/ad_computerrights.md index f4ee024caa..e5ccb1a067 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/collection/ad_computerrights.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/collection/ad_computerrights.md @@ -13,7 +13,10 @@ Active Directory. The AD_ComputerRights Job uses the ADPermissions Data Collector for the following query: -**CAUTION:** Do not modify the query. The query is preconfigured for this job. +:::warning +Do not modify the query. The query is preconfigured for this job. +::: + ![Query for the AD_ComputerRights Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/collection/computerrightsquery.webp) @@ -28,8 +31,11 @@ The AD_ComputerRights Job uses the ADPermissions Data Collector for the followin Navigate to the **Active Directory Permissions Analyzer** > **0.Collection** > **AD_ComputerRights** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Task for the AD_ComputerRights Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/collection/computerrightsanalysis.webp) diff --git a/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/collection/ad_containerrights.md b/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/collection/ad_containerrights.md index cf1448a439..3d03d9b8c0 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/collection/ad_containerrights.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/collection/ad_containerrights.md @@ -13,7 +13,10 @@ Active Directory. The AD_ContainerRights Job uses the ADPermissions Data Collector for the following query: -**CAUTION:** Do not modify the query. The query is preconfigured for this job. +:::warning +Do not modify the query. The query is preconfigured for this job. +::: + ![Query for the AD_ContainerRights Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/collection/containerrightsquery.webp) @@ -28,8 +31,11 @@ The AD_ContainerRights Job uses the ADPermissions Data Collector for the followi Navigate to the **Active Directory Permissions Analyzer** > **0.Collection** > **AD_ContainerRights** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_ContainerRights Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/collection/containerrightsanalysis.webp) diff --git a/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/collection/ad_domainrights.md b/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/collection/ad_domainrights.md index 642a11b669..68d38312d5 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/collection/ad_domainrights.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/collection/ad_domainrights.md @@ -13,7 +13,10 @@ Active Directory. The AD_DomainRights Job uses the ADPermissions Data Collector for the following query: -**CAUTION:** Do not modify the query. The query is preconfigured for this job. +:::warning +Do not modify the query. The query is preconfigured for this job. +::: + ![Query for the AD_DomainRights Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/collection/domainrightsquery.webp) @@ -28,8 +31,11 @@ The AD_DomainRights Job uses the ADPermissions Data Collector for the following Navigate to the **Active Directory Permissions Analyzer** > **0.Collection** > **AD_DomainRights** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_DomainRights Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/collection/domainrightsanalysis.webp) diff --git a/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/collection/ad_grouprights.md b/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/collection/ad_grouprights.md index a72dfec1e9..cd10216c4a 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/collection/ad_grouprights.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/collection/ad_grouprights.md @@ -13,7 +13,10 @@ Directory. The AD_GroupRights Job uses the ADPermissions Data Collector for the following query: -**CAUTION:** Do not modify the query. The query is preconfigured for this job. +:::warning +Do not modify the query. The query is preconfigured for this job. +::: + ![Query for the AD_GroupRights Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/collection/grouprightsquery.webp) @@ -28,8 +31,11 @@ The AD_GroupRights Job uses the ADPermissions Data Collector for the following q Navigate to the **Active Directory Permissions Analyzer** > **0.Collection** > **AD_GroupRights** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_GroupRights Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/collection/grouprightsanalysis.webp) diff --git a/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/collection/ad_ourights.md b/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/collection/ad_ourights.md index c4a62f0401..3b46a6ea30 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/collection/ad_ourights.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/collection/ad_ourights.md @@ -13,7 +13,10 @@ in Active Directory. The AD_OURights Job uses the ADPermissions Data Collector for the following query: -**CAUTION:** Do not modify the query. The query is preconfigured for this job. +:::warning +Do not modify the query. The query is preconfigured for this job. +::: + ![Query for the AD_OURights Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/collection/ourightsquery.webp) @@ -28,8 +31,11 @@ The AD_OURights Job uses the ADPermissions Data Collector for the following quer Navigate to the **Active Directory Permissions Analyzer** > **0.Collection** > **AD_OURights** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_OURights Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/collection/ourightsanalysis.webp) diff --git a/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/collection/ad_siterights.md b/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/collection/ad_siterights.md index c80c9ce0f1..207f2fceaa 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/collection/ad_siterights.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/collection/ad_siterights.md @@ -13,7 +13,10 @@ Directory. The AD_SiteRights Job uses the ADPermissions Data Collector for the following query: -**CAUTION:** Do not modify the query. The query is preconfigured for this job. +:::warning +Do not modify the query. The query is preconfigured for this job. +::: + ![Query for the AD_SiteRights Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/collection/siterightsquery.webp) @@ -28,8 +31,11 @@ The AD_SiteRights Job uses the ADPermissions Data Collector for the following qu Navigate to the **Active Directory Permissions Analyzer** > **0.Collection** > **AD_SiteRights** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_SiteRights Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/collection/userrightsanalysis.webp) diff --git a/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/collection/ad_userrights.md b/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/collection/ad_userrights.md index 50f26c438b..98786762ed 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/collection/ad_userrights.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/collection/ad_userrights.md @@ -13,7 +13,10 @@ Directory. The AD_UserRights Job uses the ADPermissions Data Collector for the following query: -**CAUTION:** Do not modify the query. The query is preconfigured for this job. +:::warning +Do not modify the query. The query is preconfigured for this job. +::: + ![Query for the AD_UserRights Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/collection/userrightsquery.webp) @@ -28,8 +31,11 @@ The AD_UserRights Job uses the ADPermissions Data Collector for the following qu Navigate to the **Active Directory Permissions Analyzer** > **0.Collection** > **AD_UserRights** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_UserRights Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/collection/userrightsanalysis.webp) diff --git a/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/computers/ad_computerpermissions.md b/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/computers/ad_computerpermissions.md index 26f4f59125..9c68da3b44 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/computers/ad_computerpermissions.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/computers/ad_computerpermissions.md @@ -14,8 +14,11 @@ objects within the targeted domains. Navigate to the **Active Directory Permissions Analyzer** > **4.Computers** > **AD_ComputerPermissions** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_ComputerPermissions Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/computers/computerpermissionsanalysis.webp) @@ -29,6 +32,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the AD_ComputerPermissions Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Computer Permissions | This report highlights instances where permissions are applied to Active Directory computer objects. This information is summarized at the domain and enterprise levels. | None | This report is comprised of three elements: - Bar Chart – Displays computer permissions by domain - Pie Chart – Displays computer permissions by type - Table – Provides details on computer permissions | +| Report | Description | Default Tags | Report Elements | +| -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Computer Permissions | This report highlights instances where permissions are applied to Active Directory computer objects. This information is summarized at the domain and enterprise levels. | None | This report is comprised of three elements:
  • Bar Chart – Displays computer permissions by domain
  • Pie Chart – Displays computer permissions by type
  • Table – Provides details on computer permissions
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/computers/ad_lapspermissions.md b/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/computers/ad_lapspermissions.md index de37e137cb..15c4c4d290 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/computers/ad_lapspermissions.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/computers/ad_lapspermissions.md @@ -14,8 +14,11 @@ and access to computer objects that may lead to unintended access to LAPS attri Navigate to the **Active Directory Permissions Analyzer** > **4.Computers** > **AD_LAPSPermissions** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_LAPSPermissions Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/computers/lapspermissionsanalysis.webp) @@ -30,7 +33,8 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the AD_LAPSPermissions Job produces the following pre-configured reports. -| Report | Description | Default Tags | Report Elements | -| ---------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| LAPS Attributes | Identify Active Directory objects that have access to LAPS attributes on Computers within your organization. | None | This report is comprised of three elements: - Pie Chart – Displays top attribute permissions by trustee - Table – Provides details on attribute permissions by trustee - Table – Provides details on attributes | -| LAPS Permissions | Identify Active Directory objects that have access to computers objects within your organization that may lead to indirect access to LAPS attributes. | None | This report is comprised of three elements: - Bar Chart – Displays LAPS permissions by domain - Pie Chart – Displays LAPS permissions by type - Table – Provides details on LAPS permissions | +| Report | Description | Default Tags | Report Elements | +| ---------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| LAPS Attributes | Identify Active Directory objects that have access to LAPS attributes on Computers within your organization. | None | This report is comprised of three elements:
  • Pie Chart – Displays top attribute permissions by trustee
  • Table – Provides details on attribute permissions by trustee
  • Table – Provides details on attributes
| +| LAPS Permissions | Identify Active Directory objects that have access to computers objects within your organization that may lead to indirect access to LAPS attributes. | None | This report is comprised of three elements:
  • Bar Chart – Displays LAPS permissions by domain
  • Pie Chart – Displays LAPS permissions by type
  • Table – Provides details on LAPS permissions
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/containers/ad_adminsdholder.md b/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/containers/ad_adminsdholder.md index 402d445274..7fb5c711e6 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/containers/ad_adminsdholder.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/containers/ad_adminsdholder.md @@ -14,7 +14,10 @@ Container in Active Directory. The AD_AdminSDHolder Job uses the PowerShell Data Collector for the following query: -**CAUTION:** Do not modify the query. The query is preconfigured for this job. +:::warning +Do not modify the query. The query is preconfigured for this job. +::: + ![Queries for the AD_AdminSDHolder Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/containers/adminsdholderquery.webp) @@ -29,8 +32,11 @@ The AD_AdminSDHolder Job uses the PowerShell Data Collector for the following qu Navigate to the **Active Directory Permissions Analyzer** > **7.Containers** > **AD_AdminSDHolder** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_AdminSDHolder Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/containers/adminsdholderanalysis.webp) @@ -44,6 +50,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the AD_AdminSDHolder Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| AdminSDHolder Permissions | This report highlights suspicious (non-default) permissions applied to the AdminSDHolder container across all audited domains, and enumerates all AdminSDHolder permissions. For more information on vulnerabilities involving AdminSDHolder access, see the Microsoft [AdminSDHolder, Protected Groups and SDPROP](https://technet.microsoft.com/en-us/library/2009.09.sdadminholder.aspx) article. | None | This report is comprised of three elements: - Bar Chart – Displays suspicious AdminSDHolder permissions by domain - Table – Provides details on AdminSDHolder permissions - Table – Provides details on top users by suspicious AdminSDHolder permissions | +| Report | Description | Default Tags | Report Elements | +| ------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| AdminSDHolder Permissions | This report highlights suspicious (non-default) permissions applied to the AdminSDHolder container across all audited domains, and enumerates all AdminSDHolder permissions. For more information on vulnerabilities involving AdminSDHolder access, see the Microsoft [AdminSDHolder, Protected Groups and SDPROP](https://technet.microsoft.com/en-us/library/2009.09.sdadminholder.aspx) article. | None | This report is comprised of three elements:
  • Bar Chart – Displays suspicious AdminSDHolder permissions by domain
  • Table – Provides details on AdminSDHolder permissions
  • Table – Provides details on top users by suspicious AdminSDHolder permissions
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/containers/ad_containerpermissions.md b/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/containers/ad_containerpermissions.md index 50b5120275..15ff3b24d7 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/containers/ad_containerpermissions.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/containers/ad_containerpermissions.md @@ -14,8 +14,11 @@ applied to container objects within the targeted domains. Navigate to the **Active Directory Permissions Analyzer** > **7.Containers** > **AD_ContainerPermissions** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_ContainerPermissions Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/containers/containerpermissionsanalysis.webp) @@ -29,6 +32,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the AD_ContainerPermissions Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| --------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Container Permissions | This report highlights instances where permissions are applied to Active Directory container objects. This information is summarized at the domain and enterprise levels. | None | This report is comprised of three elements: - Bar Chart – Displays container permissions by domain - Pie Chart – Provides details on enterprise container permissions by type - Table – Provides details on container permissions | +| Report | Description | Default Tags | Report Elements | +| --------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Container Permissions | This report highlights instances where permissions are applied to Active Directory container objects. This information is summarized at the domain and enterprise levels. | None | This report is comprised of three elements:
  • Bar Chart – Displays container permissions by domain
  • Pie Chart – Provides details on enterprise container permissions by type
  • Table – Provides details on container permissions
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/domains/ad_domainpermissions.md b/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/domains/ad_domainpermissions.md index d9fd5bb5af..4720af4ae1 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/domains/ad_domainpermissions.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/domains/ad_domainpermissions.md @@ -14,8 +14,11 @@ within the targeted domains. Navigate to the **Active Directory Permissions Analyzer** > **8.Domains** > **AD_DomainPermissions** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_DomainPermissions Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/domains/domainpermissionsanalysis.webp) @@ -29,6 +32,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the AD_DomainPermissions Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Domain Permissions | This report highlights instances where permissions are applied to Active Directory domain objects. This information is summarized at the domain and enterprise levels. | None | This report is comprised of three elements: - Bar Chart – Displays permissions by domain - Pie Chart – Provides details on enterprise domain permissions by type - Table – Provides details on domain permissions | +| Report | Description | Default Tags | Report Elements | +| ------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Domain Permissions | This report highlights instances where permissions are applied to Active Directory domain objects. This information is summarized at the domain and enterprise levels. | None | This report is comprised of three elements:
  • Bar Chart – Displays permissions by domain
  • Pie Chart – Provides details on enterprise domain permissions by type
  • Table – Provides details on domain permissions
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/domains/ad_domainreplication.md b/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/domains/ad_domainreplication.md index 9625e68446..42b93292cd 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/domains/ad_domainreplication.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/domains/ad_domainreplication.md @@ -14,8 +14,11 @@ within the targeted domains. Navigate to the **Active Directory Permissions Analyzer** > **8.Domains** > **AD_DomainReplication** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_DomainReplication Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/domains/domainreplicationanalysis.webp) @@ -29,6 +32,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the AD_DomainReplication Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ------------------------------ | ---------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Domain Replication Permissions | This report highlights domain replication permissions applied to domain objects in active directory. | None | This report is comprised of three elements: - Bar Chart – Displays replication permission summary by domain - Table – Provides details on replication permissions - Table – Provides details on top users by replication permissions | +| Report | Description | Default Tags | Report Elements | +| ------------------------------ | ---------------------------------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Domain Replication Permissions | This report highlights domain replication permissions applied to domain objects in active directory. | None | This report is comprised of three elements:
  • Bar Chart – Displays replication permission summary by domain
  • Table – Provides details on replication permissions
  • Table – Provides details on top users by replication permissions
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/groups/ad_groupmembershippermissions.md b/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/groups/ad_groupmembershippermissions.md index cffdda02c9..93ef766534 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/groups/ad_groupmembershippermissions.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/groups/ad_groupmembershippermissions.md @@ -15,8 +15,11 @@ Navigate to the **Active Directory Permissions Analyzer** > **2.Groups** > **AD_GroupMembershipPermissions** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_GroupMembershipPermissions Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/groups/groupmembershippermissionsanalysis.webp) @@ -30,6 +33,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the AD_GroupMembershipPermissions Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ---------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Group Membership | This report highlights instances where trustees can change the membership of Active Directory group objects, either by writing the member attribute or via the "Add/Remove self as member" permission. By default, this report excludes members of administrator groups such as Domain Admins, Schema Admins, and Enterprise Admins. | None | This report is comprised of three elements: - Bar Chart – Displays affected groups by domain - Table – Provides details on membership change permissions - Table – Provides details on top users with group membership change permissions | +| Report | Description | Default Tags | Report Elements | +| ---------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Group Membership | This report highlights instances where trustees can change the membership of Active Directory group objects, either by writing the member attribute or via the "Add/Remove self as member" permission. By default, this report excludes members of administrator groups such as Domain Admins, Schema Admins, and Enterprise Admins. | None | This report is comprised of three elements:
  • Bar Chart – Displays affected groups by domain
  • Table – Provides details on membership change permissions
  • Table – Provides details on top users with group membership change permissions
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/groups/ad_grouppermissions.md b/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/groups/ad_grouppermissions.md index 07a6cda48c..1d01bb69b5 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/groups/ad_grouppermissions.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/groups/ad_grouppermissions.md @@ -14,8 +14,11 @@ the targeted domains. Navigate to the **Active Directory Permissions Analyzer** > **2.Groups** > **AD_GroupPermissions** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_GroupPermissions Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/groups/grouppermissionsanalysis.webp) @@ -29,6 +32,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the AD_GroupPermissions Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ----------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Group Permissions | This report highlights instances where permissions are applied to Active Directory group objects. This information is summarized at the domain and enterprise levels. | None | This report is comprised of three elements: - Bar Chart – Displays group permissions by domain - Pie Chart – Displays group permissions by type - Table – Provides details on group permissions | +| Report | Description | Default Tags | Report Elements | +| ----------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Group Permissions | This report highlights instances where permissions are applied to Active Directory group objects. This information is summarized at the domain and enterprise levels. | None | This report is comprised of three elements:
  • Bar Chart – Displays group permissions by domain
  • Pie Chart – Displays group permissions by type
  • Table – Provides details on group permissions
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/overview.md b/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/overview.md index b00d4f81a0..287d855281 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/overview.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/overview.md @@ -17,22 +17,25 @@ The Active Directory Permissions Analyzer Solution is located within the **Jobs* Directory Permissions Analyzer** Job Group, which identifies permissions applied to computers, groups, organizational units, and users. -Supported Platforms +**Supported Platforms** - Windows Server 2016 and later - Windows 2003 Forest level or higher -**NOTE:** See the Microsoft +:::note +See the Microsoft [Windows Server end of support and Microsoft 365 Apps](https://learn.microsoft.com/en-us/deployoffice/endofsupport/windows-server-support) article for additional information. +::: -Requirements, Permissions, and Ports + +**Requirements, Permissions, and Ports** See the -[Domain Target Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/activedirectorypermissionsanalyzer/activedirectorypermissionsanalyzer_1.md) +[Domain Target Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/activedirectorypermissionsanalyzer/target.md) topic for additional information. -Location +**Location** The Active Directory Permissions Analyzer requires a special Enterprise Auditor license. It can be installed from the Instant Job Wizard, see the diff --git a/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/recommended.md b/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/recommended.md index b92669a688..4bbecb3511 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/recommended.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/recommended.md @@ -6,7 +6,7 @@ sidebar_position: 10 # Recommended Configurations for AD Permissions Analyzer Solution -Dependencies +**Dependencies** The following Enterprise Auditor job groups need to be successfully run: @@ -31,14 +31,14 @@ The following jobs can be optionally run to enhance reporting in the - Windows > Privileged Accounts > Local Administrators > SG_Sessions - Windows > Privileged Accounts > Local Administrators > SG_LocalAdmins -Targeted Hosts +**Targeted Hosts** The **Active Directory Permissions Analyzer** > **0. Collection** Job Group has been set to run against the following default host list: - One Domain Controller Per Domain -Connection Profile +**Connection Profile** Assign a Connection Profile at the **Active Directory Permissions Analyzer** > **0. Collection** > **Settings** > **Connection** node with local Administrator privileges on the target host, or Domain @@ -48,11 +48,11 @@ See the [Connection](/docs/accessanalyzer/11.6/admin/settings/connection/overview.md) topic for additional information. -Schedule Frequency +**Schedule Frequency** This job group can be scheduled to run as desired. -Workflow +**Workflow** **Step 1 –** Prerequisite: Successful execution of the .Active Directory Inventory Job Group. diff --git a/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/sites/ad_dcshadowpermissions.md b/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/sites/ad_dcshadowpermissions.md index c176f223c2..c533fa8bf6 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/sites/ad_dcshadowpermissions.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/sites/ad_dcshadowpermissions.md @@ -14,8 +14,11 @@ performing a DCShadow attack within the targeted domains. Navigate to the **Active Directory Permissions Analyzer** > **9.Sites** > **AD_DCShadowPermissions** > **Configure** node and select **Analysis** to view analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_DCShadowPermissions Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/sites/dcshadowpermissionsanalysis.webp) @@ -29,6 +32,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the AD_DCShadowPermisssions Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| DCShadow Permissions | This report highlights permissions applied to Site objects and Computer objects in Active Directory required to execute the DCShadow attack. By default this report excludes members of administrator groups such as Domain Admins, Schema Admins, and Enterprise Admins. | None | This report is comprised of three elements: - Bar Chart – Displays top users by computer count - Table – Provides details on top users by computer count - Table – Provides details on DCShadow permission details | +| Report | Description | Default Tags | Report Elements | +| -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| DCShadow Permissions | This report highlights permissions applied to Site objects and Computer objects in Active Directory required to execute the DCShadow attack. By default this report excludes members of administrator groups such as Domain Admins, Schema Admins, and Enterprise Admins. | None | This report is comprised of three elements:
  • Bar Chart – Displays top users by computer count
  • Table – Provides details on top users by computer count
  • Table – Provides details on DCShadow permission details
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/sites/ad_sitepermissions.md b/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/sites/ad_sitepermissions.md index 39ab083dec..01db409987 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/sites/ad_sitepermissions.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/sites/ad_sitepermissions.md @@ -14,8 +14,11 @@ within the targeted domains. Navigate to the **Active Directory Permissions Analyzer** > **9.Sites** > **AD_SitePermissions** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_SitePermissions Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/sites/sitepermissionsanalysis.webp) @@ -29,6 +32,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the AD_SitePermissions Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ---------------- | ------------------------------------------------------------------------------------------------ | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Site Permissions | This report highlights instances where permissions are applied to Active Directory Site objects. | None | This report is comprised of three elements: - Bar Chart – Displays permissions by site - Pie chart – Provides details on enterprise site permissions by type - Table – Provides details on site permissions | +| Report | Description | Default Tags | Report Elements | +| ---------------- | ------------------------------------------------------------------------------------------------ | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Site Permissions | This report highlights instances where permissions are applied to Active Directory Site objects. | None | This report is comprised of three elements:
  • Bar Chart – Displays permissions by site
  • Pie chart – Provides details on enterprise site permissions by type
  • Table – Provides details on site permissions
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/users/ad_resetpasswordpermissions.md b/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/users/ad_resetpasswordpermissions.md index da12cda249..0f6467a424 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/users/ad_resetpasswordpermissions.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/users/ad_resetpasswordpermissions.md @@ -17,8 +17,11 @@ Navigate to the **Active Directory Permissions Analyzer** > **1.Users** > **AD_ResetPasswordPermissions** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_ResetPasswordPermissions Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/users/resetpasswordpermissionsanalysis.webp) @@ -32,6 +35,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the AD_ResetPasswordPermissions Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| -------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Reset Password | This report highlights instances where "Reset Password" permissions are applied to Active Directory user objects. This information is summarized at the domain and enterprise levels. By default, this report excludes members of administrator groups such as Domain Admins, Schema Admins, and Enterprise Admins. | None | This report is comprised of three elements: - Bar Chart – Displays affected accounts by domain - Table – Provides details on reset password permissions - Table – Provides details on top users with reset password permissions | +| Report | Description | Default Tags | Report Elements | +| -------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Reset Password | This report highlights instances where "Reset Password" permissions are applied to Active Directory user objects. This information is summarized at the domain and enterprise levels. By default, this report excludes members of administrator groups such as Domain Admins, Schema Admins, and Enterprise Admins. | None | This report is comprised of three elements:
  • Bar Chart – Displays affected accounts by domain
  • Table – Provides details on reset password permissions
  • Table – Provides details on top users with reset password permissions
| + diff --git a/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/users/ad_userpermissions.md b/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/users/ad_userpermissions.md index 78a873bcbd..83e577664b 100644 --- a/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/users/ad_userpermissions.md +++ b/docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/users/ad_userpermissions.md @@ -15,8 +15,11 @@ Active Directory. Navigate to the **Active Directory Permissions Analyzer** > **1.Users** > **AD_UserPermissions** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AD_UserPermissions Job](/img/product_docs/accessanalyzer/11.6/solutions/activedirectorypermissionsanalyzer/users/userpermissionsanalysis.webp) @@ -30,6 +33,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the AD_UserPermissions Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ---------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| User permissions | This report highlights instances where permissions are applied to Active Directory user objects. This information is summarized at the domain and enterprise levels. | None | This report is comprised of three elements: - Bar Chart – Displays user permissions by domain - Pie Chart – Provides details on user permission types - Table – Provides details on user permissions | +| Report | Description | Default Tags | Report Elements | +| ---------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| User permissions | This report highlights instances where permissions are applied to Active Directory user objects. This information is summarized at the domain and enterprise levels. | None | This report is comprised of three elements:
  • Bar Chart – Displays user permissions by domain
  • Pie Chart – Provides details on user permission types
  • Table – Provides details on user permissions
| + diff --git a/docs/accessanalyzer/11.6/solutions/anyid/anyid_csv.md b/docs/accessanalyzer/11.6/solutions/anyid/anyid_csv.md index 51dde38574..091f14b24e 100644 --- a/docs/accessanalyzer/11.6/solutions/anyid/anyid_csv.md +++ b/docs/accessanalyzer/11.6/solutions/anyid/anyid_csv.md @@ -9,8 +9,11 @@ sidebar_position: 10 The AnyID_CSV job imports a list of identities and attributes from a CSV file. Use this when a native integration may not be available, or an export is the best option. -**_RECOMMENDED:_** Copy the CSV file to the Enterprise Auditor Console for the best import +:::info +Copy the CSV file to the Enterprise Auditor Console for the best import performance. +::: + ![AnyID_CSV Job in the Jobs Tree](/img/product_docs/accessanalyzer/11.6/solutions/anyid/csvjoblocation.webp) @@ -20,43 +23,43 @@ The AnyID_CSV job is located in the **Jobs** > **AnyID Connectors** job group. The following are recommended configurations for the AnyID_CSV job: -Dependencies +**Dependencies** None -Targeted Host +**Targeted Host** Local Host -Connection Profile +**Connection Profile** The AnyID_CSV job does not require a connection profile. -History Retention +**History Retention** Default Retention Period. See the [History](/docs/accessanalyzer/11.6/admin/settings/history.md) topic for additional information. -Multi-Console Support +**Multi-Console Support** Not supported -Schedule Frequency +**Schedule Frequency** Schedule the job as required. -Query Configuration +**Query Configuration** This job contains configurable queries. See the [Configure the AnyID_CSV Query](#configure-the-anyid_csvquery) topic for additional information. -Analysis Configuration +**Analysis Configuration** See the [Analysis Tasks for the AnyID_CSV Job](#analysis-tasks-for-the-anyid_csvjob) topic for additional information. -Workflow +**Workflow** **Step 1 –** Prepare a CSV file for import. @@ -102,7 +105,10 @@ Wizard opens. **Step 5 –** Navigate to the Edit Query page. Click the **Parameters** tab on the right-hand side of the page to expand the Parameters window. Configure the following attributes: -**CAUTION:** The following attributes must be configured in order for the job to execute properly. +:::warning +The following attributes must be configured in order for the job to execute properly. +::: + - $inputfile – File path to the CSV file which contains the identity and attribute information - $RequiredAttributes – The list of attributes that need to be found in the document in order to @@ -134,8 +140,11 @@ The query is now ready to run. Navigate to the **Jobs** > **AnyID Connectors** > **AnyID_CSV** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AnyID_CSV Job](/img/product_docs/accessanalyzer/11.6/solutions/anyid/csvanalyses.webp) @@ -149,6 +158,7 @@ The default analysis tasks are: In addition to the tables created by the analysis tasks, the AnyID_CSV job produces the following preconfigured report: -| Report | Description | Default Tags | Report Elements | -| ----------- | --------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| CSV Imports | This report highlights subjects imported from the provided CSV file, and summarizes attribute completion. | None | This report is comprised of four elements: - Table – Contains information on imported subjects - Bar Chart – Provides information on subject types - Table – Contains information on the attributes summary - Table – Contains information on subject details | +| Report | Description | Default Tags | Report Elements | +| ----------- | --------------------------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| CSV Imports | This report highlights subjects imported from the provided CSV file, and summarizes attribute completion. | None | This report is comprised of four elements:
  • Table – Contains information on imported subjects
  • Bar Chart – Provides information on subject types
  • Table – Contains information on the attributes summary
  • Table – Contains information on subject details
| + diff --git a/docs/accessanalyzer/11.6/solutions/anyid/anyid_epicclarity.md b/docs/accessanalyzer/11.6/solutions/anyid/anyid_epicclarity.md index f14fa26ee8..a771ea0c9c 100644 --- a/docs/accessanalyzer/11.6/solutions/anyid/anyid_epicclarity.md +++ b/docs/accessanalyzer/11.6/solutions/anyid/anyid_epicclarity.md @@ -18,46 +18,46 @@ The AnyID_EpicClarity job is located in the **Jobs** > **AnyID Connectors** j The following are recommended configurations for the AnyID_EpicClarity job: -Dependencies +**Dependencies** The AnyID_EpicClarity job requires a CSV file with a filepath configured in the job's query to collect data. See the [Configure the AnyID_EpicClarity Queries](#configure-the-anyid_epicclarity-queries) topic for additional information. -Targeted Host +**Targeted Host** Epic Clarity Database Server -Connection Profile +**Connection Profile** Read Access to the underlying Clarity Oracle database. -History Retention +**History Retention** Default Retention Period. See the [History](/docs/accessanalyzer/11.6/admin/settings/history.md) topic for additional information. -Multi-Console Support +**Multi-Console Support** Not supported -Schedule Frequency +**Schedule Frequency** This job should be run based on the desired frequency of Sensitive Data Scans. -Query Configuration +**Query Configuration** This job contains configurable queries. See the Configure the [Configure the AnyID_EpicClarity Queries](#configure-the-anyid_epicclarity-queries) topic for additional information. -Analysis Configuration +**Analysis Configuration** Run the solution with the default analysis configuration for best results. -Workflow +**Workflow** **Step 1 –** Configure the configurable query parameters for the job. @@ -130,8 +130,11 @@ completed, the queries are ready to run. Navigate to the **Jobs** > **AnyID Connectors** > **AnyID_EpicClarity** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AnyID_EpicClarity Job](/img/product_docs/accessanalyzer/11.6/solutions/anyid/epicclarityanalyses.webp) @@ -145,6 +148,7 @@ The default analysis tasks are: In addition to the tables created by the analysis tasks, the AnyID_EpicClarity job produces the following preconfigured report: -| Report | Description | Default Tags | Report Elements | -| --------------------- | ---------------------------------------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Epic Clarity Patients | This report highlights Epic Clarity Patients and summarizes attribute completion by patient identity and by attribute. | None | This report is comprised of four elements: - Table – Contains information on Epic Clarity patients - Bar Chart – Provides information on subject types - Table – Contains information on the attributes summary - Table – Contains information on subject details | +| Report | Description | Default Tags | Report Elements | +| --------------------- | ---------------------------------------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Epic Clarity Patients | This report highlights Epic Clarity Patients and summarizes attribute completion by patient identity and by attribute. | None | This report is comprised of four elements:
  • Table – Contains information on Epic Clarity patients
  • Bar Chart – Provides information on subject types
  • Table – Contains information on the attributes summary
  • Table – Contains information on subject details
| + diff --git a/docs/accessanalyzer/11.6/solutions/anyid/anyid_paycom.md b/docs/accessanalyzer/11.6/solutions/anyid/anyid_paycom.md index 8df4e77d05..f928a77693 100644 --- a/docs/accessanalyzer/11.6/solutions/anyid/anyid_paycom.md +++ b/docs/accessanalyzer/11.6/solutions/anyid/anyid_paycom.md @@ -19,42 +19,42 @@ The AnyID_Paycom job is located in the **Jobs** > **AnyID Connectors** job gro The following are recommended configurations for the AnyID_Paycom job: -Dependencies +**Dependencies** None -Targeted Host +**Targeted Host** Local Host -Connection Profile +**Connection Profile** The AnyID_Paycom job does not require a connection profile. -History Retention +**History Retention** Default Retention Period. See the [History](/docs/accessanalyzer/11.6/admin/settings/history.md) topic for additional information. -Multi-Console Support +**Multi-Console Support** Not supported -Schedule Frequency +**Schedule Frequency** This job should be run based on the desired frequency of Sensitive Data Scans. -Query Configuration +**Query Configuration** This job contains configurable queries. See the [Configure the AnyID_Paycom Job](#configure-the-anyid_paycom-job) topic for additional information. -Analysis Configuration +**Analysis Configuration** Run the job with the default analysis configuration settings for best results. -Workflow +**Workflow** **Step 1 –** Prepare a CSV file from Paycom for import. @@ -129,8 +129,11 @@ The query is now ready to run. Navigate to the **Jobs** > **AnyID Connectors** > **AnyID_Paycom** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AnyID_Paycom Job](/img/product_docs/accessanalyzer/11.6/solutions/anyid/paycomanalyses.webp) @@ -144,6 +147,7 @@ The default analysis tasks are: In addition to the tables created by the analysis tasks, the AnyID_Paycom job produces the following preconfigured report: -| Report | Description | Default Tags | Report Elements | -| -------------- | ---------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Paycom Imports | This report highlights subjects imported from the provided Paycom CSV file, and summarizes attribute completion. | None | This report is comprised of four elements: - Table – Contains information on imported subjects - Bar Chart – Provides information on subject types - Table – Contains information on the attribute summary - Table – Contains information on subject details | +| Report | Description | Default Tags | Report Elements | +| -------------- | ---------------------------------------------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Paycom Imports | This report highlights subjects imported from the provided Paycom CSV file, and summarizes attribute completion. | None | This report is comprised of four elements:
  • Table – Contains information on imported subjects
  • Bar Chart – Provides information on subject types
  • Table – Contains information on the attribute summary
  • Table – Contains information on subject details
| + diff --git a/docs/accessanalyzer/11.6/solutions/anyid/anyid_salesforce.md b/docs/accessanalyzer/11.6/solutions/anyid/anyid_salesforce.md index 1f65bc765a..81565e8aa3 100644 --- a/docs/accessanalyzer/11.6/solutions/anyid/anyid_salesforce.md +++ b/docs/accessanalyzer/11.6/solutions/anyid/anyid_salesforce.md @@ -31,40 +31,40 @@ The following credentials are required to run the AnyID_Salesforce job: The following are recommended configurations for the AnyID_Salesforce job: -Targeted Host +**Targeted Host** Local Host -Connection Profile +**Connection Profile** Ensure that a connection profile is configured with the required credentials. See the [Prerequisites](#prerequisites) topic for additional information. -History Retention +**History Retention** Default Retention Period. See the [History](/docs/accessanalyzer/11.6/admin/settings/history.md) topic for additional information. -Multi-Console Support +**Multi-Console Support** Not supported -Schedule Frequency +**Schedule Frequency** Schedule the job as required. -Query Configuration +**Query Configuration** This job contains configurable queries. See the [Configure the AnyID_Salesforce Query](#configure-the-anyid_salesforce-query) topic for additional information. -Analysis Configuration +**Analysis Configuration** Run the solution with the default analysis configuration for best results. -Workflow +**Workflow** **Step 1 –** Set up a connection profile with the required credentials. @@ -135,8 +135,11 @@ The query is now ready to run. Navigate to the **Jobs** > **AnyID Connectors** > **AnyID_Salesforce** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AnyID_Salesforce Job](/img/product_docs/accessanalyzer/11.6/solutions/anyid/salesforceanalyses.webp) @@ -150,6 +153,7 @@ The default analysis tasks are: In addition to the tables created by the analysis tasks, the AnyID_Salesforce job produces the following preconfigured report: -| Report | Description | Default Tags | Report Elements | -| ------------------- | ----------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Salesforce Contacts | This report highlights Salesforce Contacts and summarizes attribute completion by contact and by attribute. | None | This report is comprised of four elements: - Table – Contains information on Salesforce contacts - Bar Chart – Provides information on contact types - Table – Contains information on the attributes completion - Table – Contains information on subject details | +| Report | Description | Default Tags | Report Elements | +| ------------------- | ----------------------------------------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Salesforce Contacts | This report highlights Salesforce Contacts and summarizes attribute completion by contact and by attribute. | None | This report is comprised of four elements:
  • Table – Contains information on Salesforce contacts
  • Bar Chart – Provides information on contact types
  • Table – Contains information on the attributes completion
  • Table – Contains information on subject details
| + diff --git a/docs/accessanalyzer/11.6/solutions/anyid/overview.md b/docs/accessanalyzer/11.6/solutions/anyid/overview.md index ad68bd7275..5f90436e64 100644 --- a/docs/accessanalyzer/11.6/solutions/anyid/overview.md +++ b/docs/accessanalyzer/11.6/solutions/anyid/overview.md @@ -73,4 +73,7 @@ The jobs in the AnyID Connectors Solution are: – Collects Salesforce Contact details including Phone, Address, Email, and Date of birth. This job requires API access to Salesforce in order to collect this information. -**NOTE:** See the individual job topics for information on recommended configurations. +:::note +See the individual job topics for information on recommended configurations. + +::: diff --git a/docs/accessanalyzer/11.6/solutions/aws/collection/1.aws_orgscan.md b/docs/accessanalyzer/11.6/solutions/aws/collection/1.aws_orgscan.md index a55d061513..69c3ea699d 100644 --- a/docs/accessanalyzer/11.6/solutions/aws/collection/1.aws_orgscan.md +++ b/docs/accessanalyzer/11.6/solutions/aws/collection/1.aws_orgscan.md @@ -41,7 +41,7 @@ Collector Wizard opens. - Enter the Role in the Role Name field and click **Add** - Alternatively, import multiple Roles from a CSV file - See the - [Configure AWS for Scans](/docs/accessanalyzer/11.6/requirements/aws/aws_2.md) + [Configure AWS for Scans](/docs/accessanalyzer/11.6/requirements/aws/configurescans.md) topic for additional information **Step 5 –** On the Summary page, click **Finish** to save any modifications or click **Cancel** if diff --git a/docs/accessanalyzer/11.6/solutions/aws/collection/2.aws_s3scan.md b/docs/accessanalyzer/11.6/solutions/aws/collection/2.aws_s3scan.md index 34101568cd..b0b94f5e67 100644 --- a/docs/accessanalyzer/11.6/solutions/aws/collection/2.aws_s3scan.md +++ b/docs/accessanalyzer/11.6/solutions/aws/collection/2.aws_s3scan.md @@ -41,7 +41,7 @@ Collector Wizard opens. - Enter the Role in the Role Name field and click **Add** - Alternatively, import multiple Roles from a CSV file - See the - [Configure AWS for Scans](/docs/accessanalyzer/11.6/requirements/aws/aws_2.md) + [Configure AWS for Scans](/docs/accessanalyzer/11.6/requirements/aws/configurescans.md) topic for additional information ![AWS Data Collector Filter S3 Objects wizard page](/img/product_docs/accessanalyzer/11.6/admin/datacollector/aws/filters3objects.webp) @@ -64,8 +64,11 @@ If changes were saved, the 2.AWS_S3Scan Job has now been customized. Navigate to the **AWS** > **0.Collection** > **2.AWS_S3Scan** > **Configure** node and select **Analysis** to view analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the 2.AWS_S3Scan Job](/img/product_docs/accessanalyzer/11.6/solutions/aws/collection/s3scananaylsistasks.webp) diff --git a/docs/accessanalyzer/11.6/solutions/aws/collection/3.aws_iamscan.md b/docs/accessanalyzer/11.6/solutions/aws/collection/3.aws_iamscan.md index 0003a34083..0d735a115c 100644 --- a/docs/accessanalyzer/11.6/solutions/aws/collection/3.aws_iamscan.md +++ b/docs/accessanalyzer/11.6/solutions/aws/collection/3.aws_iamscan.md @@ -41,7 +41,7 @@ Collector Wizard opens. - Enter the Role in the Role Name field and click **Add** - Alternatively, import multiple Roles from a CSV file - See the - [Configure AWS for Scans](/docs/accessanalyzer/11.6/requirements/aws/aws_2.md) + [Configure AWS for Scans](/docs/accessanalyzer/11.6/requirements/aws/configurescans.md) topic for additional information **Step 5 –** On the Summary page, click **Finish** to save any modifications or click **Cancel** if @@ -54,8 +54,11 @@ If changes were saved, the 3.AWS_IAMScan job has now been customized. View the analysis tasks by navigating to the **AWS** > **0.Collection** > **3.AWS_IAMScan** > **Configure** node and selecting **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the 3.AWS_IAM Scan Job](/img/product_docs/accessanalyzer/11.6/solutions/aws/collection/iamscananalysistasks.webp) diff --git a/docs/accessanalyzer/11.6/solutions/aws/collection/4.aws_s3sddscan.md b/docs/accessanalyzer/11.6/solutions/aws/collection/4.aws_s3sddscan.md index 05ae256061..2a1d3c4278 100644 --- a/docs/accessanalyzer/11.6/solutions/aws/collection/4.aws_s3sddscan.md +++ b/docs/accessanalyzer/11.6/solutions/aws/collection/4.aws_s3sddscan.md @@ -54,15 +54,21 @@ Collector Wizard opens. - Enable differential scanning - Modify the number of SDD scan processes - **_RECOMMENDED:_** For optimal performance, the total number of scan processes on a scan host + :::info + For optimal performance, the total number of scan processes on a scan host should be 1 to 2 times the number of CPU threads available. + ::: + - Enable Optical Character Recognition (OCR) scans - **NOTE:** The OCR option is intended to work for clear scanned physical documents or documents + :::note + The OCR option is intended to work for clear scanned physical documents or documents directly converted to images, with standard fonts. It will not work for scanning photos of documents and may not be able to recognize text on images of credit cards, driver's licenses, or other identity cards. + ::: + ![AWS Data Collector Select DLP criteria for this scan wizard page](/img/product_docs/accessanalyzer/11.6/admin/datacollector/ewsmailbox/criteria.webp) @@ -73,8 +79,11 @@ Collector Wizard opens. the[Sensitive Data Criteria Editor](/docs/accessanalyzer/11.6/sensitivedatadiscovery/criteriaeditor/overview.md) topic for additional information and instructions -**NOTE:** By default, discovered sensitive data strings are stored in the Enterprise Auditor +:::note +By default, discovered sensitive data strings are stored in the Enterprise Auditor database. +::: + **Step 7 –** On the Summary page, click **Finish** to save any modifications or click **Cancel** if no changes were made. Then click **OK** to close the Query Properties window. @@ -86,8 +95,11 @@ If changes were saved, the 4.AWS_S3SDDScan Job has now been customized. View the analysis tasks by navigating to the **AWS** > **0.Collection** > **4.AWS_S3SDDScan** > **Configure** node and selecting **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the 4.AWS_S3SDD Scan Job](/img/product_docs/accessanalyzer/11.6/solutions/aws/collection/s3sddscananaylsistasks.webp) diff --git a/docs/accessanalyzer/11.6/solutions/aws/groups/aws_groupmembers.md b/docs/accessanalyzer/11.6/solutions/aws/groups/aws_groupmembers.md index ff6ae6d24c..e8debfe245 100644 --- a/docs/accessanalyzer/11.6/solutions/aws/groups/aws_groupmembers.md +++ b/docs/accessanalyzer/11.6/solutions/aws/groups/aws_groupmembers.md @@ -14,8 +14,11 @@ with no policy assigned to them), sensitive security group membership, and stale Navigate to the **AWS** > **3.Groups** > **AWS_GroupMembers** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AWS_GroupMembers Job](/img/product_docs/accessanalyzer/11.6/solutions/aws/groups/groupmembersanalysis.webp) @@ -31,6 +34,7 @@ The following analysis tasks are selected by default: In addition to the tables and views created by the analysis task, the AWS_GroupMembers job produces the following preconfigured report: -| Report | Description | Default Tags | Report Element | -| ------------- | ------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Group Members | This report identifies group members and summarizes policies applied to those groups. | None | This report is comprised of the following elements: - Stacked Bar Chart – Displays a summary of group members - Stacked Bar Chart – Displays a summary of group policies - Table – Provides details on groups | +| Report | Description | Default Tags | Report Element | +| ------------- | ------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Group Members | This report identifies group members and summarizes policies applied to those groups. | None | This report is comprised of the following elements:
  • Stacked Bar Chart – Displays a summary of group members
  • Stacked Bar Chart – Displays a summary of group policies
  • Table – Provides details on groups
| + diff --git a/docs/accessanalyzer/11.6/solutions/aws/groups/aws_nopolicygroups.md b/docs/accessanalyzer/11.6/solutions/aws/groups/aws_nopolicygroups.md index b7a47c76b2..4ec384a4be 100644 --- a/docs/accessanalyzer/11.6/solutions/aws/groups/aws_nopolicygroups.md +++ b/docs/accessanalyzer/11.6/solutions/aws/groups/aws_nopolicygroups.md @@ -13,8 +13,11 @@ The AWS_NoPolicyGroups job provides details on groups that have no policies assi Navigate to the **AWS** > **3.Groups** > **AWS_NoPolicyGroups** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AWS_NoPolicyGroups Job](/img/product_docs/accessanalyzer/11.6/solutions/aws/groups/nopolicygroupsanalysis.webp) @@ -30,6 +33,7 @@ The following analysis tasks are selected by default: In addition to the tables and views created by the analysis task, the AWS_NoPolicyGroups job produces the following preconfigured report: -| Report | Description | Default Tags | Report Element | -| ----------------------- | ----------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Groups With No Policies | This report identifies groups that do not have a policy assigned. | None | This report is comprised of the following elements: - Stacked Bar Chart – Displays top accounts by no policy group counts - Table – Shows no policy groups by accounts - Table – Provides details on no policy groups | +| Report | Description | Default Tags | Report Element | +| ----------------------- | ----------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Groups With No Policies | This report identifies groups that do not have a policy assigned. | None | This report is comprised of the following elements:
  • Stacked Bar Chart – Displays top accounts by no policy group counts
  • Table – Shows no policy groups by accounts
  • Table – Provides details on no policy groups
| + diff --git a/docs/accessanalyzer/11.6/solutions/aws/groups/aws_stalegroups.md b/docs/accessanalyzer/11.6/solutions/aws/groups/aws_stalegroups.md index 8237333b4b..a63c7d1962 100644 --- a/docs/accessanalyzer/11.6/solutions/aws/groups/aws_stalegroups.md +++ b/docs/accessanalyzer/11.6/solutions/aws/groups/aws_stalegroups.md @@ -29,8 +29,11 @@ topic for additional information. Navigate to the **AWS** > **3.Groups** > **AWS_StaleGroups** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not deselect the selected analysis tasks. The analysis tasks are preconfigured for +:::warning +Do not deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. Only modify the analysis tasks listed in the customizable analysis tasks section. +::: + ![Analysis Tasks for the AWS_StaleGroups Job](/img/product_docs/accessanalyzer/11.6/solutions/aws/groups/stalegroupsanalysis.webp) @@ -65,6 +68,7 @@ topic for instructions on how to modify parameters. In addition to the tables and views created by the analysis task, the AWS_StaleGroups job produces the following preconfigured report: -| Report | Description | Default Tags | Report Element | -| ------------ | --------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Stale Groups | This report determines the staleness of group membership. | None | This report is comprised of the following elements: - Stacked Bar Chart – Displays group membership - Table – Shows group membership - Table – Provides details on group membership | +| Report | Description | Default Tags | Report Element | +| ------------ | --------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Stale Groups | This report determines the staleness of group membership. | None | This report is comprised of the following elements:
  • Stacked Bar Chart – Displays group membership
  • Table – Shows group membership
  • Table – Provides details on group membership
| + diff --git a/docs/accessanalyzer/11.6/solutions/aws/organizations/aws_accounts.md b/docs/accessanalyzer/11.6/solutions/aws/organizations/aws_accounts.md index 96e3367e9c..45cb8533eb 100644 --- a/docs/accessanalyzer/11.6/solutions/aws/organizations/aws_accounts.md +++ b/docs/accessanalyzer/11.6/solutions/aws/organizations/aws_accounts.md @@ -16,8 +16,11 @@ Account can be set manually by adding a line for each Organization in the tempor Navigate to the **AWS** > **1.Organizations** > **AWS_Accounts** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AWS_Accounts Job](/img/product_docs/accessanalyzer/11.6/solutions/aws/organizations/accountsanalysis.webp) @@ -33,6 +36,7 @@ The following analysis tasks are selected by default: In addition to the tables and views created by the analysis task, the AWS_Accounts job produces the following preconfigured report: -| Report | Description | Default Tags | Report Element | -| -------- | ------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Accounts | This report provides details on the IAM Accounts in the AWS Organization. | None | This report is comprised of the following elements: - Stacked Bar Chart – Displays top accounts by org - Table – Shows accounts by Org - Table – Provides details on accounts | +| Report | Description | Default Tags | Report Element | +| -------- | ------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Accounts | This report provides details on the IAM Accounts in the AWS Organization. | None | This report is comprised of the following elements:
  • Stacked Bar Chart – Displays top accounts by org
  • Table – Shows accounts by Org
  • Table – Provides details on accounts
| + diff --git a/docs/accessanalyzer/11.6/solutions/aws/organizations/aws_memberaccountusers.md b/docs/accessanalyzer/11.6/solutions/aws/organizations/aws_memberaccountusers.md index 821b8b1242..abe36070e0 100644 --- a/docs/accessanalyzer/11.6/solutions/aws/organizations/aws_memberaccountusers.md +++ b/docs/accessanalyzer/11.6/solutions/aws/organizations/aws_memberaccountusers.md @@ -14,8 +14,11 @@ Source, which is generally the Master AWS Account for the Organization. Navigate to the **AWS** > **1.Organizations** > **AWS_MemberAccountUsers** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AWS_MemberAccountUsers Job](/img/product_docs/accessanalyzer/11.6/solutions/aws/organizations/memberaccountusersanalysis.webp) @@ -31,6 +34,7 @@ The following analysis tasks are selected by default: In addition to the tables and views created by the analysis task, the AWS_MemberAccountUsers job produces the following preconfigured report: -| Report | Description | Default Tags | Report Element | -| -------------------- | -------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Member Account Users | This report highlights user accounts that are not contained in the AWS Master Account. | None | This report is comprised of the following elements: - Stacked Bar Chart – Displays top member account users by org - Table – Shows member account users by Org - Table – Provides details on member account users | +| Report | Description | Default Tags | Report Element | +| -------------------- | -------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Member Account Users | This report highlights user accounts that are not contained in the AWS Master Account. | None | This report is comprised of the following elements:
  • Stacked Bar Chart – Displays top member account users by org
  • Table – Shows member account users by Org
  • Table – Provides details on member account users
| + diff --git a/docs/accessanalyzer/11.6/solutions/aws/overview.md b/docs/accessanalyzer/11.6/solutions/aws/overview.md index a19e58c76f..069c876d41 100644 --- a/docs/accessanalyzer/11.6/solutions/aws/overview.md +++ b/docs/accessanalyzer/11.6/solutions/aws/overview.md @@ -23,18 +23,18 @@ sensitive data from target AWS accounts. The solution requires a special Enterpr It can be focused to only conduct auditing of AWS IAM. Additionally, the Sensitive Data Discovery Add-On enables the solution to search AWS S3 content for sensitive data. -Supported Platforms +**Supported Platforms** - Amazon AWS IAM - Amazon AWS S3 -Requirements, Permissions, and Ports +**Requirements, Permissions, and Ports** See the -[Target Amazon Web Service Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/aws/aws_1.md) +[Target Amazon Web Service Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/aws/target.md) topic for additional information. -Sensitive Data Discovery Considerations +**Sensitive Data Discovery Considerations** The Sensitive Data Discovery Add-On must be installed on the Enterprise Auditor Console server, which enables Sensitive Data criteria for scans. If running Sensitive Data Discovery (SDD) scans, it @@ -42,13 +42,16 @@ will be necessary to increase the minimum amount of RAM. Each thread requires a additional GB of RAM per host. For example, if the job is configured to scan 8 hosts at a time , then an extra 16 GB of RAM are required (8x2=16). -**NOTE:** The Sensitive Data Discovery Add-on installation package installs the appropriate JDK +:::note +The Sensitive Data Discovery Add-on installation package installs the appropriate JDK (Java) version on the server. The JDK deployed is prepackaged and does not require any configuration; it has been preconfigured to work with Enterprise Auditor and should never be customized through Java. It will not conflict with other JDKs or Java Runtimes in the same environment. +::: -Location + +**Location** The AWS Solution requires a special Enterprise Auditor license. It can be installed from the Enterprise Auditor Instant Job Wizard. See the diff --git a/docs/accessanalyzer/11.6/solutions/aws/policies/aws_custommanagedpolicies.md b/docs/accessanalyzer/11.6/solutions/aws/policies/aws_custommanagedpolicies.md index 7fd57df2fc..cdc3c5d525 100644 --- a/docs/accessanalyzer/11.6/solutions/aws/policies/aws_custommanagedpolicies.md +++ b/docs/accessanalyzer/11.6/solutions/aws/policies/aws_custommanagedpolicies.md @@ -14,8 +14,11 @@ Organization. Navigate to the **AWS** > **5.Policies** > **AWS_CustomManagedPolicies** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AWS_CustomManagedPolicies Job](/img/product_docs/accessanalyzer/11.6/solutions/aws/policies/custommanagedpoliciesanalysis.webp) @@ -32,6 +35,7 @@ The following analysis tasks are selected by default: In addition to the tables and views created by the analysis task, the AWS_CustomManagedPolicies job produces the following preconfigured report: -| Report | Description | Default Tags | Report Element | -| ----------------------- | ----------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Custom Managed Policies | This report analyzes AWS Custom Managed Policies and their usage. | None | This report is comprised of the following elements: - Stacked Bar Chart – Displays custom managed policies by account - Table – Shows custom managed policies by account - Table – Provides details on custom managed policies by account | +| Report | Description | Default Tags | Report Element | +| ----------------------- | ----------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Custom Managed Policies | This report analyzes AWS Custom Managed Policies and their usage. | None | This report is comprised of the following elements:
  • Stacked Bar Chart – Displays custom managed policies by account
  • Table – Shows custom managed policies by account
  • Table – Provides details on custom managed policies by account
| + diff --git a/docs/accessanalyzer/11.6/solutions/aws/policies/aws_inlinepolicies.md b/docs/accessanalyzer/11.6/solutions/aws/policies/aws_inlinepolicies.md index 4a9bcfd655..3461a939e1 100644 --- a/docs/accessanalyzer/11.6/solutions/aws/policies/aws_inlinepolicies.md +++ b/docs/accessanalyzer/11.6/solutions/aws/policies/aws_inlinepolicies.md @@ -14,8 +14,11 @@ to a user or group. Navigate to the **AWS** > **5.Policies** > **AWS_InlinePolicies** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AWS_InlinePolicies Job](/img/product_docs/accessanalyzer/11.6/solutions/aws/policies/inlinepoliciesanalysis.webp) @@ -31,6 +34,7 @@ The following analysis tasks are selected by default: In addition to the tables and views created by the analysis task, the AWS_InlinePolicies job produces the following pre-configured report: -| Report | Description | Default Tags | Report Element | -| --------------- | ----------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Inline Policies | This report identifies AWS Inline Policies that are assigned directly on an AWS Identity. | None | This report is comprised of the following elements: - Stacked Bar Chart – Displays inline policies by account - Table – Shows inline policies by account - Table – Provides details on inline policies | +| Report | Description | Default Tags | Report Element | +| --------------- | ----------------------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Inline Policies | This report identifies AWS Inline Policies that are assigned directly on an AWS Identity. | None | This report is comprised of the following elements:
  • Stacked Bar Chart – Displays inline policies by account
  • Table – Shows inline policies by account
  • Table – Provides details on inline policies
| + diff --git a/docs/accessanalyzer/11.6/solutions/aws/policies/aws_managedpolicies.md b/docs/accessanalyzer/11.6/solutions/aws/policies/aws_managedpolicies.md index 50e3ad92af..1572fefe26 100644 --- a/docs/accessanalyzer/11.6/solutions/aws/policies/aws_managedpolicies.md +++ b/docs/accessanalyzer/11.6/solutions/aws/policies/aws_managedpolicies.md @@ -13,8 +13,11 @@ The AWS_ManagedPolicies job provides details on policies managed by Amazon in th Navigate to the **AWS** > **5.Policies** > **AWS_ManagedPolicies** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AWS_ManagedPolicies Job](/img/product_docs/accessanalyzer/11.6/solutions/aws/policies/managedpoliciesanalysis.webp) @@ -30,6 +33,7 @@ The following analysis tasks are selected by default: In addition to the tables and views created by the analysis task, the AWS_Accounts job produces the following preconfigured report: -| Report | Description | Default Tags | Report Element | -| -------------------- | ---------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| AWS Managed Policies | This report analyzes AWS Managed Policies and their usage. | None | This report is comprised of the following elements: - Stacked Bar Chart – Displays AWS managed policies by account - Table – Shows AWS managed policies by account - Table – Provides details on AWS managed policies | +| Report | Description | Default Tags | Report Element | +| -------------------- | ---------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| AWS Managed Policies | This report analyzes AWS Managed Policies and their usage. | None | This report is comprised of the following elements:
  • Stacked Bar Chart – Displays AWS managed policies by account
  • Table – Shows AWS managed policies by account
  • Table – Provides details on AWS managed policies
| + diff --git a/docs/accessanalyzer/11.6/solutions/aws/policies/aws_sensitivepolicies.md b/docs/accessanalyzer/11.6/solutions/aws/policies/aws_sensitivepolicies.md index ee38901480..653fe94df4 100644 --- a/docs/accessanalyzer/11.6/solutions/aws/policies/aws_sensitivepolicies.md +++ b/docs/accessanalyzer/11.6/solutions/aws/policies/aws_sensitivepolicies.md @@ -14,8 +14,11 @@ granting them sensitive permissions. Navigate to the **AWS** > **5.Policies** > **AWS_SensitivePolicies** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AWS_SensitivePolicies Job](/img/product_docs/accessanalyzer/11.6/solutions/aws/policies/sensitivepoliciesanalysis.webp) @@ -35,7 +38,8 @@ The following analysis tasks are selected by default: In addition to the tables and views created by the analysis task, the AWS_SensitivePolicies job produces the following preconfigured report: -| Report | Description | Default Tags | Report Element | -| -------------------------- | ----------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Sensitive Inline Policies | This report highlights users, groups, and roles with a sensitive inline policy assigned. | None | This report is comprised of the following elements: - Stacked Bar Chart – Displays sensitive policy assignments by org - Table – Shows sensitive policy assignments by org - Table – Provides details on sensitive policy assignments | -| Sensitive Managed Policies | This report highlights users, groups, and roles with a sensitive managed policy assigned. | None | This report is comprised of the following elements: - Stacked Bar Chart – Displays sensitive managed policy assignments by org - Table – Shows sensitive managed policy assignments by org - Table – Provides details on sensitive managed policy assignments | +| Report | Description | Default Tags | Report Element | +| -------------------------- | ----------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Sensitive Inline Policies | This report highlights users, groups, and roles with a sensitive inline policy assigned. | None | This report is comprised of the following elements:
  • Stacked Bar Chart – Displays sensitive policy assignments by org
  • Table – Shows sensitive policy assignments by org
  • Table – Provides details on sensitive policy assignments
| +| Sensitive Managed Policies | This report highlights users, groups, and roles with a sensitive managed policy assigned. | None | This report is comprised of the following elements:
  • Stacked Bar Chart – Displays sensitive managed policy assignments by org
  • Table – Shows sensitive managed policy assignments by org
  • Table – Provides details on sensitive managed policy assignments
| + diff --git a/docs/accessanalyzer/11.6/solutions/aws/policies/aws_unusedmanagedpolicies.md b/docs/accessanalyzer/11.6/solutions/aws/policies/aws_unusedmanagedpolicies.md index 06b73f8bb3..88dfa5fdd6 100644 --- a/docs/accessanalyzer/11.6/solutions/aws/policies/aws_unusedmanagedpolicies.md +++ b/docs/accessanalyzer/11.6/solutions/aws/policies/aws_unusedmanagedpolicies.md @@ -30,8 +30,11 @@ topic for additional information. Navigate to the **AWS** > **5.Policies** > **AWS_UnusedManagedPolicies** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not deselect the selected analysis tasks. The analysis tasks are preconfigured for +:::warning +Do not deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. Only modify the analysis tasks listed in the customizable analysis tasks section. +::: + ![Analysis Tasks for the AWS_UnusedManagedPolicies Job](/img/product_docs/accessanalyzer/11.6/solutions/aws/policies/unusedmanagedpoliciesanalysis.webp) @@ -64,6 +67,7 @@ topic for instructions on how to modify parameters. In addition to the tables and views created by the analysis task, the AWS_UnusedManagedPolicies job produces the following preconfigured report: -| Report | Description | Default Tags | Report Element | -| ----------------------- | --------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Unused Managed Policies | This report identifies policies that are not assigned to any group or user. | None | This report is comprised of the following elements: - Stacked Bar Chart – Displays unused managed policies by account - Table – Shows unused managed policies by account - Table – Provides details on unused managed policies | +| Report | Description | Default Tags | Report Element | +| ----------------------- | --------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Unused Managed Policies | This report identifies policies that are not assigned to any group or user. | None | This report is comprised of the following elements:
  • Stacked Bar Chart – Displays unused managed policies by account
  • Table – Shows unused managed policies by account
  • Table – Provides details on unused managed policies
| + diff --git a/docs/accessanalyzer/11.6/solutions/aws/policies/aws_userpolicies.md b/docs/accessanalyzer/11.6/solutions/aws/policies/aws_userpolicies.md index 8c87200938..b627c009c0 100644 --- a/docs/accessanalyzer/11.6/solutions/aws/policies/aws_userpolicies.md +++ b/docs/accessanalyzer/11.6/solutions/aws/policies/aws_userpolicies.md @@ -14,8 +14,11 @@ policy is assigned, directly or at a group level, and if the policy assignment h Navigate to the **AWS** > **5.Policies** > **AWS_UserPolicies** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AWS_UserPolicies Job](/img/product_docs/accessanalyzer/11.6/solutions/aws/policies/userpoliciesanalysis.webp) @@ -33,7 +36,8 @@ The following analysis tasks are selected by default: In addition to the tables and views created by the analysis task, the AWS_UserPolicies job produces the following preconfigured report: -| Report | Description | Default Tags | Report Element | -| ---------------------------- | -------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Duplicate Policy Assignments | This report highlights policies that have been both assigned directly and inherited from a group to a user identity. | None | This report is comprised of the following elements: - Stacked Bar Chart – Displays top accounts by assigned managed policies - Table – Provides details on managed policy assignments | -| Managed Policy Assignments | This report details managed policy assignments in the AWS Organization. | None | This report is comprised of the following elements: - Stacked Bar Chart – Displays duplicate policy assignment summary by account - Table – Shows duplicate policy assignment summary by account - Table – Provides details on duplicate policy assignment summary | +| Report | Description | Default Tags | Report Element | +| ---------------------------- | -------------------------------------------------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Duplicate Policy Assignments | This report highlights policies that have been both assigned directly and inherited from a group to a user identity. | None | This report is comprised of the following elements:
  • Stacked Bar Chart – Displays top accounts by assigned managed policies
  • Table – Provides details on managed policy assignments
| +| Managed Policy Assignments | This report details managed policy assignments in the AWS Organization. | None | This report is comprised of the following elements:
  • Stacked Bar Chart – Displays duplicate policy assignment summary by account
  • Table – Shows duplicate policy assignment summary by account
  • Table – Provides details on duplicate policy assignment summary
| + diff --git a/docs/accessanalyzer/11.6/solutions/aws/recommended.md b/docs/accessanalyzer/11.6/solutions/aws/recommended.md index fe9bfe56fc..1ac9319ac8 100644 --- a/docs/accessanalyzer/11.6/solutions/aws/recommended.md +++ b/docs/accessanalyzer/11.6/solutions/aws/recommended.md @@ -10,17 +10,17 @@ The AWS Solution is configured to inherit settings from the global Settings node Profile must be assigned before job execution. Once it is assigned to the job group, it can be run directly or scheduled. -Dependencies +**Dependencies** For AWS IAM Auditing: - AWS Permissions must be configured on the target databases. - See the - [Configure AWS for Scans](/docs/accessanalyzer/11.6/requirements/aws/aws_2.md) + [Configure AWS for Scans](/docs/accessanalyzer/11.6/requirements/aws/configurescans.md) topic for information on configuring Roles within AWS and obtaining an Access Key - See the - [Target Amazon Web Service Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/aws/aws_1.md) + [Target Amazon Web Service Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/aws/target.md) topic for additional information on permissions For AWS S3 Sensitive Data Discovery Auditing: @@ -35,12 +35,12 @@ Some of the 0.Collection job group queries can be scoped to target specific S3 O is necessary for the SA_AWS_Instances table to be populated before attempting to scope the queries. Therefore, the AWS_S3Scan job must be manually executed before attempting to scope the S3 queries. -Target Host +**Target Host** The AWS Data Collector identifies AWS instances via the created Roles and therefore does not require a host list to be assigned. No target host is required (assign Local Host). -Connection Profile +**Connection Profile** The AWS Data Collector requires a specific set of permissions. The account used can be either a Web Services (JWT) account or an Amazon Web Services account. Once the account has been provisioned, @@ -58,45 +58,48 @@ See the [Connection](/docs/accessanalyzer/11.6/admin/settings/connection/overview.md) topic for additional information on creating a Connection Profile. -Access Token +**Access Token** Creating the Connection Profile requires having the **Access Key ID** and the **Secret Access Key** that was generated by the Amazon Web Services application. See the -[Configure AWS for Scans](/docs/accessanalyzer/11.6/requirements/aws/aws_2.md) +[Configure AWS for Scans](/docs/accessanalyzer/11.6/requirements/aws/configurescans.md) topic for additional information. -Schedule Frequency +**Schedule Frequency** Schedule the AWS job group to run weekly or daily, depending on the amount of data in the environment. If there are frequent AWS changes within the target environment, then it can be executed more often. It is best to rerun it anytime AWS changes might have occurred. -History Retention +**History Retention** Not supported. -Multi Console Support +**Multi Console Support** Not supported. -Run Order +**Run Order** The jobs in the 0.Collection job group must be run first and in order. The other job groups can be run in any order, together or individually, after running the 0.Collection job group. -**_RECOMMENDED:_** Run the solution at the top level. +:::info +Run the solution at the top level. +::: -Run at the Solution Level + +**Run at the Solution Level** The jobs in the AWS job group should be run together and in order by running the entire solution, instead of the individual jobs. -Run at the Job Group Level +**Run at the Job Group Level** For environments with a large amount of S3 data, it may be desirable to run the 3.AWS_S3Scan job and the 4.AWS_S3SDDScan job less frequently than the other jobs in the 0.Collection job group. -Query Configuration +**Query Configuration** The following queries in the 0.Collection job group require the created AWS Roles to be added to the Login Roles page: @@ -110,7 +113,7 @@ The following queries in the 0.Collection job group can be modified to limit the - [2.AWS_S3Scan Job](/docs/accessanalyzer/11.6/solutions/aws/collection/2.aws_s3scan.md) - [4.AWS_S3SDDScan Job](/docs/accessanalyzer/11.6/solutions/aws/collection/4.aws_s3sddscan.md) -Analysis Configuration +**Analysis Configuration** This solution can be run with the default analysis configuration. However, the following parameters can be modified: @@ -123,7 +126,7 @@ can be modified: - **3.Groups** > **AWS_StaleGroups** > **Stale Groups Details** Analysis Task - **4.Roles** > **AWS_StaleRoles** > **Stale Roles Details** Analysis Task -Workflow +**Workflow** The following is the recommended workflow: diff --git a/docs/accessanalyzer/11.6/solutions/aws/roles/aws_roles.md b/docs/accessanalyzer/11.6/solutions/aws/roles/aws_roles.md index aa1d10e5d9..eeb1290a07 100644 --- a/docs/accessanalyzer/11.6/solutions/aws/roles/aws_roles.md +++ b/docs/accessanalyzer/11.6/solutions/aws/roles/aws_roles.md @@ -13,8 +13,11 @@ The AWS_Roles job provides details on roles in the AWS IAM environment. Navigate to the **AWS** > **4.Roles** > **AWS_Roles** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AWS_Roles Job](/img/product_docs/accessanalyzer/11.6/solutions/aws/roles/rolesanalysis.webp) @@ -30,6 +33,7 @@ The following analysis tasks are selected by default: In addition to the tables and views created by the analysis task, the AWS_Roles job produces the following preconfigured report: -| Report | Description | Default Tags | Report Element | -| ------ | ----------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Roles | This report provides details on roles in the AWS IAM environment. | None | This report is comprised of the following elements: - Stacked Bar Chart – Displays top roles by account - Table – Shows roles by account - Table – Provides details on roles | +| Report | Description | Default Tags | Report Element | +| ------ | ----------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Roles | This report provides details on roles in the AWS IAM environment. | None | This report is comprised of the following elements:
  • Stacked Bar Chart – Displays top roles by account
  • Table – Shows roles by account
  • Table – Provides details on roles
| + diff --git a/docs/accessanalyzer/11.6/solutions/aws/roles/aws_staleroles.md b/docs/accessanalyzer/11.6/solutions/aws/roles/aws_staleroles.md index 4b83ad81bb..32c7ffe5af 100644 --- a/docs/accessanalyzer/11.6/solutions/aws/roles/aws_staleroles.md +++ b/docs/accessanalyzer/11.6/solutions/aws/roles/aws_staleroles.md @@ -30,8 +30,11 @@ topic for additional information. Navigate to the **AWS** > **4.Roles** > **AWS_StaleRoles** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not deselect the selected analysis tasks. The analysis tasks are preconfigured for +:::warning +Do not deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. Only modify the analysis tasks listed in the customizable analysis tasks section. +::: + ![Analysis Tasks for the AWS_StaleRoles Job](/img/product_docs/accessanalyzer/11.6/solutions/aws/roles/stalerolesanalysis.webp) @@ -65,6 +68,7 @@ topic for instructions on how to modify parameters. In addition to the tables and views created by the analysis task, the AWS_StaleRoles job produces the following preconfigured report: -| Report | Description | Default Tags | Report Element | -| ----------- | ---------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Stale Roles | This report identifies stale roles in the AWS environment. | None | This report is comprised of the following elements: - Stacked Bar Chart – Displays top stale roles by account - Table – Shows stales roles by account - Table – Provides details on stale roles | +| Report | Description | Default Tags | Report Element | +| ----------- | ---------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Stale Roles | This report identifies stale roles in the AWS environment. | None | This report is comprised of the following elements:
  • Stacked Bar Chart – Displays top stale roles by account
  • Table – Shows stales roles by account
  • Table – Provides details on stale roles
| + diff --git a/docs/accessanalyzer/11.6/solutions/aws/s3content/aws_s3buckets.md b/docs/accessanalyzer/11.6/solutions/aws/s3content/aws_s3buckets.md index 74902424a8..ac16ce1783 100644 --- a/docs/accessanalyzer/11.6/solutions/aws/s3content/aws_s3buckets.md +++ b/docs/accessanalyzer/11.6/solutions/aws/s3content/aws_s3buckets.md @@ -13,8 +13,11 @@ The AWS_S3Buckets job provides a summary of AWS S3 buckets including total objec Navigate to the **AWS** > **7.S3 Content** > **AWS_S3Buckets** > **Configure** node and select **Analysis** to view the analysis task. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Task for the AWS_S3Buckets Job](/img/product_docs/accessanalyzer/11.6/solutions/aws/s3content/s3bucketsanalysis.webp) @@ -28,6 +31,7 @@ The following analysis task is selected by default: In addition to the tables and views created by the analysis task, the AWS_S3Buckets job produces the following preconfigured report: -| Report | Description | Default Tags | Report Element | -| ---------- | --------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| S3 Buckets | This report summarizes AWS S3 Bucket content. | None | This report is comprised of the following elements: - Stacked Bar Chart – Displays top five buckets by size - Table – Shows buckets by size - Table – Provides details on buckets | +| Report | Description | Default Tags | Report Element | +| ---------- | --------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| S3 Buckets | This report summarizes AWS S3 Bucket content. | None | This report is comprised of the following elements:
  • Stacked Bar Chart – Displays top five buckets by size
  • Table – Shows buckets by size
  • Table – Provides details on buckets
| + diff --git a/docs/accessanalyzer/11.6/solutions/aws/s3content/aws_s3buckettags.md b/docs/accessanalyzer/11.6/solutions/aws/s3content/aws_s3buckettags.md index 7feeee3639..c173e19139 100644 --- a/docs/accessanalyzer/11.6/solutions/aws/s3content/aws_s3buckettags.md +++ b/docs/accessanalyzer/11.6/solutions/aws/s3content/aws_s3buckettags.md @@ -14,8 +14,11 @@ identify the storage class or purpose of a bucket and can be used in AWS IAM Pol Navigate to the **AWS** > **7.S3 Content** > **AWS_S3BucketTags** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AWS_S3BucketTagsJob](/img/product_docs/accessanalyzer/11.6/solutions/aws/s3content/s3buckettagsanalysis.webp) @@ -31,6 +34,7 @@ The following analysis tasks are selected by default: In addition to the tables and views created by the analysis tasks, the AWS_S3BucketTags job produces the following preconfigured report: -| Report | Description | Default Tags | Report Element | -| ----------- | ------------------------------------------ | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Bucket Tags | This report highlights AWS S3 Bucket Tags. | None | This report is comprised of the following elements: - Stacked Bar Chart – Displays buckets tagged by account - Table – Shows bucket tagging summary - Table – Provides details on bucket tagging | +| Report | Description | Default Tags | Report Element | +| ----------- | ------------------------------------------ | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Bucket Tags | This report highlights AWS S3 Bucket Tags. | None | This report is comprised of the following elements:
  • Stacked Bar Chart – Displays buckets tagged by account
  • Table – Shows bucket tagging summary
  • Table – Provides details on bucket tagging
| + diff --git a/docs/accessanalyzer/11.6/solutions/aws/s3permissions/aws_brokeninheritance.md b/docs/accessanalyzer/11.6/solutions/aws/s3permissions/aws_brokeninheritance.md index 38d3d79efd..c68c85dd18 100644 --- a/docs/accessanalyzer/11.6/solutions/aws/s3permissions/aws_brokeninheritance.md +++ b/docs/accessanalyzer/11.6/solutions/aws/s3permissions/aws_brokeninheritance.md @@ -14,8 +14,11 @@ assigned at the bucket level, those assigned directly on objects within the buck Navigate to the **AWS** > **6.S3 Permissions** > **AWS_BrokenInheritance** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AWS_BrokenInheritance Job](/img/product_docs/accessanalyzer/11.6/solutions/aws/s3permissions/brokeninheritanceanalysis.webp) @@ -31,6 +34,7 @@ The following analysis tasks are selected by default: In addition to the tables and views created by the analysis task, the AWS_BrokenInheritance job produces the following preconfigured report: -| Report | Description | Default Tags | Report Element | -| ------------------ | ------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Broken Inheritance | This report identifies permissions applied directly on files in AWS S3 Buckets. | None | This report is comprised of the following elements: - Stacked Bar Chart – Displays top buckets by broken inheritance - Table – Shows buckets by broken inheritance - Table – Provides details on broken inheritance | +| Report | Description | Default Tags | Report Element | +| ------------------ | ------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Broken Inheritance | This report identifies permissions applied directly on files in AWS S3 Buckets. | None | This report is comprised of the following elements:
  • Stacked Bar Chart – Displays top buckets by broken inheritance
  • Table – Shows buckets by broken inheritance
  • Table – Provides details on broken inheritance
| + diff --git a/docs/accessanalyzer/11.6/solutions/aws/s3permissions/aws_effectivepermissions.md b/docs/accessanalyzer/11.6/solutions/aws/s3permissions/aws_effectivepermissions.md index e6c531ec73..ce67b5c927 100644 --- a/docs/accessanalyzer/11.6/solutions/aws/s3permissions/aws_effectivepermissions.md +++ b/docs/accessanalyzer/11.6/solutions/aws/s3permissions/aws_effectivepermissions.md @@ -14,8 +14,11 @@ and bucket objects. Navigate to the **AWS** > **6.S3 Permissions** > **AWS_EffectivePermissions** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AWS_Accounts Job](/img/product_docs/accessanalyzer/11.6/solutions/aws/s3permissions/effectivepermissionsanalysis.webp) @@ -31,6 +34,7 @@ The following analysis tasks are selected by default: In addition to the tables and views created by the analysis task, the AWS_EffectivePermissions job produces the following preconfigured report: -| Report | Description | Default Tags | Report Element | -| --------------------- | ------------------------------------------------------------------------------ | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Effective Permissions | This report identifies and summarizes effective permissions on AWS S3 Buckets. | None | This report is comprised of the following elements: - Stacked Bar Chart – Displays top buckets by effective permissions - Table – Shows buckets by effective permissions - Table – Provides details on effective permissions | +| Report | Description | Default Tags | Report Element | +| --------------------- | ------------------------------------------------------------------------------ | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Effective Permissions | This report identifies and summarizes effective permissions on AWS S3 Buckets. | None | This report is comprised of the following elements:
  • Stacked Bar Chart – Displays top buckets by effective permissions
  • Table – Shows buckets by effective permissions
  • Table – Provides details on effective permissions
| + diff --git a/docs/accessanalyzer/11.6/solutions/aws/s3permissions/aws_openbuckets.md b/docs/accessanalyzer/11.6/solutions/aws/s3permissions/aws_openbuckets.md index d2cc63f170..3a71c57f09 100644 --- a/docs/accessanalyzer/11.6/solutions/aws/s3permissions/aws_openbuckets.md +++ b/docs/accessanalyzer/11.6/solutions/aws/s3permissions/aws_openbuckets.md @@ -14,8 +14,11 @@ level of the AWS S3 bucket. Navigate to the **AWS** > **6.S3 Permissions** > **AWS_OpenBuckets** > **Configure** node and select **Analysis** to view the analysis task. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Task for the AWS_OpenBuckets Job](/img/product_docs/accessanalyzer/11.6/solutions/aws/s3permissions/openbucketsanalysis.webp) @@ -29,6 +32,7 @@ The following analysis task is selected by default: In addition to the tables and views created by the analysis task, the AWS_OpenBuckets job produces the following preconfigured report: -| Report | Description | Default Tags | Report Element | -| ------------ | ------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Open Buckets | This report identifies AWS S3 Open Buckets. | None | This report is comprised of the following elements: - Stacked Bar Chart – Displays largest open buckets - Table – Shows largest open buckets - Table – Provides details on open buckets | +| Report | Description | Default Tags | Report Element | +| ------------ | ------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Open Buckets | This report identifies AWS S3 Open Buckets. | None | This report is comprised of the following elements:
  • Stacked Bar Chart – Displays largest open buckets
  • Table – Shows largest open buckets
  • Table – Provides details on open buckets
| + diff --git a/docs/accessanalyzer/11.6/solutions/aws/sensitivedata/aws_sensitivedata.md b/docs/accessanalyzer/11.6/solutions/aws/sensitivedata/aws_sensitivedata.md index f0f8c0f3dd..3b57da1e2b 100644 --- a/docs/accessanalyzer/11.6/solutions/aws/sensitivedata/aws_sensitivedata.md +++ b/docs/accessanalyzer/11.6/solutions/aws/sensitivedata/aws_sensitivedata.md @@ -14,8 +14,11 @@ sensitive data. Navigate to the **AWS** > **8.S3 Sensitive Data** > **AWS_SensitiveData** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AWS_SensitiveData Job](/img/product_docs/accessanalyzer/11.6/solutions/aws/sensitivedata/sensitivedataanalysis.webp) @@ -33,7 +36,8 @@ The following analysis tasks are selected by default: In addition to the tables and views created by the analysis task, the AWS_SensitiveData job produces the following preconfigured reports: -| Report | Description | Default Tags | Report Element | -| ----------------------- | ----------------------------------------------------------------------------- | -------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Enterprise Summary | This report shows a summary of the criteria matches found in the Enterprise. | None | This report is comprised of the following elements: - Chart – Displays exceptions by match count - Table – Provides details on exceptions | -| Sensitive Data Overview | This report identifies objects in AWS S3 buckets that contain sensitive data. | Sensitive Data | This report is comprised of the following elements: - Stacked Bar Chart – Displays top buckets by sensitive data hit - Table – Shows sensitive data by account - Table – Provides details on sensitive data | +| Report | Description | Default Tags | Report Element | +| ----------------------- | ----------------------------------------------------------------------------- | -------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Enterprise Summary | This report shows a summary of the criteria matches found in the Enterprise. | None | This report is comprised of the following elements:
  • Chart – Displays exceptions by match count
  • Table – Provides details on exceptions
| +| Sensitive Data Overview | This report identifies objects in AWS S3 buckets that contain sensitive data. | Sensitive Data | This report is comprised of the following elements:
  • Stacked Bar Chart – Displays top buckets by sensitive data hit
  • Table – Shows sensitive data by account
  • Table – Provides details on sensitive data
| + diff --git a/docs/accessanalyzer/11.6/solutions/aws/sensitivedata/aws_sensitivedata_permissions.md b/docs/accessanalyzer/11.6/solutions/aws/sensitivedata/aws_sensitivedata_permissions.md index 6ce7f168d4..ec578d254d 100644 --- a/docs/accessanalyzer/11.6/solutions/aws/sensitivedata/aws_sensitivedata_permissions.md +++ b/docs/accessanalyzer/11.6/solutions/aws/sensitivedata/aws_sensitivedata_permissions.md @@ -14,8 +14,11 @@ and the objects in them which contain sensitive data. Navigate to the **AWS** > **8.S3 Sensitive Data** > **AWS_SensitiveData_Permissions** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AWS_SensitiveData_Permissions Job](/img/product_docs/accessanalyzer/11.6/solutions/aws/sensitivedata/sensitivedatapermissionsanalysis.webp) @@ -32,6 +35,7 @@ The following analysis tasks are selected by default: In addition to the tables and views created by the analysis task, the AWS_SensitiveData_Permissions job produces the following preconfigured report: -| Report | Description | Default Tags | Report Element | -| -------------------------- | ---------------------------------------------------------------------------- | -------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Sensitive Data Permissions | This report identifies permissions on AWS objects containing sensitive data. | Sensitive Data | This report is comprised of the following elements: - Stacked Bar Chart – Displays top buckets by permissions on sensitive data - Table – Shows buckets by permissions on sensitive data - Table – Provides details on sensitive data permissions | +| Report | Description | Default Tags | Report Element | +| -------------------------- | ---------------------------------------------------------------------------- | -------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Sensitive Data Permissions | This report identifies permissions on AWS objects containing sensitive data. | Sensitive Data | This report is comprised of the following elements:
  • Stacked Bar Chart – Displays top buckets by permissions on sensitive data
  • Table – Shows buckets by permissions on sensitive data
  • Table – Provides details on sensitive data permissions
| + diff --git a/docs/accessanalyzer/11.6/solutions/aws/users/aws_accesskeys.md b/docs/accessanalyzer/11.6/solutions/aws/users/aws_accesskeys.md index d95408bc34..78ce1116dd 100644 --- a/docs/accessanalyzer/11.6/solutions/aws/users/aws_accesskeys.md +++ b/docs/accessanalyzer/11.6/solutions/aws/users/aws_accesskeys.md @@ -14,8 +14,11 @@ highlighting keys that were last rotated over a year ago. Navigate to the **AWS** > **2.Users** > **AWS_AccessKeys** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AWS_AccessKeys Job](/img/product_docs/accessanalyzer/11.6/solutions/aws/users/accesskeysanalysis.webp) @@ -33,6 +36,7 @@ The following analysis tasks are selected by default: In addition to the tables and views created by the analysis task, the AWS_AccessKeys job produces the following preconfigured report: -| Report | Description | Default Tags | Report Element | -| ----------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Access Keys | This report identifies user accounts which have not rotated their AWS IAM Access Keys for an extended amount of time or have never used it. | None | This report is comprised of the following elements: - Stacked Bar Chart – Displays access key age by account - Table – Shows high risk access keys - Table – Provides details on access keys | +| Report | Description | Default Tags | Report Element | +| ----------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Access Keys | This report identifies user accounts which have not rotated their AWS IAM Access Keys for an extended amount of time or have never used it. | None | This report is comprised of the following elements:
  • Stacked Bar Chart – Displays access key age by account
  • Table – Shows high risk access keys
  • Table – Provides details on access keys
| + diff --git a/docs/accessanalyzer/11.6/solutions/aws/users/aws_mfastatus.md b/docs/accessanalyzer/11.6/solutions/aws/users/aws_mfastatus.md index 1b7fd7ff8a..8fdf920302 100644 --- a/docs/accessanalyzer/11.6/solutions/aws/users/aws_mfastatus.md +++ b/docs/accessanalyzer/11.6/solutions/aws/users/aws_mfastatus.md @@ -14,8 +14,11 @@ disabled. Navigate to the **AWS** > **2.Users** > **AWS_MFAStatus** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AWS_MFAStatus Job](/img/product_docs/accessanalyzer/11.6/solutions/aws/users/mfastatusanalysis.webp) @@ -31,6 +34,7 @@ The following analysis tasks are selected by default: In addition to the tables and views created by the analysis task, the AWS_MFAStatus job produces the following preconfigured report: -| Report | Description | Default Tags | Report Element | -| ---------- | ------------------------------------------------------ | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------- | -| MFA Status | This report identifies the MFA status of each AWS user | None | This report is comprised of the following elements: - Pie Chart – Displays MFA status - Table – Shows status by account - Table – Provides details on MFA | +| Report | Description | Default Tags | Report Element | +| ---------- | ------------------------------------------------------ | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| MFA Status | This report identifies the MFA status of each AWS user | None | This report is comprised of the following elements:
  • Pie Chart – Displays MFA status
  • Table – Shows status by account
  • Table – Provides details on MFA
| + diff --git a/docs/accessanalyzer/11.6/solutions/aws/users/aws_rootaccounts.md b/docs/accessanalyzer/11.6/solutions/aws/users/aws_rootaccounts.md index 29ddbfc446..f50b538c37 100644 --- a/docs/accessanalyzer/11.6/solutions/aws/users/aws_rootaccounts.md +++ b/docs/accessanalyzer/11.6/solutions/aws/users/aws_rootaccounts.md @@ -14,8 +14,11 @@ security practices. Navigate to the **AWS** > **2.Users** > **AWS_RootAccounts** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AWS_RootAccounts Job](/img/product_docs/accessanalyzer/11.6/solutions/aws/users/rootaccountsanalysis.webp) @@ -34,6 +37,7 @@ The following analysis tasks are selected by default: In addition to the tables and views created by the analysis task, the AWS_RootAccounts job produces the following preconfigured report: -| Report | Description | Default Tags | Report Element | -| --------------------- | ----------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Root Account Security | This report highlights security risks on AWS Root Accounts. | None | This report is comprised of the following elements: - Stacked Bar Chart – Displays top account security by org - Table – Shows account security by Org - Table – Provides details on risk assessment - Table – Provides details on account security | +| Report | Description | Default Tags | Report Element | +| --------------------- | ----------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Root Account Security | This report highlights security risks on AWS Root Accounts. | None | This report is comprised of the following elements:
  • Stacked Bar Chart – Displays top account security by org
  • Table – Shows account security by Org
  • Table – Provides details on risk assessment
  • Table – Provides details on account security
| + diff --git a/docs/accessanalyzer/11.6/solutions/aws/users/aws_staleusers.md b/docs/accessanalyzer/11.6/solutions/aws/users/aws_staleusers.md index 8f6260e4ef..e1d7b21bb6 100644 --- a/docs/accessanalyzer/11.6/solutions/aws/users/aws_staleusers.md +++ b/docs/accessanalyzer/11.6/solutions/aws/users/aws_staleusers.md @@ -29,8 +29,11 @@ topic for additional information. Navigate to the **AWS** > **2.Users** > **AWS_StaleUsers** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not deselect the selected analysis tasks. The analysis tasks are preconfigured for +:::warning +Do not deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. Only modify the analysis tasks listed in the customizable analysis tasks section. +::: + ![Analysis Tasks for the AWS_StaleUsers Job](/img/product_docs/accessanalyzer/11.6/solutions/aws/users/staleusersanalysis.webp) @@ -63,6 +66,7 @@ topic for instructions on how to modify parameters. In addition to the tables and views created by the analysis task, the AWS_StaleUsers job produces the following preconfigured report: -| Report | Description | Default Tags | Report Element | -| ----------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------- | -| Stale Users | This report identifies user accounts which have not logged into AWS for an extended amount of time or have never logged in. A user account is considered stale if the last logon is over 60 days ago or the password has never been used. | None | This report is comprised of the following elements: - Stacked Bar Chart – Displays stale users by account - Table – Provides details on stale users | +| Report | Description | Default Tags | Report Element | +| ----------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Stale Users | This report identifies user accounts which have not logged into AWS for an extended amount of time or have never logged in. A user account is considered stale if the last logon is over 60 days ago or the password has never been used. | None | This report is comprised of the following elements:
  • Stacked Bar Chart – Displays stale users by account
  • Table – Provides details on stale users
| + diff --git a/docs/accessanalyzer/11.6/solutions/box/activity/forensics/box_deletions.md b/docs/accessanalyzer/11.6/solutions/box/activity/forensics/box_deletions.md index 8580e95685..f0c4a29197 100644 --- a/docs/accessanalyzer/11.6/solutions/box/activity/forensics/box_deletions.md +++ b/docs/accessanalyzer/11.6/solutions/box/activity/forensics/box_deletions.md @@ -15,8 +15,11 @@ days. Navigate to **Box** > **1.Activity** > **Forensics** > **Box_Deletions** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the Box_Deletions Job](/img/product_docs/accessanalyzer/11.6/solutions/box/activity/forensics/deletionsanalysis.webp) @@ -29,6 +32,7 @@ The following analysis tasks are selected by default: In addition to the tables created by the analysis tasks, the Box_Deletions Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------- | -| File and Folder Deletions (Deletion Events) | This report identifies deletion events for the past 30 days. The detailed report shows all resources that were successfully deleted as well as which users performed those events. | None | This report is comprised of two elements: - Line Chart – Displays last 30 days of deletions - Table – Provides details on deletions | +| Report | Description | Default Tags | Report Elements | +| ------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------- | +| File and Folder Deletions (Deletion Events) | This report identifies deletion events for the past 30 days. The detailed report shows all resources that were successfully deleted as well as which users performed those events. | None | This report is comprised of two elements:
  • Line Chart – Displays last 30 days of deletions
  • Table – Provides details on deletions
| + diff --git a/docs/accessanalyzer/11.6/solutions/box/activity/forensics/box_downloads.md b/docs/accessanalyzer/11.6/solutions/box/activity/forensics/box_downloads.md index fcd9db9c9d..241a7e5a95 100644 --- a/docs/accessanalyzer/11.6/solutions/box/activity/forensics/box_downloads.md +++ b/docs/accessanalyzer/11.6/solutions/box/activity/forensics/box_downloads.md @@ -14,8 +14,11 @@ The Box_Downloads Job provides details on file and folder deletions that have oc Navigate to **Box** > **1.Activity** > **Forensics** > **Box_Downloads** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the Box_Downloads Job](/img/product_docs/accessanalyzer/11.6/solutions/box/activity/forensics/downloadsanalysis.webp) @@ -28,6 +31,7 @@ The following analysis tasks are selected by default: In addition to the tables created by the analysis tasks, the Box_Downloads Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ----------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------- | -| Download Activity (Download Events) | This report identifies download events for the past 30 days. The detailed report shows all resources that were successfully downloaded as well as which users performed those events. | None | This report is comprised of three elements: - Line Chart – Displays last 30 days of downloads - Table – Provides details on downloads | +| Report | Description | Default Tags | Report Elements | +| ----------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Download Activity (Download Events) | This report identifies download events for the past 30 days. The detailed report shows all resources that were successfully downloaded as well as which users performed those events. | None | This report is comprised of three elements:
  • Line Chart – Displays last 30 days of downloads
  • Table – Provides details on downloads
| + diff --git a/docs/accessanalyzer/11.6/solutions/box/activity/forensics/box_externaluseractivity.md b/docs/accessanalyzer/11.6/solutions/box/activity/forensics/box_externaluseractivity.md index e4c280e035..0f945186d0 100644 --- a/docs/accessanalyzer/11.6/solutions/box/activity/forensics/box_externaluseractivity.md +++ b/docs/accessanalyzer/11.6/solutions/box/activity/forensics/box_externaluseractivity.md @@ -16,8 +16,11 @@ control over the content they own and their security settings. Navigate to **Box** > **1.Activity** > **Forensics** > **Box_ExternalUserActivity** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis for the Box_ExternalUserActivity Job](/img/product_docs/accessanalyzer/11.6/solutions/box/activity/forensics/externaluseractivityanalysis.webp) @@ -31,6 +34,7 @@ The following analysis tasks are selected by default: In addition to the tables created by the analysis tasks, the Box_ExternalUserActivity Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Most Active External User | This report identifies highest resource activity by external users. The bar chart and summary table outline the top 5 most active external users. | None | This report is comprised of three elements: - Bar Chart – Displays top events by top external users - Table – Provides summary of events by top external user - Table – Provides details on external users | +| Report | Description | Default Tags | Report Elements | +| ------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Most Active External User | This report identifies highest resource activity by external users. The bar chart and summary table outline the top 5 most active external users. | None | This report is comprised of three elements:
  • Bar Chart – Displays top events by top external users
  • Table – Provides summary of events by top external user
  • Table – Provides details on external users
| + diff --git a/docs/accessanalyzer/11.6/solutions/box/activity/forensics/box_externalusercollaborations.md b/docs/accessanalyzer/11.6/solutions/box/activity/forensics/box_externalusercollaborations.md index b83f790a7b..40e91e74ef 100644 --- a/docs/accessanalyzer/11.6/solutions/box/activity/forensics/box_externalusercollaborations.md +++ b/docs/accessanalyzer/11.6/solutions/box/activity/forensics/box_externalusercollaborations.md @@ -15,8 +15,11 @@ but there is limited control over the content they own and their security settin Navigate to **Box** > **1.Activity** > **Forensics** > **Box_ExternalUserCollaborations** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the Box_ExternalUserCollaborations Job](/img/product_docs/accessanalyzer/11.6/solutions/box/activity/forensics/externalusercollaborationsanalysis.webp) @@ -30,6 +33,7 @@ The following analysis tasks are selected by default: In addition to the tables created by the analysis tasks, the Box_ExternalUserCollaborations Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ---------------------------- | ---------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| External User Collaborations | This report identifies high-risk collaborations, highlighting most active collaborations by invites of external users. | None | This report is comprised of two elements: - Line Chart – Displays last 30 days of external user collaborations - Table – Provides details on external user collaborations | +| Report | Description | Default Tags | Report Elements | +| ---------------------------- | ---------------------------------------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| External User Collaborations | This report identifies high-risk collaborations, highlighting most active collaborations by invites of external users. | None | This report is comprised of two elements:
  • Line Chart – Displays last 30 days of external user collaborations
  • Table – Provides details on external user collaborations
| + diff --git a/docs/accessanalyzer/11.6/solutions/box/activity/forensics/box_permissionchanges.md b/docs/accessanalyzer/11.6/solutions/box/activity/forensics/box_permissionchanges.md index 3bf179d52b..c06222e1a7 100644 --- a/docs/accessanalyzer/11.6/solutions/box/activity/forensics/box_permissionchanges.md +++ b/docs/accessanalyzer/11.6/solutions/box/activity/forensics/box_permissionchanges.md @@ -14,8 +14,11 @@ past 30 days. Navigate to **Box** > **1.Activity** > **Forensics** > **Box_PermissionChanges** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the Box_PermissionChanges Job](/img/product_docs/accessanalyzer/11.6/solutions/box/activity/forensics/permissionchangesanalysis.webp) @@ -29,6 +32,7 @@ The following analysis tasks are selected by default: In addition to the tables created by the analysis tasks, the Box_PermissionChanges Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ------------------ | -------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------- | -| Permission Changes | This report identifies all resources where successful permission changes have occurred. The line chart shows data for the past 30 days only. | None | This report is comprised of two elements: - Line Chart – Displays last 30 days of permission changes - Table – Provides details on permission changes | +| Report | Description | Default Tags | Report Elements | +| ------------------ | -------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Permission Changes | This report identifies all resources where successful permission changes have occurred. The line chart shows data for the past 30 days only. | None | This report is comprised of two elements:
  • Line Chart – Displays last 30 days of permission changes
  • Table – Provides details on permission changes
| + diff --git a/docs/accessanalyzer/11.6/solutions/box/activity/forensics/box_sharing.md b/docs/accessanalyzer/11.6/solutions/box/activity/forensics/box_sharing.md index b8923db811..182d2a3d0e 100644 --- a/docs/accessanalyzer/11.6/solutions/box/activity/forensics/box_sharing.md +++ b/docs/accessanalyzer/11.6/solutions/box/activity/forensics/box_sharing.md @@ -13,8 +13,11 @@ The Box_Sharing Job provides details on sharing activity that has occurred over Navigate to **Box** > **1.Activity** > **Forensics** > **Box_Sharing** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the Box_Sharing Job](/img/product_docs/accessanalyzer/11.6/solutions/box/activity/forensics/sharinganalysis.webp) @@ -27,6 +30,7 @@ The following analysis tasks are selected by default: In addition to the tables created by the analysis tasks, the Box_Sharing Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------- | -| Sharing Activity Summary | This report identifies resource sharing within the target Box environments. The line graph will highlight time periods of the highest rate of sharing within the past 30 days. | None | This report is comprised of two elements: - Line Chart – Displays last 30 days of sharing activity - Table – Provides details on sharing activity | +| Report | Description | Default Tags | Report Elements | +| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Sharing Activity Summary | This report identifies resource sharing within the target Box environments. The line graph will highlight time periods of the highest rate of sharing within the past 30 days. | None | This report is comprised of two elements:
  • Line Chart – Displays last 30 days of sharing activity
  • Table – Provides details on sharing activity
| + diff --git a/docs/accessanalyzer/11.6/solutions/box/activity/suspiciousactivity/box_failedlogins.md b/docs/accessanalyzer/11.6/solutions/box/activity/suspiciousactivity/box_failedlogins.md index 155c14990a..682edea9d8 100644 --- a/docs/accessanalyzer/11.6/solutions/box/activity/suspiciousactivity/box_failedlogins.md +++ b/docs/accessanalyzer/11.6/solutions/box/activity/suspiciousactivity/box_failedlogins.md @@ -15,8 +15,11 @@ content, or operational issues such as a misconfigured service account. Navigate to **Box** > **1.Activity** > **Suspicious Activity** > **Box_FailedLogins** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the Box_FailedLogins Job](/img/product_docs/accessanalyzer/11.6/solutions/box/activity/suspiciousactivity/failedloginsanalysis.webp) @@ -31,6 +34,7 @@ The following analysis tasks are selected by default: In addition to the tables created by the analysis tasks, the Box_FailedLogins Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ------------- | --------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Failed Logins | This report highlights the failed login activity occurring in the target Box environment over the last 30 days. | None | This report is comprised of two elements: - Line Chart – Displays last 30 days summary of failed logins - Table – Provides details on last 30 days of failed login details | +| Report | Description | Default Tags | Report Elements | +| ------------- | --------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Failed Logins | This report highlights the failed login activity occurring in the target Box environment over the last 30 days. | None | This report is comprised of two elements:
  • Line Chart – Displays last 30 days summary of failed logins
  • Table – Provides details on last 30 days of failed login details
| + diff --git a/docs/accessanalyzer/11.6/solutions/box/activity/suspiciousactivity/box_firsttimefolderaccess.md b/docs/accessanalyzer/11.6/solutions/box/activity/suspiciousactivity/box_firsttimefolderaccess.md index 97d2d29092..61e30669a4 100644 --- a/docs/accessanalyzer/11.6/solutions/box/activity/suspiciousactivity/box_firsttimefolderaccess.md +++ b/docs/accessanalyzer/11.6/solutions/box/activity/suspiciousactivity/box_firsttimefolderaccess.md @@ -14,8 +14,11 @@ or a file over the past 30 days. View the analysis tasks by navigating to the **Box** > **1.Activity** > **Suspicious Activity** > **Box_FirstTimeFolderAccess** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the Box_FirstTimeFolderAccess Job](/img/product_docs/accessanalyzer/11.6/solutions/box/activity/suspiciousactivity/firsttimefolderaccessanalysis.webp) @@ -29,6 +32,7 @@ The following analysis tasks are selected by default: In addition to the tables created by the analysis tasks, the Box_FirstTimeFolderAccess Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ------------------------ | --------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| First Time Folder Access | This report highlights details for first time folder access per user. | None | This report is comprised of three elements: - Bar Chart – Displays last 30 days of first time folder access - Table – Provides summary of last 30 days of first time folder access - Table – Provides details on first time folder access | +| Report | Description | Default Tags | Report Elements | +| ------------------------ | --------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| First Time Folder Access | This report highlights details for first time folder access per user. | None | This report is comprised of three elements:
  • Bar Chart – Displays last 30 days of first time folder access
  • Table – Provides summary of last 30 days of first time folder access
  • Table – Provides details on first time folder access
| + diff --git a/docs/accessanalyzer/11.6/solutions/box/activity/suspiciousactivity/box_unusualdownloadactivity.md b/docs/accessanalyzer/11.6/solutions/box/activity/suspiciousactivity/box_unusualdownloadactivity.md index d6ff7e182c..0d5206e984 100644 --- a/docs/accessanalyzer/11.6/solutions/box/activity/suspiciousactivity/box_unusualdownloadactivity.md +++ b/docs/accessanalyzer/11.6/solutions/box/activity/suspiciousactivity/box_unusualdownloadactivity.md @@ -15,8 +15,11 @@ activity could indicate a compromised account or a malicious insider. Navigate to **Box** > **1.Activity** > **Suspicious Activity** > **Box_UnusualDownloadActivity** > **Configure** node and select **Analysis** to view analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Task for the Box_UnusualDownloadActivity Job](/img/product_docs/accessanalyzer/11.6/solutions/box/activity/suspiciousactivity/unusualdownloadactivityanalysis.webp) @@ -28,6 +31,7 @@ The following analysis task is selected by default: In addition to the tables created by the analysis tasks, the Box_UnusualDownloadActivity Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Unusual Download Activity | This report provides insight into download activity that deviates from the normal range of expected downloads.  This is determined by using historical data for each file. | None | This report is comprised of two elements: - Bar Chart – Displays top 5 most recent unusual download activity - Table – Provides details on unusual download activity | +| Report | Description | Default Tags | Report Elements | +| ------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Unusual Download Activity | This report provides insight into download activity that deviates from the normal range of expected downloads.  This is determined by using historical data for each file. | None | This report is comprised of two elements:
  • Bar Chart – Displays top 5 most recent unusual download activity
  • Table – Provides details on unusual download activity
| + diff --git a/docs/accessanalyzer/11.6/solutions/box/activity/suspiciousactivity/box_unusualuseractivity.md b/docs/accessanalyzer/11.6/solutions/box/activity/suspiciousactivity/box_unusualuseractivity.md index cd8742714f..c2dad0d45b 100644 --- a/docs/accessanalyzer/11.6/solutions/box/activity/suspiciousactivity/box_unusualuseractivity.md +++ b/docs/accessanalyzer/11.6/solutions/box/activity/suspiciousactivity/box_unusualuseractivity.md @@ -15,8 +15,11 @@ could indicate a compromised account or a malicious insider. Navigate to **Box** > **1.Activity** > **Suspicious Activity** > **Box_UnusualUserActivity** > **Configure** node and select **Analysis** to view analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the Box_UnusualUserActivity Job](/img/product_docs/accessanalyzer/11.6/solutions/box/activity/suspiciousactivity/unusualuseractivityanalysis.webp) @@ -28,6 +31,7 @@ The following analysis task is selected by default: In addition to the tables created by the analysis tasks, the Box_Content Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| --------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Unusual User Activity | This report provides insight into user activity that deviates from the normal range of expected activity.  This is determined by using historical data for each user. | None | This report is comprised of two elements: - Bar Chart – Displays top 5 most recent unusual user activity - Table – Provides details on unusual user activity | +| Report | Description | Default Tags | Report Elements | +| --------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Unusual User Activity | This report provides insight into user activity that deviates from the normal range of expected activity.  This is determined by using historical data for each user. | None | This report is comprised of two elements:
  • Bar Chart – Displays top 5 most recent unusual user activity
  • Table – Provides details on unusual user activity
| + diff --git a/docs/accessanalyzer/11.6/solutions/box/activity/suspiciousactivity/box_weekendactivity.md b/docs/accessanalyzer/11.6/solutions/box/activity/suspiciousactivity/box_weekendactivity.md index bb2b363dd6..6c6f7a198e 100644 --- a/docs/accessanalyzer/11.6/solutions/box/activity/suspiciousactivity/box_weekendactivity.md +++ b/docs/accessanalyzer/11.6/solutions/box/activity/suspiciousactivity/box_weekendactivity.md @@ -15,8 +15,11 @@ could indicate a compromised account or a malicious insider. Navigate to **Box** > **1.Activity** > **Suspicious Activity** > **Box_WeekendActivity** > **Configure** node and select **Analysis** to view analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the Box_WeekendActivity Job](/img/product_docs/accessanalyzer/11.6/solutions/box/activity/suspiciousactivity/weekendactivityanalysis.webp) @@ -30,6 +33,7 @@ The following analysis tasks are selected by default: In addition to the tables created by the analysis tasks, the Box_WeekendActivity Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ---------------- | -------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Weekend Activity | This report highlights the activity occurring on weekends in the target Box environment over the last 30 days. | None | This report is comprised of three elements: - Bar Chart – Displays last 30 days of weekend activity for top 5 users - Table – Provides summary top 30 days of weekend activity - Table – Provides details on weekend Activity Details | +| Report | Description | Default Tags | Report Elements | +| ---------------- | -------------------------------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Weekend Activity | This report highlights the activity occurring on weekends in the target Box environment over the last 30 days. | None | This report is comprised of three elements:
  • Bar Chart – Displays last 30 days of weekend activity for top 5 users
  • Table – Provides summary top 30 days of weekend activity
  • Table – Provides details on weekend Activity Details
| + diff --git a/docs/accessanalyzer/11.6/solutions/box/activity/usagestatistics/box_folders_mostactive.md b/docs/accessanalyzer/11.6/solutions/box/activity/usagestatistics/box_folders_mostactive.md index dea2600b14..9050b8ce92 100644 --- a/docs/accessanalyzer/11.6/solutions/box/activity/usagestatistics/box_folders_mostactive.md +++ b/docs/accessanalyzer/11.6/solutions/box/activity/usagestatistics/box_folders_mostactive.md @@ -14,8 +14,11 @@ your Box environment, highlighting conditions such as most active or stale folde Navigate to **Box** > **1.Activity** > **Usage Statistics** > **Box_Folders_MostActive** > **Configure** node and select **Analysis** to view analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the Box_Folders_MostActive Job](/img/product_docs/accessanalyzer/11.6/solutions/box/activity/usagestatistics/foldersmostactiveanalysis.webp) @@ -27,6 +30,7 @@ The following analysis task is selected by default: In addition to the tables created by the analysis tasks, the Box_Folders_MostActive Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ------------------- | ------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Most Active Folders | This report highlights the most active folder in the target Box environment over the last 30 days | None | This report is comprised of two elements: - Bar Chart – Displays last 30 days of most active folders - Table – Provides summary of most active folders | +| Report | Description | Default Tags | Report Elements | +| ------------------- | ------------------------------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Most Active Folders | This report highlights the most active folder in the target Box environment over the last 30 days | None | This report is comprised of two elements:
  • Bar Chart – Displays last 30 days of most active folders
  • Table – Provides summary of most active folders
| + diff --git a/docs/accessanalyzer/11.6/solutions/box/activity/usagestatistics/box_folders_stale.md b/docs/accessanalyzer/11.6/solutions/box/activity/usagestatistics/box_folders_stale.md index c62c28c3fb..78a7373758 100644 --- a/docs/accessanalyzer/11.6/solutions/box/activity/usagestatistics/box_folders_stale.md +++ b/docs/accessanalyzer/11.6/solutions/box/activity/usagestatistics/box_folders_stale.md @@ -15,8 +15,11 @@ folders can be subject to cleanup or consolidation. Navigate to **Box** > **1.Activity** > **Usage Statistics** > **Box_Folders_Stale** > **Configure** node and select **Analysis** to view analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the Box_Folders_Stale Job](/img/product_docs/accessanalyzer/11.6/solutions/box/activity/usagestatistics/foldersstaleanalysis.webp) @@ -28,6 +31,7 @@ The following analysis tasks are selected by default: In addition to the tables created by the analysis tasks, the Box_Folders_Stale Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ------------- | ------------------------------------------------------------------------------------------ | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Stale Folders | This report highlights stale resources in the target Box environment over the last 30 days | None | This report is comprised of three elements: - Bar Chart – Displays top 5 stale folders - Table – Provides summary of folders with no activity - Table – Provides details on stale folders | +| Report | Description | Default Tags | Report Elements | +| ------------- | ------------------------------------------------------------------------------------------ | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Stale Folders | This report highlights stale resources in the target Box environment over the last 30 days | None | This report is comprised of three elements:
  • Bar Chart – Displays top 5 stale folders
  • Table – Provides summary of folders with no activity
  • Table – Provides details on stale folders
| + diff --git a/docs/accessanalyzer/11.6/solutions/box/activity/usagestatistics/box_users_mostactive.md b/docs/accessanalyzer/11.6/solutions/box/activity/usagestatistics/box_users_mostactive.md index d4086963ac..2d328673c8 100644 --- a/docs/accessanalyzer/11.6/solutions/box/activity/usagestatistics/box_users_mostactive.md +++ b/docs/accessanalyzer/11.6/solutions/box/activity/usagestatistics/box_users_mostactive.md @@ -14,8 +14,11 @@ stale users within the environment based on the last 30 days of activity events. Navigate to **Box** > **1.Activity** > **Usage Statistics** > **Box_Users_MostActive** > **Configure** node and select **Analysis** to view analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the Box_Users_MostActive Job](/img/product_docs/accessanalyzer/11.6/solutions/box/activity/usagestatistics/usersmostactiveanalysis.webp) @@ -26,6 +29,7 @@ The default analysis task is: In addition to the tables created by the analysis tasks, the Box_Users_MostActive Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ----------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Most Active Users | This report highlights the most active users in the target Box environment over the last 30 days. It also lists stale users that have had no activity in the last 30 days. | None | This report is comprised of three elements: - Bar Chart – Displays last 30 days of the most active users - Table – Provides summary of last 30 days of the most active users | +| Report | Description | Default Tags | Report Elements | +| ----------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Most Active Users | This report highlights the most active users in the target Box environment over the last 30 days. It also lists stale users that have had no activity in the last 30 days. | None | This report is comprised of three elements:
  • Bar Chart – Displays last 30 days of the most active users
  • Table – Provides summary of last 30 days of the most active users
| + diff --git a/docs/accessanalyzer/11.6/solutions/box/box_access.md b/docs/accessanalyzer/11.6/solutions/box/box_access.md index 38bb29a26f..97665d8097 100644 --- a/docs/accessanalyzer/11.6/solutions/box/box_access.md +++ b/docs/accessanalyzer/11.6/solutions/box/box_access.md @@ -15,8 +15,11 @@ that can be revoked. Navigate to **Box** > **Box_Access** > **Configure** node and select **Analysis** to view analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the Box_Access Job](/img/product_docs/accessanalyzer/11.6/solutions/box/accessanalysis.webp) @@ -32,7 +35,8 @@ The following analysis tasks are selected by default: In addition to the tables and views created by the analysis tasks, the Box_Access Job produces the following pre-configured reports. -| Report | Description | Default Tags | Report Elements | -| ---------------------------------- | ----------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Group Access (Box Access Overview) | This report highlights groups with access to Box resources, and summarizes them by group. | None | This report is comprised of three elements: - Bar Chart – Displays top groups by access granted - Table – Provides details on top groups by access - Table – Provides details on group access | -| User Access | This report highlights users with access to Box resources, and summarizes them by group. | None | This report is comprised of three elements: - T-Chart – Displays top users by direct access - Table – Provides summary of user access - Table – Provides details on user access | +| Report | Description | Default Tags | Report Elements | +| ---------------------------------- | ----------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Group Access (Box Access Overview) | This report highlights groups with access to Box resources, and summarizes them by group. | None | This report is comprised of three elements:
  • Bar Chart – Displays top groups by access granted
  • Table – Provides details on top groups by access
  • Table – Provides details on group access
| +| User Access | This report highlights users with access to Box resources, and summarizes them by group. | None | This report is comprised of three elements:
  • T-Chart – Displays top users by direct access
  • Table – Provides summary of user access
  • Table – Provides details on user access
| + diff --git a/docs/accessanalyzer/11.6/solutions/box/box_groupmembership.md b/docs/accessanalyzer/11.6/solutions/box/box_groupmembership.md index 596abcb2f3..d5b694d234 100644 --- a/docs/accessanalyzer/11.6/solutions/box/box_groupmembership.md +++ b/docs/accessanalyzer/11.6/solutions/box/box_groupmembership.md @@ -14,8 +14,11 @@ environment. Navigate to **Box** > **Box_GroupMembership** > **Configure** node and select **Analysis** to view analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the Box_GroupMembership Job](/img/product_docs/accessanalyzer/11.6/solutions/box/groupmembershipanalysis.webp) @@ -27,6 +30,7 @@ The following analysis task is selected by default: In addition to the tables created by the analysis tasks, the Box_Content Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| --------------------------------------- | ---------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Group Membership (Box Group Membership) | This report summarizes Box group membership and lists all group membership across the audited environment. | None | This report is comprised of three elements: - Bar Chart – Displays top groups by member count - Table – Provides summary of group membership - Table – Provides details on group membership | +| Report | Description | Default Tags | Report Elements | +| --------------------------------------- | ---------------------------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Group Membership (Box Group Membership) | This report summarizes Box group membership and lists all group membership across the audited environment. | None | This report is comprised of three elements:
  • Bar Chart – Displays top groups by member count
  • Table – Provides summary of group membership
  • Table – Provides details on group membership
| + diff --git a/docs/accessanalyzer/11.6/solutions/box/collection/1-box_access_scans.md b/docs/accessanalyzer/11.6/solutions/box/collection/1-box_access_scans.md index f679d0bb01..4933e65eb2 100644 --- a/docs/accessanalyzer/11.6/solutions/box/collection/1-box_access_scans.md +++ b/docs/accessanalyzer/11.6/solutions/box/collection/1-box_access_scans.md @@ -76,8 +76,11 @@ opens. configured. Click **Authorize** to launch the BoxLogin window and generate an authorization code. This code allows Enterprise Auditor to report on the Box Enterprise. -**NOTE:** Authentication to the target Box environment only needs to be completed once, prior to the +:::note +Authentication to the target Box environment only needs to be completed once, prior to the first scan and only in one of the scan jobs. +::: + **Step 7 –** Navigate to the Summary page, click **Finish** to save any setting modifications or click **Cancel** if no changes were made. Then click **OK** to close the Query Properties window. diff --git a/docs/accessanalyzer/11.6/solutions/box/collection/1-box_activity_scans.md b/docs/accessanalyzer/11.6/solutions/box/collection/1-box_activity_scans.md index 9766e0d410..1a7183183d 100644 --- a/docs/accessanalyzer/11.6/solutions/box/collection/1-box_activity_scans.md +++ b/docs/accessanalyzer/11.6/solutions/box/collection/1-box_activity_scans.md @@ -89,8 +89,11 @@ opens. configured. Click **Authorize** to launch the BoxLogin window and generate an authorization code. This code allows Enterprise Auditor to report on the Box Enterprise. -**NOTE:** Authentication to the target Box environment only needs to be completed once, prior to the +:::note +Authentication to the target Box environment only needs to be completed once, prior to the first scan and only in one of the scan jobs. +::: + **Step 10 –** Navigate to the Summary page, click **Finish** to save any setting modifications or click **Cancel** if no changes were made. Then click **OK** to close the Query Properties window. diff --git a/docs/accessanalyzer/11.6/solutions/box/content/box_filemetrics.md b/docs/accessanalyzer/11.6/solutions/box/content/box_filemetrics.md index 36eb2ff313..458424748e 100644 --- a/docs/accessanalyzer/11.6/solutions/box/content/box_filemetrics.md +++ b/docs/accessanalyzer/11.6/solutions/box/content/box_filemetrics.md @@ -9,14 +9,20 @@ sidebar_position: 10 The Box_FileMetrics Job offers insight into content sizing, staleness, and ownership of files in the Box environment. -**NOTE:** The staleness threshold can be customized within the **File Metrics Details** analysis. +:::note +The staleness threshold can be customized within the **File Metrics Details** analysis. +::: + ## Analysis Tasks for the Box_FileMetrics Job Navigate to **Box** > **2.Content** > **Box_FileMetrics** > **Configure** node and select **Analysis** to view analysis tasks. -**CAUTION:** Most of these analysis tasks should never be modified and never be deselected. +:::warning +Most of these analysis tasks should never be modified and never be deselected. +::: + ![Analysis Tasks for the Box_FileMetrics Job](/img/product_docs/accessanalyzer/11.6/solutions/box/content/filemetricsanalysis.webp) @@ -40,10 +46,11 @@ The following analysis tasks are selected by default: In addition to the tables created by the analysis tasks, the Box_FileMetrics Job produces the following pre-configured reports: -| Report | Description | Default Tags | Report Elements | -| ------------------ | --------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Files by Extension | This report summarizes the Box content by file extension. | None | This report is comprised of four elements: - Pie Chart – Displays top 20 file counts by file extension - Bar Chart – Displays top 5 file size by file extension - Table – Provides details on file counts by file extension - Table – Provides details on file size by file extension | -| Files by User | This report summarizes the Box content by user. | None | This report is comprised of four elements: - Bar Chart – Displays top 5 file count by user - Bar Chart – Displays top 5 file size by user - Table – Provides details on file count by user - Table – Provides details on file size by user | +| Report | Description | Default Tags | Report Elements | +| ------------------ | --------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Files by Extension | This report summarizes the Box content by file extension. | None | This report is comprised of four elements:
  • Pie Chart – Displays top 20 file counts by file extension
  • Bar Chart – Displays top 5 file size by file extension
  • Table – Provides details on file counts by file extension
  • Table – Provides details on file size by file extension
| +| Files by User | This report summarizes the Box content by user. | None | This report is comprised of four elements:
  • Bar Chart – Displays top 5 file count by user
  • Bar Chart – Displays top 5 file size by user
  • Table – Provides details on file count by user
  • Table – Provides details on file size by user
| + ### Customize Analysis Tasks for the Box_FileMetrics Job diff --git a/docs/accessanalyzer/11.6/solutions/box/content/box_foldermetrics.md b/docs/accessanalyzer/11.6/solutions/box/content/box_foldermetrics.md index 2d15ad578b..1654c3fe3a 100644 --- a/docs/accessanalyzer/11.6/solutions/box/content/box_foldermetrics.md +++ b/docs/accessanalyzer/11.6/solutions/box/content/box_foldermetrics.md @@ -9,16 +9,22 @@ sidebar_position: 20 The Box_FolderMetrics Job offers insight into content sizing, staleness, and ownership of folders in the Box environment. -**NOTE:** The staleness threshold can be customized within the **Folder Metrics Details** analysis. +:::note +The staleness threshold can be customized within the **Folder Metrics Details** analysis. Largest and smallest folder size thresholds can be configured in a similar way on their respective analysis tasks. +::: + ## Analysis Tasks for the Box_FolderMetrics Job Navigate to **Box** > **2.Content** > **Box_FolderMetrics** > **Configure** node and select **Analysis** to view analysis tasks. -**CAUTION:** Most of these analysis tasks should never be modified and never be deselected. +:::warning +Most of these analysis tasks should never be modified and never be deselected. +::: + ![Analysis Tasks for the Box_FolderMetrics Job](/img/product_docs/accessanalyzer/11.6/solutions/box/content/foldermetricsanalysis.webp) @@ -38,10 +44,11 @@ The following analysis tasks are selected by default: In addition to the tables created by the analysis tasks, the Box_FolderMetrics Job produces the following pre-configured reports. -| Report | Description | Default Tags | Report Elements | -| ---------------- | ------------------------------------------------------ | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Largest Folders | This report summarizes the Box content by folder size. | None | This report is comprised of two elements: - Bar Chart – Displays top 5 largest folders - Table – Provides details on largest folders | -| Smallest Folders | This report summarizes the Box content by folder size. | None | This report is comprised of three elements: - Bar Chart – Displays top 5 smallest folders with files - Table – Provides details on smallest folders with files - Table – Provides details on empty folders | +| Report | Description | Default Tags | Report Elements | +| ---------------- | ------------------------------------------------------ | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Largest Folders | This report summarizes the Box content by folder size. | None | This report is comprised of two elements:
  • Bar Chart – Displays top 5 largest folders
  • Table – Provides details on largest folders
| +| Smallest Folders | This report summarizes the Box content by folder size. | None | This report is comprised of three elements:
  • Bar Chart – Displays top 5 smallest folders with files
  • Table – Provides details on smallest folders with files
  • Table – Provides details on empty folders
| + ### Customizable Analysis Tasks for the Box_FolderMetrics Job diff --git a/docs/accessanalyzer/11.6/solutions/box/overview.md b/docs/accessanalyzer/11.6/solutions/box/overview.md index 5d39b83eb4..af3ee0e1a6 100644 --- a/docs/accessanalyzer/11.6/solutions/box/overview.md +++ b/docs/accessanalyzer/11.6/solutions/box/overview.md @@ -10,17 +10,17 @@ The Box solution set contains jobs to provide visibility into Box access rights, configurations, activities, and more, ensuring you never lose sight or control of your critical assets residing in Box. -Supported Platforms +**Supported Platforms** - Box for Business -Requirements, Permissions, and Ports +**Requirements, Permissions, and Ports** See the -[Target Box Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/box/box_1.md) +[Target Box Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/box/target.md) topic for additional information. -Location +**Location** The Box Solution requires a special Enterprise Auditor license. It can be installed from the Instant Job Wizard. Once it has been installed into the Jobs tree, navigate to the solution: **Jobs** > diff --git a/docs/accessanalyzer/11.6/solutions/box/recommended.md b/docs/accessanalyzer/11.6/solutions/box/recommended.md index 519818989c..1de3044c39 100644 --- a/docs/accessanalyzer/11.6/solutions/box/recommended.md +++ b/docs/accessanalyzer/11.6/solutions/box/recommended.md @@ -8,13 +8,13 @@ sidebar_position: 10 The jobs that run analysis tasks in the Box Solution requires the host list to be assigned. -Dependencies +**Dependencies** - The .Active Directory Inventory Job Group must be successfully run prior to running this Job Group - 2-Box_Import Job – Imports data collected by the 1-Box_Access Scans Job and 1-Box_Activity Scans Job -Targeted Hosts +**Targeted Hosts** - Enterprise_ID for the target Box environment @@ -27,7 +27,7 @@ for each target named to identify the target, for example EMEA Box. Copying the number to the job’s name. Once authorization codes have been generated for each 1-Box_Access Scans Job and 1-Box_Activity Scans Job, then the solution can be scheduled to run as desired. -Connection Profile +**Connection Profile** The Box Solution requires a specific credential for the Connection Profile which has access to the SA Installer location. It is also necessary to authenticate to the target Box environment, which is @@ -39,17 +39,17 @@ the query configuration either in the 1-Box_Access Scans Job’ Authentication w [Box Data Collector](/docs/accessanalyzer/11.6/admin/datacollector/box/overview.md) topic for additional information. -Access Token +**Access Token** The Access Token is valid for 60 days. If Box scans are running on a regular schedule, then the Access Token automatically refreshes once an hour. However, if it has been more than 60 days since the last scan, it is necessary to regenerate the Access Token. -Schedule Frequency +**Schedule Frequency** The Box Job Group can be scheduled to run as desired. -Query Configuration +**Query Configuration** This solution can be run with the default query configuration. However, the following queries in the 0.Collection Job Group can be modified to limit the depth of the scan: @@ -59,7 +59,7 @@ This solution can be run with the default query configuration. However, the foll The Box_Import Job's Import query is preconfigured to run a full import and should not be modified. -Analysis Configuration +**Analysis Configuration** This solution can be run with the default analysis configuration. However, the following parameters can be modified: @@ -70,7 +70,7 @@ can be modified: - 2.Content > Box_FileMetrics in the File Metrics Details analysis task - 2.Content > Box_FolderMetrics Folder in the Metrics Details analysis task -Workflow +**Workflow** **Step 1 –** Prerequisite: Run the .Active Directory Inventory Job Group. @@ -85,7 +85,10 @@ first scan. **Step 5 –** Schedule the Box Job Group to run as desired. -**NOTE:** The 0.Collection > 2-Box_Import Job must be run after the 1-Box_Access Scans Job and +:::note +The 0.Collection > 2-Box_Import Job must be run after the 1-Box_Access Scans Job and 1-Box_Activity Scans Job because it imports the data collected by the scan jobs. +::: + **Step 6 –** Review the reports generated by the jobs. diff --git a/docs/accessanalyzer/11.6/solutions/databases/azuresql/collection/azuresql_permissionscan.md b/docs/accessanalyzer/11.6/solutions/databases/azuresql/collection/azuresql_permissionscan.md deleted file mode 100644 index 0f6c513d04..0000000000 --- a/docs/accessanalyzer/11.6/solutions/databases/azuresql/collection/azuresql_permissionscan.md +++ /dev/null @@ -1,5 +0,0 @@ -# AzureSQL_PermissionsScan Job - -This job uses the -[SQL Data Collector](/docs/accessanalyzer/11.6/admin/datacollector/sql/overview.md) -to scan Azure SQL database permissions. diff --git a/docs/accessanalyzer/11.6/solutions/databases/db2/collection/db2_permissionscan.md b/docs/accessanalyzer/11.6/solutions/databases/db2/collection/db2_permissionscan.md index df8e4f1e1e..5763272e5a 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/db2/collection/db2_permissionscan.md +++ b/docs/accessanalyzer/11.6/solutions/databases/db2/collection/db2_permissionscan.md @@ -12,7 +12,10 @@ This job collects Db2 database level permissions from all the targeted Db2 datab The 2-Db2_PermissionScan Job uses the SQL Data Collector for queries. -**CAUTION:** Do not modify the query. The query is preconfigured for this job. +:::warning +Do not modify the query. The query is preconfigured for this job. +::: + ![Query Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/db2/collection/permissionsscanquery.webp) @@ -37,8 +40,11 @@ see Navigate to the **Databases** > **0.Collection** > **Db2** > **2-Db2_PermissionScan** > **Configure** node and select Analysis to view the Analysis Tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/db2/collection/permissionsscananalysis.webp) diff --git a/docs/accessanalyzer/11.6/solutions/databases/db2/collection/db2_sensitivedatascan.md b/docs/accessanalyzer/11.6/solutions/databases/db2/collection/db2_sensitivedatascan.md index d549a291c7..f63e7073ab 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/db2/collection/db2_sensitivedatascan.md +++ b/docs/accessanalyzer/11.6/solutions/databases/db2/collection/db2_sensitivedatascan.md @@ -44,9 +44,12 @@ with Sensitive Data Collection category selected. [SQL: Options](/docs/accessanalyzer/11.6/admin/datacollector/sql/options.md) page for additional information. -**CAUTION:** The Sensitive Data Scan Settings are preconfigured for optimal performance for a +:::warning +The Sensitive Data Scan Settings are preconfigured for optimal performance for a high-level table scan. Configuring these settings to increase the scope of the sensitive data scan may significantly increase scan time. +::: + **Step 6 –** Click **Next**. The Select Criteria view appears. @@ -55,11 +58,14 @@ may significantly increase scan time. **Step 7 –** To modify criteria, click on **Use the following selected criteria:** and select your choices. By default, the Sensitive Data Scan job is set to **Use Global Criteria**. -**NOTE:** For more information on adding or deleting criteria, navigate to the +:::note +For more information on adding or deleting criteria, navigate to the [SQL: Criteria](/docs/accessanalyzer/11.6/admin/datacollector/sql/criteria.md) page or See the [Sensitive Data Criteria Editor](/docs/accessanalyzer/11.6/sensitivedatadiscovery/criteriaeditor/overview.md) topic for additional information. +::: + **Step 8 –** Click **Next**. The Filters view appears. @@ -67,8 +73,11 @@ topic for additional information. **Step 9 –** Click **Connections** to open the Manage Connections window. -**NOTE:** SQL databases must be added to the query before they can be scanned. Before you can add a +:::note +SQL databases must be added to the query before they can be scanned. Before you can add a query, you must establish a connection to the database. +::: + ![Manage Connections](/img/product_docs/accessanalyzer/11.6/solutions/databases/db2/collection/sensitivedataconnection.webp) @@ -88,9 +97,12 @@ the new connection. Once validated, click **Create New Connection** to finalize **Step 12 –** Navigate to the Filter page. Select Only select database objects or **All database objects**. Collection queries are configured by default to target Only select database objects. -**NOTE:** For more information on filtering, see the +:::note +For more information on filtering, see the [SQL: Filter](/docs/accessanalyzer/11.6/admin/datacollector/sql/filter.md) page. +::: + **Step 13 –** Click Retrieve. The Available database objects box will populate. @@ -114,8 +126,11 @@ The 1-Db2_SensitsveDataScan Job is now ready to run with the customized settings Navigate to the **Databases** > **0.Collection** > **Db2** > **1-Db2_SensitiveDataScan** > **Configure** node and select **Analysis** to view the Analysis Tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/db2/collection/sensitivedatascananalysis.webp) diff --git a/docs/accessanalyzer/11.6/solutions/databases/db2/db2_databasesizing.md b/docs/accessanalyzer/11.6/solutions/databases/db2/db2_databasesizing.md index 2b1db09117..cd0a157806 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/db2/db2_databasesizing.md +++ b/docs/accessanalyzer/11.6/solutions/databases/db2/db2_databasesizing.md @@ -17,8 +17,11 @@ This job is located in the Configuration job group. Navigate to the **Jobs** > **Databases** > **Db2** > **Configuration** > **Db2_DatabaseSizing** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the Db2_DatabaseSizing Job](/img/product_docs/accessanalyzer/11.6/solutions/databases/db2/databasesizinganalysis.webp) @@ -32,6 +35,7 @@ The default analysis tasks are: In addition to the tables and views created the analysis task, the Db2_DatabaseSizing job produces the following preconfigured report. -| Report | Description | Default Tags | Report Elements | -| --------------- | ---------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Database Sizing | Provides details on database tables and sizing | None | This report is comprised of three elements: - Bar Chart – Displays top databases by size (MB) - Bar Chart – Displays top hosts by size (GB) - Table – Displays details on database sizing | +| Report | Description | Default Tags | Report Elements | +| --------------- | ---------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Database Sizing | Provides details on database tables and sizing | None | This report is comprised of three elements:
  • Bar Chart – Displays top databases by size (MB)
  • Bar Chart – Displays top hosts by size (GB)
  • Table – Displays details on database sizing
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/db2/overview.md b/docs/accessanalyzer/11.6/solutions/databases/db2/overview.md index 14f4b540ab..8b3b461002 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/db2/overview.md +++ b/docs/accessanalyzer/11.6/solutions/databases/db2/overview.md @@ -10,17 +10,17 @@ The Enterprise Auditor Db2 Solution Set is a comprehensive set of pre-configured reports that provide visibility into various aspects of Db2: Data Collection, Configuration, user Permissions, and Sensitive Data. -Supported Platforms +**Supported Platforms** - DB2LUW 11+ -Requirements, Permissions, and Ports +**Requirements, Permissions, and Ports** See the -[Target Db2 Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/databases/databasedb2.md) +[Target Db2 Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/databases/db2.md) topic for additional information. -Sensitive Data Discovery Considerations +**Sensitive Data Discovery Considerations** The Sensitive Data Discovery Add-On must be installed on the Enterprise Auditor Console server, which enables Sensitive Data criteria for scans. If running Sensitive Data Discovery (SDD) scans, it @@ -28,13 +28,16 @@ will be necessary to increase the minimum amount of RAM. Each thread requires a additional GB of RAM per host. For example, if the job is configured to scan 8 hosts at a time , then an extra 16 GB of RAM are required (8x2=16). -**NOTE:** The Sensitive Data Discovery Add-on installation package installs the appropriate JDK +:::note +The Sensitive Data Discovery Add-on installation package installs the appropriate JDK (Java) version on the server. The JDK deployed is prepackaged and does not require any configuration; it has been preconfigured to work with Enterprise Auditor and should never be customized through Java. It will not conflict with other JDKs or Java Runtimes in the same environment. +::: -Location + +**Location** The Db2 Solution requires a special Enterprise Auditor license. It can be installed from the Enterprise Auditor Instant Job Wizard. Once it has been installed in the Jobs tree, navigate to the diff --git a/docs/accessanalyzer/11.6/solutions/databases/db2/permissions/db2_directpermissions.md b/docs/accessanalyzer/11.6/solutions/databases/db2/permissions/db2_directpermissions.md index 2c5044b6aa..b169d6a339 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/db2/permissions/db2_directpermissions.md +++ b/docs/accessanalyzer/11.6/solutions/databases/db2/permissions/db2_directpermissions.md @@ -14,8 +14,11 @@ targeted Db2 database servers. Navigate to the **Jobs** > **Databases** > **Db2** > **Permissions** > **Db2_DirectPermissions** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the Db2_DirectPermissions Job](/img/product_docs/accessanalyzer/11.6/solutions/databases/db2/permissions/directpermissionsanalysis.webp) @@ -29,6 +32,7 @@ The default analysis tasks are: In addition to the tables and views created the analysis task, the Db2_DirectPermissions job produces the following preconfigured report. -| Report | Description | Default Tags | Report Elements | -| ------------------ | ----------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Direct Permissions | This report shows details on the direct permissions in the audited Db2 environment. | None | This report is comprised of three elements: - Bar Chart – Displays Database Summary - Table – Displays Database Summary - Table – Displays permissions details | +| Report | Description | Default Tags | Report Elements | +| ------------------ | ----------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Direct Permissions | This report shows details on the direct permissions in the audited Db2 environment. | None | This report is comprised of three elements:
  • Bar Chart – Displays Database Summary
  • Table – Displays Database Summary
  • Table – Displays permissions details
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/db2/permissions/db2_effectivepermissions.md b/docs/accessanalyzer/11.6/solutions/databases/db2/permissions/db2_effectivepermissions.md index 1c9d64964f..deb8ea42df 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/db2/permissions/db2_effectivepermissions.md +++ b/docs/accessanalyzer/11.6/solutions/databases/db2/permissions/db2_effectivepermissions.md @@ -15,8 +15,11 @@ Navigate to the **Jobs** > **Databases** > **Db2** > **Permissions** > **Db2_EffectivePermissions** > **Configure** node and select **Analysis** to view the Analysis Tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the Db2 _EffectivePermissions Job](/img/product_docs/accessanalyzer/11.6/solutions/databases/db2/permissions/effectivepermissionsanalysis.webp) @@ -30,6 +33,7 @@ The default analysis tasks are: In addition to the tables and views created the analysis task, the Db2_EffectivePermissions job produces the following preconfigured report. -| Report | Description | Default Tags | Report Elements | -| --------------------- | ---------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Effective Permissions | This report shows details on effective permissions in the audited Db2 environment. | None | This report is comprised of three elements: - Bar Chart – Displays Database Summary - Table – Displays Database Summary - Table – Displays permissions details | +| Report | Description | Default Tags | Report Elements | +| --------------------- | ---------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Effective Permissions | This report shows details on effective permissions in the audited Db2 environment. | None | This report is comprised of three elements:
  • Bar Chart – Displays Database Summary
  • Table – Displays Database Summary
  • Table – Displays permissions details
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/db2/recommended.md b/docs/accessanalyzer/11.6/solutions/databases/db2/recommended.md index a2f789fcbf..04fa896d49 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/db2/recommended.md +++ b/docs/accessanalyzer/11.6/solutions/databases/db2/recommended.md @@ -11,7 +11,7 @@ it is best practice to assign the host list and the Connection Profile at the da the 0.Collection Job Group. Once these are assigned to the job group, it can be run directly or scheduled. -Dependencies +**Dependencies** - Successful installation of the IBM Data Server Client. In addition, the following clients and drivers must be installed: @@ -24,13 +24,16 @@ Dependencies - IBM Database Add-Ins for Visual Studio - IBM .NET Driver NuGet - **NOTE:** All necessary clients and drivers can be found on IBM Support's + :::note + All necessary clients and drivers can be found on IBM Support's [Download initial version 11.5 clients and drivers](https://www.ibm.com/support/pages/download-initial-version-115-clients-and-drivers) page. + ::: + - .Instance Discovery Job Group run successfully -Targeted Host(s) +**Targeted Host(s)** The Db2 Job Group has been configured to inherit the host list assignment from the collection group level. @@ -38,7 +41,7 @@ level. The host list assignment should be assigned under the **Databases** > **0.Collection** > **Db2** > **Settings** > **Host List Assignment** node. The Local host box is checked by default. -Connection Profile +**Connection Profile** The SQL Data Collector requires a specific set of permissions. See the Permissions section for necessary permissions. The account used can be either an Active Directory account or a SQL account. @@ -57,16 +60,19 @@ See the [Connection](/docs/accessanalyzer/11.6/admin/settings/connection/overview.md) topic for additional information. -Schedule Frequency +**Schedule Frequency** This job group can be scheduled to run as desired. -Run Order +**Run Order** The 0.Collection Jobs must be run first and in order. The other Db2 sub-job groups can be run in any order, together or individually, after running the 0.Collection Job Group. -**_RECOMMENDED:_** Run the solution at the top level. +:::info +Run the solution at the top level. +::: + **Workflow** diff --git a/docs/accessanalyzer/11.6/solutions/databases/db2/sensitivedata/db2_sensitivedata.md b/docs/accessanalyzer/11.6/solutions/databases/db2/sensitivedata/db2_sensitivedata.md index 144369a30a..17f523ab1b 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/db2/sensitivedata/db2_sensitivedata.md +++ b/docs/accessanalyzer/11.6/solutions/databases/db2/sensitivedata/db2_sensitivedata.md @@ -14,8 +14,11 @@ database servers based on the selection scan criteria. Navigate to the **Jobs** > **Databases** > **Db2** > **Sensitive Data** > **Db2_Sensitive Data** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the Db2 _SensitiveData Job](/img/product_docs/accessanalyzer/11.6/solutions/databases/db2/sensitivedata/sensitivedataanalysis.webp) @@ -30,7 +33,8 @@ The default analysis tasks are: In addition to the tables and views created the analysis task, the Db2_SensitiveData job produces the following preconfigured reports. -| Report | Description | Default Tags | Report Elements | -| ----------------------- | ---------------------------------------------------------------------------- | -------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Enterprise Summary | This report shows a summary of the criteria matches found in the Enterprise. | Sensitive Data | This report is comprised of two elements: - Bar Chart – Displays Exceptions by March Count - Table – Displays data details | -| Sensitive Data Overview | This report highlights objects which contain sensitive data criteria. | Sensitive Data | This report is comprised of three elements: - Bar Chart – Displays Top Databases by Sensitive Data Hits - Table – Displays Top Databases by Sensitive Data Hits - Table – Displays data details | +| Report | Description | Default Tags | Report Elements | +| ----------------------- | ---------------------------------------------------------------------------- | -------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Enterprise Summary | This report shows a summary of the criteria matches found in the Enterprise. | Sensitive Data | This report is comprised of two elements:
  • Bar Chart – Displays Exceptions by March Count
  • Table – Displays data details
| +| Sensitive Data Overview | This report highlights objects which contain sensitive data criteria. | Sensitive Data | This report is comprised of three elements:
  • Bar Chart – Displays Top Databases by Sensitive Data Hits
  • Table – Displays Top Databases by Sensitive Data Hits
  • Table – Displays data details
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/db2/sensitivedata/db2_sensitivedatapermissions.md b/docs/accessanalyzer/11.6/solutions/databases/db2/sensitivedata/db2_sensitivedatapermissions.md index b6324e2e58..58694a4911 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/db2/sensitivedata/db2_sensitivedatapermissions.md +++ b/docs/accessanalyzer/11.6/solutions/databases/db2/sensitivedata/db2_sensitivedatapermissions.md @@ -15,8 +15,11 @@ Navigate to the **Jobs** > **Databases** > **Db2** > **Sensitive Data** > **Db2_SensitiveDataPermissions** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the Db2_SensitiveDataPermissions Job](/img/product_docs/accessanalyzer/11.6/solutions/databases/db2/sensitivedata/sensitivedatapermissionsanalysis.webp) @@ -31,6 +34,7 @@ The default analysis tasks are: In addition to the tables and views created the analysis task, the Db2_SensitiveDataPermissions job has the following preconfigured report. -| Report | Description | Default Tags | Report Elements | -| -------------------------- | ----------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Sensitive Data Permissions | This report highlights sensitive data permissions in the audited environment. | None | This report is comprised of three elements: - Bar Chart – Displays Top Databases by Permission Count - Table – Displays Database Sensitive Data Permissions Summary - Table – Displays data details | +| Report | Description | Default Tags | Report Elements | +| -------------------------- | ----------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Sensitive Data Permissions | This report highlights sensitive data permissions in the audited environment. | None | This report is comprised of three elements:
  • Bar Chart – Displays Top Databases by Permission Count
  • Table – Displays Database Sensitive Data Permissions Summary
  • Table – Displays data details
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/mongodb/collection/mongodb_configuration.md b/docs/accessanalyzer/11.6/solutions/databases/mongodb/collection/mongodb_configuration.md index 2a23a24005..461785786c 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/mongodb/collection/mongodb_configuration.md +++ b/docs/accessanalyzer/11.6/solutions/databases/mongodb/collection/mongodb_configuration.md @@ -13,7 +13,10 @@ configuration settings for use in the following analysis jobs and respective rep The MongoDB_Configuration Job uses the NoSQL Data Collector for queries. -**CAUTION:** Do not modify the query. The query is preconfigured for this job. +:::warning +Do not modify the query. The query is preconfigured for this job. +::: + ![Query Selection - Mongo DB](/img/product_docs/accessanalyzer/11.6/solutions/databases/mongodb/collection/configurationjob.webp) diff --git a/docs/accessanalyzer/11.6/solutions/databases/mongodb/collection/mongodb_sensitivedatascan.md b/docs/accessanalyzer/11.6/solutions/databases/mongodb/collection/mongodb_sensitivedatascan.md index baec84626e..d165bfc4e3 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/mongodb/collection/mongodb_sensitivedatascan.md +++ b/docs/accessanalyzer/11.6/solutions/databases/mongodb/collection/mongodb_sensitivedatascan.md @@ -36,8 +36,11 @@ The Query Properties window opens. **Step 3 –** Select the Data Source tab, and click Configure. The NoSQL Data Collector Wizard opens. -**CAUTION:** Do not make changes to wizard pages not listed in these steps. They have been +:::warning +Do not make changes to wizard pages not listed in these steps. They have been pre-configured for this job. +::: + **Step 4 –** Navigate to the [NoSQL: Options](/docs/accessanalyzer/11.6/admin/datacollector/nosql/options.md). @@ -59,9 +62,12 @@ Global Criteria settings. See the [Sensitive Data Criteria Editor](/docs/accessanalyzer/11.6/sensitivedatadiscovery/criteriaeditor/overview.md) topic for additional information. -**NOTE:** The Sensitive Data Scan Settings are pre-configured for optimal performance for a +:::note +The Sensitive Data Scan Settings are pre-configured for optimal performance for a high-level table scan. Configuring these settings to increase the scope of the sensitive data scan may significantly increase scan time. +::: + **Step 8 –** Navigate to the [NoSQL: Filter](/docs/accessanalyzer/11.6/admin/datacollector/nosql/filter.md) @@ -115,8 +121,11 @@ The MongoDB SDD Query is now ready to run with the customized settings. Navigate to the Databases > > 0.Collection > MongoDB > MongoDB_SensitiveDataScan > Configure node and select Analysis to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/mongodb/collection/analysissensitivedatascan.webp) diff --git a/docs/accessanalyzer/11.6/solutions/databases/mongodb/mongodb_databasesizing.md b/docs/accessanalyzer/11.6/solutions/databases/mongodb/mongodb_databasesizing.md index 8dfcadd075..bfefefd303 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/mongodb/mongodb_databasesizing.md +++ b/docs/accessanalyzer/11.6/solutions/databases/mongodb/mongodb_databasesizing.md @@ -1,16 +1,21 @@ --- -title: "mongodb_databasesizing" -description: "mongodb_databasesizing" +title: "Configuration > MongoDB_Database_Sizing Job" +description: "Configuration > MongoDB_Database_Sizing Job" sidebar_position: 30 --- -### Analysis Tasks for the MongoDB_Database_Sizing Job +# Configuration > MongoDB_Database_Sizing Job + +## Analysis Tasks for the MongoDB_Database_Sizing Job Navigate to the **Jobs > Databases > MongoDB > Configuration > MongoDB_DatabaseSizing > Configure** node and select Analysis to view the Analysis Tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/mongodb/databasesizingjobanalysis.webp) @@ -24,6 +29,7 @@ The default analysis tasks are: In addition to the tables and views created the analysis task, the MongoDB_DatabaseSizing Job produces the following pre-configured reports. -| Report | Description | Default Tags | Report Elements | -| --------------- | -------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Database Sizing | This report highlights the size of databases in MongoDB. | None. | This report is comprised of three elements: - Bar Chart - Displays top databases by size (MB) - Bar Chart - Displays database size by host (GB) - Table - Displays details on database sizing | +| Report | Description | Default Tags | Report Elements | +| --------------- | -------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Database Sizing | This report highlights the size of databases in MongoDB. | None. | This report is comprised of three elements:
  • Bar Chart
  • Displays top databases by size (MB)
  • Bar Chart
  • Displays database size by host (GB)
  • Table
  • Displays details on database sizing
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/mongodb/mongodb_sensitivedata.md b/docs/accessanalyzer/11.6/solutions/databases/mongodb/mongodb_sensitivedata.md index ccdbc1f755..4a8dd52c17 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/mongodb/mongodb_sensitivedata.md +++ b/docs/accessanalyzer/11.6/solutions/databases/mongodb/mongodb_sensitivedata.md @@ -21,8 +21,11 @@ The job in the Sensitive Data Job Group is: Navigate to the MongoDB > **Databases** > **Sensitive Data**> MongoDB_SensitiveData > Configure node and select Analysis to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/mongodb/analysismongodbsensitivedatajob.webp) @@ -37,7 +40,8 @@ The default analysis tasks are: In addition to the tables and views created the analysis task, the MongoDB_SensitiveData Job produces the following preconfigured reports. -| Report | Description | Default Tags | Report Elements | -| ----------------------- | ---------------------------------------------------------------------------- | -------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Enterprise Summary | This report shows a summary of the criteria matches found in the Enterprise. | None | This report is comprised of two elements: - Bar Chart - Displays exceptions by Match Count - Table - Displays exception details | -| Sensitive Data Overview | This report highlights objects which contain sensitive data criteria. | Sensitive Data | This report is comprised of three elements: - Bar Chart - Displays top databases by Sensitive Data Hits - Table - Provides details on top databases by Sensitive Data Hits - Table - Provides details | +| Report | Description | Default Tags | Report Elements | +| ----------------------- | ---------------------------------------------------------------------------- | -------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Enterprise Summary | This report shows a summary of the criteria matches found in the Enterprise. | None | This report is comprised of two elements:
  • Bar Chart
  • Displays exceptions by Match Count
  • Table
  • Displays exception details
| +| Sensitive Data Overview | This report highlights objects which contain sensitive data criteria. | Sensitive Data | This report is comprised of three elements:
  • Bar Chart
  • Displays top databases by Sensitive Data Hits
  • Table
  • Provides details on top databases by Sensitive Data Hits
  • Table
  • Provides details
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/mongodb/overview.md b/docs/accessanalyzer/11.6/solutions/databases/mongodb/overview.md index d79ac5fa16..b295be56bc 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/mongodb/overview.md +++ b/docs/accessanalyzer/11.6/solutions/databases/mongodb/overview.md @@ -26,20 +26,20 @@ risks to sensitive data. Additionally, organizations can automate manual, time-c expensive processes associated with compliance, security, and operations to easily adhere to best practices that keep MongoDB Server safe and operational. -Supported Platforms +**Supported Platforms** - MongoDB 5.0 - MongoDB 6.0 - MongoDB 7.0 - Windows and Linux distributions supported by MongoDB -Requirements, Permissions, and Ports +**Requirements, Permissions, and Ports** See the -[Target MongoDB Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/databases/databasemongodb.md) +[Target MongoDB Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/databases/mongodb.md) topic for additional information. -Sensitive Data Discovery Considerations +**Sensitive Data Discovery Considerations** The Sensitive Data Discovery Add-On must be installed on the Enterprise Auditor Console server, which enables Sensitive Data criteria for scans. If running Sensitive Data Discovery (SDD) scans, it @@ -50,13 +50,16 @@ then an extra 16 GB of RAM are required (8x2=16). By default, the job is configured to use 10 threads, which can be adjusted based on available resources on the Enterprise Auditor server. -**NOTE:** The Sensitive Data Discovery Add-on installation package installs the appropriate JDK +:::note +The Sensitive Data Discovery Add-on installation package installs the appropriate JDK (Java) version on the server. The JDK deployed is prepackaged and does not require any configuration; it has been preconfigured to work with Enterprise Auditor and should never be customized through Java. It will not conflict with other JDKs or Java Runtimes in the same environment. +::: -Location + +**Location** The Structured Sensitive Data Discovery License is required to run the MongoDB Solution. The MongoDB Solution can be installed from the Enterprise Auditor Instant Job Wizard. Once it has been installed diff --git a/docs/accessanalyzer/11.6/solutions/databases/mongodb/recommended.md b/docs/accessanalyzer/11.6/solutions/databases/mongodb/recommended.md index e625d2b617..b17ed9c6ee 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/mongodb/recommended.md +++ b/docs/accessanalyzer/11.6/solutions/databases/mongodb/recommended.md @@ -11,7 +11,7 @@ it is best practice to assign the host list and the Connection Profile at the da the 0.Collection Job Group. Once these are assigned to the job group, it can be run directly or scheduled. -Dependencies +**Dependencies** - Query must be configured with list of target database clusters / instances - For Sensitive Data Discovery Auditing – Sensitive Data Discovery Add-On installed on the @@ -20,12 +20,12 @@ Dependencies Some of the 0.Collection Job Group queries can be scoped to target specific databases/instances. However, it is necessary to add the databases to the query first. -Targeted Host(s) +**Targeted Host(s)** The 0.Collection Job Group must be set to run against a custom host list containing the MongoDB database instances / clusters. -Connection Profile +**Connection Profile** The NoSQL Data Collector requires a specific set of permission. See the Permissions section for necessary permissions. The account used can be either an Active Directory account or a SQL account. @@ -44,21 +44,24 @@ See the [Connection](/docs/accessanalyzer/11.6/admin/settings/connection/overview.md) topic for additional information. -Schedule Frequency +**Schedule Frequency** One of the most important decisions to make is how frequently to collect this data. The MongoDB Job Group can be scheduled to run as desired depending on the types of auditing being conducted and the scope of the target environment. The general recommendation is to schedule the solution to run daily. -Run Order +**Run Order** The 0.Collection Jobs must be run first and in order. The other MongoDB Solution sub-job groups can be run in any order, together or individually, after running the 0.Collection Job Group. -**_RECOMMENDED:_** Run the solution at the top level. +:::info +Run the solution at the top level. +::: -Workflow + +**Workflow** 1. Set a Connection Profile for the 0.Collection Job Group with the permissions listed in the Recommended Configurations section. See the @@ -72,7 +75,10 @@ Workflow 3. (Optional) Configure the queries for the jobs in the 0.Collection Job Group 4. Schedule the 0.Collection Job Group to run daily or as desired - **NOTE:** Running the 0.Collection Job Group is a prerequisite for the other job groups in the + :::note + Running the 0.Collection Job Group is a prerequisite for the other job groups in the SQL solution + ::: + 5. Review the reports generated by the 0.Collection Job Group’s jobs diff --git a/docs/accessanalyzer/11.6/solutions/databases/mysql/collection/mysql_configuration.md b/docs/accessanalyzer/11.6/solutions/databases/mysql/collection/mysql_configuration.md index 39900f3c7d..7cedecf065 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/mysql/collection/mysql_configuration.md +++ b/docs/accessanalyzer/11.6/solutions/databases/mysql/collection/mysql_configuration.md @@ -13,7 +13,10 @@ settings for use in the following analysis jobs and respective reports. The MySQL_Configuration Job uses the SQL Data Collector for queries. -**CAUTION:** Do not modify the query. The query is preconfigured for this job. +:::warning +Do not modify the query. The query is preconfigured for this job. +::: + ![Query Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/mysql/collection/configurationjob.webp) diff --git a/docs/accessanalyzer/11.6/solutions/databases/mysql/collection/mysql_sensitivedatascan.md b/docs/accessanalyzer/11.6/solutions/databases/mysql/collection/mysql_sensitivedatascan.md index aea9389ea0..44d12178c7 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/mysql/collection/mysql_sensitivedatascan.md +++ b/docs/accessanalyzer/11.6/solutions/databases/mysql/collection/mysql_sensitivedatascan.md @@ -34,8 +34,11 @@ Properties. The Query Properties window appears. **Step 3 –** Select the Data Source tab, and click Configure. The SQL Data Collector Wizard opens. -**CAUTION:** Do not make changes to other wizard pages as they have been pre-configured for this +:::warning +Do not make changes to other wizard pages as they have been pre-configured for this job. +::: + ![Sensitive Data Scan Settings](/img/product_docs/accessanalyzer/11.6/solutions/databases/mysql/collection/sensitivedatscan_optionspage.webp) @@ -43,9 +46,12 @@ job. [SQL: Options](/docs/accessanalyzer/11.6/admin/datacollector/sql/options.md) page for additional information. -**NOTE:** The Sensitive Data Scan Settings are pre-configured for optimal performance for a +:::note +The Sensitive Data Scan Settings are pre-configured for optimal performance for a high-level table scan. Configuring these settings to increase the scope of the sensitive data scan may significantly increase scan time. +::: + ![DLP Criteria for Scan](/img/product_docs/accessanalyzer/11.6/solutions/databases/mysql/collection/sensitivedatscan_criteriapage.webp) @@ -92,8 +98,11 @@ The MySQL_SensitiveDataScan Job is now ready to run with the customized settings Navigate to the **Databases** > **0.Collection** > **MySQL** > **MySQL_SensitiveDataScan** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/mysql/collection/analysismysqlsensitivedatascan.webp) diff --git a/docs/accessanalyzer/11.6/solutions/databases/mysql/collection/mysql_tableprivileges.md b/docs/accessanalyzer/11.6/solutions/databases/mysql/collection/mysql_tableprivileges.md index d704ab1348..486ea71799 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/mysql/collection/mysql_tableprivileges.md +++ b/docs/accessanalyzer/11.6/solutions/databases/mysql/collection/mysql_tableprivileges.md @@ -13,7 +13,10 @@ servers. The MySQL_TablePrivileges Job uses the SQL Data Collector for queries. -**CAUTION:** Do not modify the query. The query is preconfigured for this job. +:::warning +Do not modify the query. The query is preconfigured for this job. +::: + ![Query Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/mysql/collection/querytableprivileges.webp) @@ -26,8 +29,11 @@ The query is: Navigate to the **Databases** > **0.Collection** > **MySQL** > **MySQL_TablePrivileges** > **Configure** node and select Analysis to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/mysql/collection/analysistableprivileges.webp) diff --git a/docs/accessanalyzer/11.6/solutions/databases/mysql/collection/overview.md b/docs/accessanalyzer/11.6/solutions/databases/mysql/collection/overview.md index 2294c5cc3a..a54559131f 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/mysql/collection/overview.md +++ b/docs/accessanalyzer/11.6/solutions/databases/mysql/collection/overview.md @@ -23,7 +23,7 @@ The jobs in the 0.Collection Job Group are: - [MySQL_TablePrivileges Job](/docs/accessanalyzer/11.6/solutions/databases/mysql/collection/mysql_tableprivileges.md) – Designed to collect MySQL table privileges from all the targeted servers. -Workflow +**Workflow** 1. Set a Connection Profile for the 0.Collection Job Group with the permissions listed in the Recommended Configurations section. See the diff --git a/docs/accessanalyzer/11.6/solutions/databases/mysql/mysql_databasesizing.md b/docs/accessanalyzer/11.6/solutions/databases/mysql/mysql_databasesizing.md index 87355789d5..1fe5105213 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/mysql/mysql_databasesizing.md +++ b/docs/accessanalyzer/11.6/solutions/databases/mysql/mysql_databasesizing.md @@ -19,8 +19,11 @@ The job in the Configuration Job Group is: Navigate to the **Jobs > Databases > MySQL > Configuration > MySQL_DatabaseSizing > Configure** node and select Analysis to view the Analysis Tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/mysql/analysismysqldatabasesizing.webp) @@ -32,6 +35,7 @@ The default analysis tasks are: In addition to the tables and views created the analysis task, the MySQL_DatabaseSizing Job produces the following pre-configured reports. -| Report | Description | Default Tags | Report Elements | -| --------------- | ----------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Database Sizing | This report provides details on database tables and sizing. | | This report is comprised of three elements: - Bar Chart - Displays top databases by size (MB) - Bar Chart - Displays database size by host (GB) - Table - Displays details on database sizing | +| Report | Description | Default Tags | Report Elements | +| --------------- | ----------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Database Sizing | This report provides details on database tables and sizing. | | This report is comprised of three elements:
  • Bar Chart
  • Displays top databases by size (MB)
  • Bar Chart
  • Displays database size by host (GB)
  • Table
  • Displays details on database sizing
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/mysql/overview.md b/docs/accessanalyzer/11.6/solutions/databases/mysql/overview.md index 0aa52beceb..8947c364bd 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/mysql/overview.md +++ b/docs/accessanalyzer/11.6/solutions/databases/mysql/overview.md @@ -33,7 +33,7 @@ Sensitive Data Discovery Add-On enables the solution to search database content By default, the job is configured to use 10 threads, which can be adjusted based on available resources on the Enterprise Auditor server. -Supported Platforms +**Supported Platforms** - MySQL 5.x - MySQL 8.x @@ -41,13 +41,13 @@ Supported Platforms - Amazon Aurora MySQL Engine - MariaDB 10.x -Requirements, Permissions, and Ports +**Requirements, Permissions, and Ports** See the -[Target MySQL Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/databases/databasemysql.md) +[Target MySQL Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/databases/mysql.md) topic for additional information. -Sensitive Data Discovery Considerations +**Sensitive Data Discovery Considerations** The Sensitive Data Discovery Add-On must be installed on the Enterprise Auditor Console server, which enables Sensitive Data criteria for scans.If running Sensitive Data Discovery (SDD) scans, it @@ -55,13 +55,16 @@ will be necessary to increase the minimum amount of RAM. Each thread requires a additional GB of RAM per host.For example, if the job is configured to scan 8 hosts at a time , then an extra 16 GB of RAM are required (8x2=16). -**NOTE:** The Sensitive Data Discovery Add-on installation package installs the appropriate JDK +:::note +The Sensitive Data Discovery Add-on installation package installs the appropriate JDK (Java) version on the server. The JDK deployed is prepackaged and does not require any configuration; it has been preconfigured to work with Enterprise Auditor and should never be customized through Java. It will not conflict with other JDKs or Java Runtimes in the same environment. +::: -Location + +**Location** The Structured Sensitive Data Discovery License is required to run the MySQL Solution. It can be installed from the Enterprise Auditor Instant Job Wizard. Once it has been installed into the Jobs diff --git a/docs/accessanalyzer/11.6/solutions/databases/mysql/recommended.md b/docs/accessanalyzer/11.6/solutions/databases/mysql/recommended.md index 43245a1a06..0db5d8d93b 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/mysql/recommended.md +++ b/docs/accessanalyzer/11.6/solutions/databases/mysql/recommended.md @@ -11,7 +11,7 @@ is best practice to assign the host list and the Connection Profile at the data 0.Collection Job Group. Once these are assigned to the job group, it can be run directly or scheduled. -Dependencies +**Dependencies** - For Sensitive Data Discovery Auditing – Sensitive Data Discovery Add-On installed on the Enterprise Auditor Console server @@ -19,14 +19,14 @@ Dependencies open the properties window. Select the **Performance** tab and ensure that the **Skip Hosts that do not respond to PING**checkbox is not selected. -Targeted Host(s) +**Targeted Host(s)** - The 0.Collection Job Group must be set to run against a custom host list containing the MySQL database instances / clusters. - For AWS RDS instances, specify the endpoint when creating a host list. This value may change after saving the list if the instance is part of a cluster. -Connection Profile +**Connection Profile** The SQL Data Collector requires a specific set of permissions. For the MySQL Solution, the credentials configured in the Connection Profile must be able to access the MySQL Database. See the @@ -38,24 +38,27 @@ level. However, since this may not be the Connection Profile with the necessary assigned hosts, click the radio button for the Select one of the following user defined profiles option and select the appropriate Connection Profile drop-down menu. -Schedule Frequency +**Schedule Frequency** Daily -Run Order +**Run Order** The 0.Collection Job Group must be run first before running the other jobs and job groups. -**_RECOMMENDED:_** Run the solution at the top level: MySQL Job Group +:::info +Run the solution at the top level: MySQL Job Group +::: -Query Configuration + +**Query Configuration** This solution is designed to be run with the default query configurations. However, the MySQL_SensitiveDataScan Job query can be customized as needed. See the [Configure the SensitiveDataScan Query](/docs/accessanalyzer/11.6/solutions/databases/mysql/collection/mysql_sensitivedatascan.md#configure-the-sensitivedatascan-query) topic for additional information. -Analysis Configuration +**Analysis Configuration** This solution should be run with the default analysis configurations. These analysis tasks are preconfigured and should not be modified or deselected. @@ -63,4 +66,7 @@ preconfigured and should not be modified or deselected. Disabling obsolete or run-desired jobs allows the solution to run more efficiently. To disable a job or job group, right-click on the item and select Disable Job. -**_RECOMMENDED:_** Do not delete any jobs. Instead, jobs should be disabled. +:::info +Do not delete any jobs. Instead, jobs should be disabled. + +::: diff --git a/docs/accessanalyzer/11.6/solutions/databases/mysql/sensitivedata/mysql_sensitivedata.md b/docs/accessanalyzer/11.6/solutions/databases/mysql/sensitivedata/mysql_sensitivedata.md index 7dce72c02c..535d6476dc 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/mysql/sensitivedata/mysql_sensitivedata.md +++ b/docs/accessanalyzer/11.6/solutions/databases/mysql/sensitivedata/mysql_sensitivedata.md @@ -14,8 +14,11 @@ discovered in the targeted MySQL servers based on the selected scan criteria. Navigate to the **Jobs > MySQL > Sensitive Data > MySQL_SensitiveData > Configure** node and select Analysis to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/mysql/sensitivedata/analysismysqlsensitivedata.webp) @@ -28,7 +31,8 @@ The default analysis tasks are: In addition to the tables and views created the analysis task, the MySQL_SensitiveData Job produces the following pre-configured reports. -| Report | Description | Default Tags | Report Elements | -| ----------------------- | ---------------------------------------------------------------------------- | -------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Enterprise Summary | This report shows a summary of the criteria matches found in the Enterprise. | | This report is comprised of two elements: - Bar Chart - Displays exceptions by match count - Table - Displays exception details | -| Sensitive Data Overview | This report highlights objects which contain sensitive data criteria. | Sensitive Data | This report is comprised of three elements: - Bar Chart - Displays top databases by Sensitive Data Hits - Table - Provides details on top databases by sensitive data - Table - Provides details on sensitive data | +| Report | Description | Default Tags | Report Elements | +| ----------------------- | ---------------------------------------------------------------------------- | -------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Enterprise Summary | This report shows a summary of the criteria matches found in the Enterprise. | | This report is comprised of two elements:
  • Bar Chart
  • Displays exceptions by match count
  • Table
  • Displays exception details
| +| Sensitive Data Overview | This report highlights objects which contain sensitive data criteria. | Sensitive Data | This report is comprised of three elements:
  • Bar Chart
  • Displays top databases by Sensitive Data Hits
  • Table
  • Provides details on top databases by sensitive data
  • Table
  • Provides details on sensitive data
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/mysql/sensitivedata/mysql_sensitivedatapermissions.md b/docs/accessanalyzer/11.6/solutions/databases/mysql/sensitivedata/mysql_sensitivedatapermissions.md index e0ca9c9c69..d98a8adeb1 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/mysql/sensitivedata/mysql_sensitivedatapermissions.md +++ b/docs/accessanalyzer/11.6/solutions/databases/mysql/sensitivedata/mysql_sensitivedatapermissions.md @@ -15,8 +15,11 @@ based on the selected scan criteria. Navigate to the **Jobs > MySQL > Sensitive Data > MySQL_SensitiveDataPermissions > Configure** node and select Analysis to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/mysql/sensitivedata/analysismysqlsensitivedatapermission.webp) @@ -30,6 +33,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the MySQL_SensitiveDataPermissions Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| -------------------------- | ----------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Sensitive Data Permissions | This report highlights sensitive data permissions in the audited environment. | None | This report is comprised of three elements: - Bar Chart – Displays top databases by permission count - Table – Provides details on database permission summary - Table – Provides details on sensitive data permission details | +| Report | Description | Default Tags | Report Elements | +| -------------------------- | ----------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Sensitive Data Permissions | This report highlights sensitive data permissions in the audited environment. | None | This report is comprised of three elements:
  • Bar Chart – Displays top databases by permission count
  • Table – Provides details on database permission summary
  • Table – Provides details on sensitive data permission details
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/oracle/activity/oracle_activity.md b/docs/accessanalyzer/11.6/solutions/databases/oracle/activity/oracle_activity.md index 1855e9515b..fcbf95375a 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/oracle/activity/oracle_activity.md +++ b/docs/accessanalyzer/11.6/solutions/databases/oracle/activity/oracle_activity.md @@ -14,8 +14,11 @@ servers and instances based on Oracle Unified Audit settings. Navigate to the **Oracle** > **2.Activity** > **Oracle_Activity** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/oracle/activity/jobgroup26.webp) @@ -31,6 +34,7 @@ The default analysis tasks are: In addition to the tables and views created the analysis task, the Oracle_Activity Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| --------------------- | ---------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| User Activity Summary | This report lists all Oracle events, and summarizes them by database and instance. | None | This report is comprised of three elements: - Bar Chart – Displays users with most events by instance - Table – Provides details on users with most events by instance - Table – Provides details on event details | +| Report | Description | Default Tags | Report Elements | +| --------------------- | ---------------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| User Activity Summary | This report lists all Oracle events, and summarizes them by database and instance. | None | This report is comprised of three elements:
  • Bar Chart – Displays users with most events by instance
  • Table – Provides details on users with most events by instance
  • Table – Provides details on event details
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/oracle/activity/oracle_logons.md b/docs/accessanalyzer/11.6/solutions/databases/oracle/activity/oracle_logons.md index d6dab9e008..1a4eb1e04d 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/oracle/activity/oracle_logons.md +++ b/docs/accessanalyzer/11.6/solutions/databases/oracle/activity/oracle_logons.md @@ -14,8 +14,11 @@ login activity across all targeted Oracle database servers. Navigate to the **Oracle** > **2.Activity** > **Oracle_Logons** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/oracle/activity/jobgroup27.webp) @@ -29,6 +32,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the Oracle_Logons Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ------------- | ----------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Logon Summary | This report outlines successful and failed logins over the last 30 days | None | This report is comprised of three elements: - Bar Chart – Displays top instances by failed logons - Table – Provides details on logon summary - Table – Provides details on logon details | +| Report | Description | Default Tags | Report Elements | +| ------------- | ----------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Logon Summary | This report outlines successful and failed logins over the last 30 days | None | This report is comprised of three elements:
  • Bar Chart – Displays top instances by failed logons
  • Table – Provides details on logon summary
  • Table – Provides details on logon details
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/oracle/activity/oracle_permissionchanges.md b/docs/accessanalyzer/11.6/solutions/databases/oracle/activity/oracle_permissionchanges.md index 7c5c4b618e..c6aaa6a9be 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/oracle/activity/oracle_permissionchanges.md +++ b/docs/accessanalyzer/11.6/solutions/databases/oracle/activity/oracle_permissionchanges.md @@ -15,8 +15,11 @@ permissions on database objects. Navigate to the **Oracle** > **2.Activity** > **Oracle_PermissionChanges** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/oracle/activity/jobgroup28.webp) @@ -31,6 +34,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis task, the Oracle_PermissionsChanges Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ---------------------------------- | ----------------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Permission Change Activity Summary | This report lists all permission change related Oracle events, and summarizes them by instance. | None | This report is comprised of three elements: - Bar Chart – Displays top instances by permission change activity - Table –  Provides details on instances by permission change activity - Table – Provides details on permission change details | +| Report | Description | Default Tags | Report Elements | +| ---------------------------------- | ----------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Permission Change Activity Summary | This report lists all permission change related Oracle events, and summarizes them by instance. | None | This report is comprised of three elements:
  • Bar Chart – Displays top instances by permission change activity
  • Table –  Provides details on instances by permission change activity
  • Table – Provides details on permission change details
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/oracle/activity/oracle_schemachanges.md b/docs/accessanalyzer/11.6/solutions/databases/oracle/activity/oracle_schemachanges.md index a321bc935e..f701ea3e9b 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/oracle/activity/oracle_schemachanges.md +++ b/docs/accessanalyzer/11.6/solutions/databases/oracle/activity/oracle_schemachanges.md @@ -14,8 +14,11 @@ across all database objects. Navigate to the **Oracle** > **2.Activity** > **Oracle_SchemaChanges** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/oracle/activity/jobgroup29.webp) @@ -30,6 +33,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis task, the Oracle_SchemaChanges Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ---------------------- | ------------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Schema Change Activity | This report lists all schema change related Oracle events, and summarizes them by instance. | None | This report is comprised of three elements: - Bar Chart – Displays top instances by schema change activity - Table –  Provides details on instances by schema change activity - Table – Provides details on schema change details | +| Report | Description | Default Tags | Report Elements | +| ---------------------- | ------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Schema Change Activity | This report lists all schema change related Oracle events, and summarizes them by instance. | None | This report is comprised of three elements:
  • Bar Chart – Displays top instances by schema change activity
  • Table –  Provides details on instances by schema change activity
  • Table – Provides details on schema change details
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/oracle/activity/oracle_sensitivedataactivity.md b/docs/accessanalyzer/11.6/solutions/databases/oracle/activity/oracle_sensitivedataactivity.md index 07ec6cc9a0..5d7b1abb66 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/oracle/activity/oracle_sensitivedataactivity.md +++ b/docs/accessanalyzer/11.6/solutions/databases/oracle/activity/oracle_sensitivedataactivity.md @@ -14,8 +14,11 @@ INSERT, DELETE, TRUNCATE) against objects containing sensitive data. Navigate to the **Oracle** > **2.Activity** > **Oracle_SensitiveDataActivity** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/oracle/activity/jobgroup30.webp) @@ -29,6 +32,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the Oracle_SensitiveDataActivity Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ----------------------- | --------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Sensitive Data Activity | This report highlights events in databases containing sensitive data. | None | This report is comprised of three elements: - Bar Chart – Displays top users by instance - Table – Provides details on user activity by instance - Table – Provides details on sensitive data activity details by database | +| Report | Description | Default Tags | Report Elements | +| ----------------------- | --------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Sensitive Data Activity | This report highlights events in databases containing sensitive data. | None | This report is comprised of three elements:
  • Bar Chart – Displays top users by instance
  • Table – Provides details on user activity by instance
  • Table – Provides details on sensitive data activity details by database
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/oracle/activity/oracle_suspiciousactivity.md b/docs/accessanalyzer/11.6/solutions/databases/oracle/activity/oracle_suspiciousactivity.md index 4d3d9c0542..e5a786a807 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/oracle/activity/oracle_suspiciousactivity.md +++ b/docs/accessanalyzer/11.6/solutions/databases/oracle/activity/oracle_suspiciousactivity.md @@ -14,8 +14,11 @@ user activity that does not conform to normal database activity. Navigate to the **Oracle** > **2.Activity** > **Oracle_SuspiciousActivity** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/oracle/activity/jobgroup31.webp) @@ -31,6 +34,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis task, the Oracle_SuspiciousActivity Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ------------------- | ---------------------------------------------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Suspicious Activity | This report highlights the number of suspicious events found per instance as well as provides the details about those events | None | This report is comprised of three elements: - Bar Chart – Displays suspicious activity by instance - Table –  Provides details on suspicious activity by instance - Table – Provides details on suspicious activity details | +| Report | Description | Default Tags | Report Elements | +| ------------------- | ---------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Suspicious Activity | This report highlights the number of suspicious events found per instance as well as provides the details about those events | None | This report is comprised of three elements:
  • Bar Chart – Displays suspicious activity by instance
  • Table –  Provides details on suspicious activity by instance
  • Table – Provides details on suspicious activity details
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/oracle/activity/oracle_unusualactivity.md b/docs/accessanalyzer/11.6/solutions/databases/oracle/activity/oracle_unusualactivity.md index 14770bb29c..4e1ca9e484 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/oracle/activity/oracle_unusualactivity.md +++ b/docs/accessanalyzer/11.6/solutions/databases/oracle/activity/oracle_unusualactivity.md @@ -15,8 +15,11 @@ based on a modified z-score. Modified z-scores of 3.5 or over are considered pos Navigate to the **Oracle** > **2.Activity** > **Oracle_UnusualActivity** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/oracle/activity/jobgroup32.webp) @@ -31,6 +34,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis task, the Oracle_UnusualActivity Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ----------------------- | -------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Unusual Hourly Activity | This report highlights the number of unusual events found per instance, hourly as well as provides details on those events | None | This report is comprised of three elements: - Bar Chart – Displays unusual user activity - Table – Provides details on number of outliers per instance - Table – Provides details on unusual user activity details | +| Report | Description | Default Tags | Report Elements | +| ----------------------- | -------------------------------------------------------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Unusual Hourly Activity | This report highlights the number of unusual events found per instance, hourly as well as provides details on those events | None | This report is comprised of three elements:
  • Bar Chart – Displays unusual user activity
  • Table – Provides details on number of outliers per instance
  • Table – Provides details on unusual user activity details
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/oracle/collection/0-oracle_servers.md b/docs/accessanalyzer/11.6/solutions/databases/oracle/collection/0-oracle_servers.md index 4f5aee471f..98fb8ef649 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/oracle/collection/0-oracle_servers.md +++ b/docs/accessanalyzer/11.6/solutions/databases/oracle/collection/0-oracle_servers.md @@ -13,7 +13,10 @@ running on the targeted servers. The Server Discovery query uses the PowerShell Data Collector for the following query: -**CAUTION:** Do not modify the query. The query is preconfigured for this job. +:::warning +Do not modify the query. The query is preconfigured for this job. +::: + ![Query Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/oracle/collection/jobgroup3.webp) @@ -31,8 +34,11 @@ topic for additional information. Navigate to the **Databases** > **0.Collection** > **Oracle** > **0-Oracle_Servers** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/oracle/collection/jobgroup4.webp) diff --git a/docs/accessanalyzer/11.6/solutions/databases/oracle/collection/1-oracle_permissionsscan.md b/docs/accessanalyzer/11.6/solutions/databases/oracle/collection/1-oracle_permissionsscan.md index 8cbec9feaf..653bb793b7 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/oracle/collection/1-oracle_permissionsscan.md +++ b/docs/accessanalyzer/11.6/solutions/databases/oracle/collection/1-oracle_permissionsscan.md @@ -31,8 +31,11 @@ Properties. The Query Properties window opens. **Step 3 –** Select the Data Source tab and click Configure. The SQL Data Collector wizard opens. -**CAUTION:** Do not make changes to wizard pages not listed in these steps. They have been +:::warning +Do not make changes to wizard pages not listed in these steps. They have been pre-configured for this job. +::: + ![Filter Page](/img/product_docs/accessanalyzer/11.6/solutions/databases/oracle/collection/1oraclepermissionscanjobqueryfilter.webp) @@ -55,8 +58,11 @@ The 1-Oracle_PermissionsScan Job is now ready to run with the customized setting Navigate to the **Databases** > **0.Collection** > **Oracle** > **1-Oracle_PermissionsScan** > **Configure** node and select Analysis to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/oracle/collection/jobgroup8.webp) diff --git a/docs/accessanalyzer/11.6/solutions/databases/oracle/collection/2-oracle_sensitivedatascan.md b/docs/accessanalyzer/11.6/solutions/databases/oracle/collection/2-oracle_sensitivedatascan.md index 3cacd1b4a7..69676becd6 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/oracle/collection/2-oracle_sensitivedatascan.md +++ b/docs/accessanalyzer/11.6/solutions/databases/oracle/collection/2-oracle_sensitivedatascan.md @@ -9,7 +9,7 @@ sidebar_position: 30 The 2-Oracle_SensitiveDataScan Job discovers sensitive data in Oracle databases across all targeted Oracle database servers based on pre-defined or user-defined search criteria. -Special Dependency +**Special Dependency** - Sensitive Data Discovery Add-On installed on the Enterprise Auditor Console server - See the @@ -19,8 +19,11 @@ Special Dependency [Sensitive Data Discovery Add-On](/docs/accessanalyzer/11.6/sensitivedatadiscovery/overview.md) topic for additional information. -**NOTE:** Though the job is visible within the console, it requires an additional installer package +:::note +Though the job is visible within the console, it requires an additional installer package before data collection will occur. +::: + ## Query for the 2-Oracle_SensitiveDataScan Job @@ -44,8 +47,11 @@ Properties. The Query Properties window opens. **Step 3 –** Select the Data Source tab and click Configure. The SQL Data Collector wizard opens. -**CAUTION:** Do not make changes to wizard pages not listed in these steps. They have been +:::warning +Do not make changes to wizard pages not listed in these steps. They have been pre-configured for this job. +::: + ![Sensitive Data Scan Settings](/img/product_docs/accessanalyzer/11.6/solutions/databases/oracle/collection/optionspage.webp) @@ -78,8 +84,11 @@ The 2-Oracle_SensitiveDataScan Job is now ready to run with the customized setti Navigate to the **Databases** > **0.Collection** > **Oracle** > **2-Oracle_SensitiveDataScan** > **Configure** node and select Analysis to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/oracle/collection/jobgroup13.webp) diff --git a/docs/accessanalyzer/11.6/solutions/databases/oracle/collection/3-oracle_activityscan.md b/docs/accessanalyzer/11.6/solutions/databases/oracle/collection/3-oracle_activityscan.md index 316b4da2e6..aeda67c686 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/oracle/collection/3-oracle_activityscan.md +++ b/docs/accessanalyzer/11.6/solutions/databases/oracle/collection/3-oracle_activityscan.md @@ -8,7 +8,7 @@ sidebar_position: 40 The 3-Oracle_ActivityScan Job captures user activity from all the targeted Oracle database servers. -Special Dependency +**Special Dependency** - Oracle Server Audit Specifications to be configured on the target databases - Audit destination must be a binary file @@ -38,8 +38,11 @@ Properties. The Query Properties window opens. **Step 3 –** Select the Data Source tab and click Configure. The SQL Data Collector wizard opens. -**CAUTION:** Do not make changes to wizard pages not listed in these steps. They have been +:::warning +Do not make changes to wizard pages not listed in these steps. They have been pre-configured for this job. +::: + ![Sensitive Data Scan Settings](/img/product_docs/accessanalyzer/11.6/solutions/databases/oracle/collection/optionspage.webp) @@ -67,8 +70,11 @@ The 3-Oracle_ActivityScan Job is now ready to run with the customized settings. Navigate to the **Databases** > **0.Collection** > **Oracle** > **3-Oracle_ActivityScan** > **Configure** node and select Analysis to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/oracle/collection/jobgroup16.webp) diff --git a/docs/accessanalyzer/11.6/solutions/databases/oracle/collection/4-oracle_defaultpasswordusers.md b/docs/accessanalyzer/11.6/solutions/databases/oracle/collection/4-oracle_defaultpasswordusers.md index 0ee4b0ac4a..f7d695b042 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/oracle/collection/4-oracle_defaultpasswordusers.md +++ b/docs/accessanalyzer/11.6/solutions/databases/oracle/collection/4-oracle_defaultpasswordusers.md @@ -32,8 +32,11 @@ Query Properties. The Query Properties window opens. **Step 3 –** Select the Data Source tab and click Configure. The SQL Data Collector wizard opens. -**CAUTION:** Do not make changes to wizard pages not listed in these steps. They have been +:::warning +Do not make changes to wizard pages not listed in these steps. They have been pre-configured for this job. +::: + ![Filters Page](/img/product_docs/accessanalyzer/11.6/solutions/databases/oracle/collection/4oracledefaultpasswordsfilterpage.webp) diff --git a/docs/accessanalyzer/11.6/solutions/databases/oracle/collection/5-oracle_configuration.md b/docs/accessanalyzer/11.6/solutions/databases/oracle/collection/5-oracle_configuration.md index 40bfd3e978..437c216c3d 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/oracle/collection/5-oracle_configuration.md +++ b/docs/accessanalyzer/11.6/solutions/databases/oracle/collection/5-oracle_configuration.md @@ -33,8 +33,11 @@ The Query Properties window opens. **Step 3 –** Select the Data Source tab and click Configure. The SQL Data Collector wizard opens. -**CAUTION:** Do not make changes to wizard pages not listed in these steps. They have been +:::warning +Do not make changes to wizard pages not listed in these steps. They have been pre-configured for this job. +::: + ![Filters page](/img/product_docs/accessanalyzer/11.6/solutions/databases/oracle/collection/5oracleconfigjobqueryfilterpage.webp) diff --git a/docs/accessanalyzer/11.6/solutions/databases/oracle/configuration/oracle_databaselinks.md b/docs/accessanalyzer/11.6/solutions/databases/oracle/configuration/oracle_databaselinks.md index 9d40945b02..e1510e89c1 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/oracle/configuration/oracle_databaselinks.md +++ b/docs/accessanalyzer/11.6/solutions/databases/oracle/configuration/oracle_databaselinks.md @@ -14,8 +14,11 @@ listed Oracle Server is able to execute remote commands. Navigate to the **Jobs >  Databases > Oracle > 4.Configuration > Oracle_DatabaseLinks Job >Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/oracle/configuration/analysisdblinks.webp) @@ -27,6 +30,7 @@ The default analysis tasks are: In addition to the tables created by the analysis tasks, the **Oracle_DatabaseLinks Job** produces the following preconfigured report: -| Report | Description | Default Tags | Report Elements | -| -------------- | -------------------------------------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Database Links | This report highlights Database Links where the listed Oracle Server is able to execute remote commands. | None | This report is comprised of three elements: - Bar Chart – Provides information on top five database links by instance - Bar Chart – Provides information on database links by instance (GB) - Table – Provides details on database links | +| Report | Description | Default Tags | Report Elements | +| -------------- | -------------------------------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Database Links | This report highlights Database Links where the listed Oracle Server is able to execute remote commands. | None | This report is comprised of three elements:
  • Bar Chart – Provides information on top five database links by instance
  • Bar Chart – Provides information on database links by instance (GB)
  • Table – Provides details on database links
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/oracle/configuration/oracle_databasesizing.md b/docs/accessanalyzer/11.6/solutions/databases/oracle/configuration/oracle_databasesizing.md index a959ac4f4f..3ae205f742 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/oracle/configuration/oracle_databasesizing.md +++ b/docs/accessanalyzer/11.6/solutions/databases/oracle/configuration/oracle_databasesizing.md @@ -14,8 +14,11 @@ sizes. Navigate to the **Jobs >  Databases > Oracle > 4.Configuration > Oracle_DatabaseSizing Job >Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/oracle/configuration/analysisdbsizing.webp) @@ -27,6 +30,7 @@ The default analysis tasks are: In addition to the tables created by the analysis tasks, the **Oracle_DatabaseSizing Job** produces the following preconfigured report: -| Report | Description | Default Tags | Report Elements | -| --------------- | -------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Database Sizing | This report highlights the size of tablespace files in Oracle. | None | This report is comprised of three elements: - Bar Chart – Provides information on top tablespaces by size - Bar Chart – Provides information on size by host (GB) - Table – Provides details on database sizes | +| Report | Description | Default Tags | Report Elements | +| --------------- | -------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Database Sizing | This report highlights the size of tablespace files in Oracle. | None | This report is comprised of three elements:
  • Bar Chart – Provides information on top tablespaces by size
  • Bar Chart – Provides information on size by host (GB)
  • Table – Provides details on database sizes
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/oracle/configuration/oracle_datadictionaryprotection.md b/docs/accessanalyzer/11.6/solutions/databases/oracle/configuration/oracle_datadictionaryprotection.md index 4411a81543..8e84523861 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/oracle/configuration/oracle_datadictionaryprotection.md +++ b/docs/accessanalyzer/11.6/solutions/databases/oracle/configuration/oracle_datadictionaryprotection.md @@ -16,8 +16,11 @@ needed. Navigate to the **Jobs >  Databases > Oracle > 4.Configuration > Oracle_DataDictionaryProtection > Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/oracle/configuration/analysisddprotection.webp) @@ -33,6 +36,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis task, the **Oracle_DataDictionaryProtection Job** produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ----------------------------- | ------------------------------------------------------------------------------------------------------ | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Data Dictionary Accessibility | The report highlights the number of instances with either accessible or inaccessible data dictionaries | None | This report is comprised of two elements: - Pie Chart – Displays data dictionary accessibility - Table – Provides information on dictionary accessibility details | +| Report | Description | Default Tags | Report Elements | +| ----------------------------- | ------------------------------------------------------------------------------------------------------ | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Data Dictionary Accessibility | The report highlights the number of instances with either accessible or inaccessible data dictionaries | None | This report is comprised of two elements:
  • Pie Chart – Displays data dictionary accessibility
  • Table – Provides information on dictionary accessibility details
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/oracle/configuration/oracle_instancenameissues.md b/docs/accessanalyzer/11.6/solutions/databases/oracle/configuration/oracle_instancenameissues.md index f69a658ea5..36cdb5f085 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/oracle/configuration/oracle_instancenameissues.md +++ b/docs/accessanalyzer/11.6/solutions/databases/oracle/configuration/oracle_instancenameissues.md @@ -15,8 +15,11 @@ V-61413 – Oracle instance name or SID should not contain Oracle version number Navigate to the **Jobs > Databases > Oracle > 4.Configuration > Oracle_InstanceNameIssues > Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/oracle/configuration/analysisinstancenameissues.webp) @@ -31,6 +34,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis task, the **Oracle_InstanceNameIssues Job** produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| -------------------- | ---------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Instance Name Issues | This report highlights default instance names or those containing version numbers. | None | This report is comprised of two elements: - Pie Chart – Displays percentage of instance names with issues - Table – Provides details of instance issues | +| Report | Description | Default Tags | Report Elements | +| -------------------- | ---------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Instance Name Issues | This report highlights default instance names or those containing version numbers. | None | This report is comprised of two elements:
  • Pie Chart – Displays percentage of instance names with issues
  • Table – Provides details of instance issues
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/oracle/configuration/oracle_remoteosauthentication.md b/docs/accessanalyzer/11.6/solutions/databases/oracle/configuration/oracle_remoteosauthentication.md index f3e08a1453..961c1d7717 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/oracle/configuration/oracle_remoteosauthentication.md +++ b/docs/accessanalyzer/11.6/solutions/databases/oracle/configuration/oracle_remoteosauthentication.md @@ -14,8 +14,11 @@ for the targeted Oracle database servers. Navigate to the **Jobs > Databases > Oracle > 4.Configuration > Oracle_RemoteOSAuthentication > Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/oracle/configuration/analysisremoteosauth.webp) @@ -31,6 +34,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis task, the Oracle_RemoteOSAuthentication Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ------------------------------- | ------------------------------------------------------------------------------------------ | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Oracle Remote OS Authentication | This report shows the number of instances that have remote_os_auth parameter set to “TRUE” | None | This report is comprised of two elements: - Pie Chart – Displays remote OS authentication - Table – Provides information on remote OS authentication details | +| Report | Description | Default Tags | Report Elements | +| ------------------------------- | ------------------------------------------------------------------------------------------ | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Oracle Remote OS Authentication | This report shows the number of instances that have remote_os_auth parameter set to “TRUE” | None | This report is comprised of two elements:
  • Pie Chart – Displays remote OS authentication
  • Table – Provides information on remote OS authentication details
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/oracle/oracle_securityassessment.md b/docs/accessanalyzer/11.6/solutions/databases/oracle/oracle_securityassessment.md index b6b565777e..38cf0147a8 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/oracle/oracle_securityassessment.md +++ b/docs/accessanalyzer/11.6/solutions/databases/oracle/oracle_securityassessment.md @@ -27,6 +27,7 @@ The default analysis task is: In addition to the tables and views created by the analysis task, the Oracle_SecurityAssessment Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| -------------------------- | ----------------------------------------------------------------------------- | ------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Oracle Security Assessment | This report summarizes security related results from the Oracle solution set. | Security Assessment | This report is comprised of four elements: - Table – Provides information on the scope of the audit - Pie Chart – Displays remote OS authentication - Table – Displays findings by category - Table – Provides details of the security assessment | +| Report | Description | Default Tags | Report Elements | +| -------------------------- | ----------------------------------------------------------------------------- | ------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Oracle Security Assessment | This report summarizes security related results from the Oracle solution set. | Security Assessment | This report is comprised of four elements:
  • Table – Provides information on the scope of the audit
  • Pie Chart – Displays remote OS authentication
  • Table – Displays findings by category
  • Table – Provides details of the security assessment
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/oracle/overview.md b/docs/accessanalyzer/11.6/solutions/databases/oracle/overview.md index d0d3180c6d..93b90a8d39 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/oracle/overview.md +++ b/docs/accessanalyzer/11.6/solutions/databases/oracle/overview.md @@ -32,31 +32,34 @@ The Oracle Solution requires a special Enterprise Auditor license. The Database includes all supported database platforms supported by Enterprise Auditor. Additionally, the Sensitive Data Discovery Add-On enables the solution to search database content for sensitive data. -Supported Platforms +**Supported Platforms** - Oracle Database 12c - Oracle Database 18c - Oracle Database 19c -Requirements, Permissions, and Ports +**Requirements, Permissions, and Ports** See the -[Target Oracle Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/databases/databaseoracle/databaseoracle.md) +[Target Oracle Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/databases/oracle/oracle.md) topic for additional information. -Sensitive Data Discovery Considerations +**Sensitive Data Discovery Considerations** If running Sensitive Data Discovery (SDD) scans, it will be necessary to increase the minimum amount of RAM. Each thread requires a minimum of 2 additional GB of RAM per host.For example, if the job is configured to scan 8 hosts at a time , then an extra 16 GB of RAM are required (8x2=16). -**NOTE:** The Sensitive Data Discovery Add-on installation package installs the appropriate JDK +:::note +The Sensitive Data Discovery Add-on installation package installs the appropriate JDK (Java) version on the server. The JDK deployed is prepackaged and does not require any configuration; it has been preconfigured to work with Enterprise Auditor and should never be customized through Java. It will not conflict with other JDKs or Java Runtimes in the same environment. +::: -Location + +**Location** The Oracle Solution requires a special Enterprise Auditor license. It can be installed from the Enterprise Auditor Instant Job Wizard. Once it has been installed into the Jobs tree, navigate to diff --git a/docs/accessanalyzer/11.6/solutions/databases/oracle/permissions/oracle_domainuserpermissions.md b/docs/accessanalyzer/11.6/solutions/databases/oracle/permissions/oracle_domainuserpermissions.md index 6eb69ffbdd..d2255b891e 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/oracle/permissions/oracle_domainuserpermissions.md +++ b/docs/accessanalyzer/11.6/solutions/databases/oracle/permissions/oracle_domainuserpermissions.md @@ -14,8 +14,11 @@ accesses to Oracle database objects both at the instance and object level. Navigate to the **Oracle** > **3.Permissions** > **Oracle_DomainUserPermissions** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/oracle/permissions/jobgroup34.webp) @@ -29,6 +32,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the Oracle_DomainUserPermissions Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ------------------ | --------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Domain User Access | This report looks at permissions granted to domain users across the audited environment | None | This report is comprised of three elements: - Bar Chart – Displays top users by instance count - Table – Provides details on access sprawl - Table – Provides information on permission details | +| Report | Description | Default Tags | Report Elements | +| ------------------ | --------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Domain User Access | This report looks at permissions granted to domain users across the audited environment | None | This report is comprised of three elements:
  • Bar Chart – Displays top users by instance count
  • Table – Provides details on access sprawl
  • Table – Provides information on permission details
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/oracle/permissions/oracle_objectpermissions.md b/docs/accessanalyzer/11.6/solutions/databases/oracle/permissions/oracle_objectpermissions.md index 1367576539..f00949ea24 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/oracle/permissions/oracle_objectpermissions.md +++ b/docs/accessanalyzer/11.6/solutions/databases/oracle/permissions/oracle_objectpermissions.md @@ -14,8 +14,11 @@ in targeted Oracle database servers. Navigate to the **Oracle** > **3.Permissions** > **Oracle_ObjectPermissions** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/oracle/permissions/jobgroup35.webp) @@ -29,6 +32,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis task, the Oracle_ObjectPermissions Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ------------------------- | ----------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Oracle Object Permissions | This report highlights Object permissions and summarizes them by instance and domain user | None | This report is comprised of three elements: - Bar Chart – Displays top instances by object permissions - Table –  Provides details on instances by object permission count - Table – Provides details on object permissions | +| Report | Description | Default Tags | Report Elements | +| ------------------------- | ----------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Oracle Object Permissions | This report highlights Object permissions and summarizes them by instance and domain user | None | This report is comprised of three elements:
  • Bar Chart – Displays top instances by object permissions
  • Table –  Provides details on instances by object permission count
  • Table – Provides details on object permissions
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/oracle/permissions/oracle_publicpermissions.md b/docs/accessanalyzer/11.6/solutions/databases/oracle/permissions/oracle_publicpermissions.md index d63cbb4c9c..5549681c16 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/oracle/permissions/oracle_publicpermissions.md +++ b/docs/accessanalyzer/11.6/solutions/databases/oracle/permissions/oracle_publicpermissions.md @@ -14,8 +14,11 @@ targeted Oracle database servers. Navigate to the **Oracle** > **3.Permissions** > **Oracle_PublicPermissions** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/oracle/permissions/jobgroup36.webp) @@ -29,6 +32,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis task, the Oracle_PublicPermissions Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ------------------ | ------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Public Permissions | This report highlights public permissions and summarizes them by instance | None | This report is comprised of three elements: - Bar Chart – Displays top instances by public permission - Table – Provides details on instances by public permission count - Table – Provides details on public permission details | +| Report | Description | Default Tags | Report Elements | +| ------------------ | ------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Public Permissions | This report highlights public permissions and summarizes them by instance | None | This report is comprised of three elements:
  • Bar Chart – Displays top instances by public permission
  • Table – Provides details on instances by public permission count
  • Table – Provides details on public permission details
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/oracle/permissions/oracle_serverpermissions.md b/docs/accessanalyzer/11.6/solutions/databases/oracle/permissions/oracle_serverpermissions.md index 05a44e1eba..f9806a76bd 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/oracle/permissions/oracle_serverpermissions.md +++ b/docs/accessanalyzer/11.6/solutions/databases/oracle/permissions/oracle_serverpermissions.md @@ -14,8 +14,11 @@ effective database level permissions across all audited Oracle database servers. Navigate to the **Oracle** > **3.Permissions** > **Oracle_ServerPermissions** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/oracle/permissions/jobgroup37.webp) @@ -29,6 +32,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis task, the Oracle_ServerPermissions Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ------------------ | ------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Server Permissions | This report highlights server permissions and summarizes them by instance | None | This report is comprised of three elements: - Bar Chart – Displays top instances by server permissions - Table – Provides details on instances by server permission count - Table – Provides details on server permissions | +| Report | Description | Default Tags | Report Elements | +| ------------------ | ------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Server Permissions | This report highlights server permissions and summarizes them by instance | None | This report is comprised of three elements:
  • Bar Chart – Displays top instances by server permissions
  • Table – Provides details on instances by server permission count
  • Table – Provides details on server permissions
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/oracle/permissions/oracle_sysschemapermissions.md b/docs/accessanalyzer/11.6/solutions/databases/oracle/permissions/oracle_sysschemapermissions.md index 3918288eb3..7f84eb8de8 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/oracle/permissions/oracle_sysschemapermissions.md +++ b/docs/accessanalyzer/11.6/solutions/databases/oracle/permissions/oracle_sysschemapermissions.md @@ -14,8 +14,11 @@ SYS schema, and the type permissions to those objects across all audited Oracle Navigate to the **Oracle** > **3.Permissions** > **Oracle_SysSchemaPermissions** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/oracle/permissions/jobgroup38.webp) @@ -29,6 +32,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the Oracle_SysSchemaPermissions Job produces the following pre-configured reports. -| Report | Description | Default Tags | Report Elements | -| ---------------------- | ---------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| SYS Schema Permissions | This report highlights SYS schema permissions across the audited environment | None | This report is comprised of three elements: - Bar Chart – Displays sys schema permission by instance - Table – Provides details on sys schema permissions by instance - Table – Provides details on sys schema permission details | +| Report | Description | Default Tags | Report Elements | +| ---------------------- | ---------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| SYS Schema Permissions | This report highlights SYS schema permissions across the audited environment | None | This report is comprised of three elements:
  • Bar Chart – Displays sys schema permission by instance
  • Table – Provides details on sys schema permissions by instance
  • Table – Provides details on sys schema permission details
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/oracle/recommended.md b/docs/accessanalyzer/11.6/solutions/databases/oracle/recommended.md index a7f228804e..5a2f716055 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/oracle/recommended.md +++ b/docs/accessanalyzer/11.6/solutions/databases/oracle/recommended.md @@ -11,7 +11,7 @@ is best practice to assign the host list and the Connection Profile at the data 0.Collection Job Group. Once these are assigned to the job group, it can be run directly or scheduled. -Dependencies +**Dependencies** - .Active Directory Inventory Job Group run successfully - For Activity Auditing – Oracle Server audit specifications to be configured on the target @@ -25,7 +25,7 @@ SA_SQL_Instances table to be populated before attempting to scope the queries. T 0-Oracle_Servers job must be executed before attempting to scope the rest of the 0.Collection Job Group queries. -Targeted Host(s) +**Targeted Host(s)** The 0.Collection Job Group must be set to run against the following dynamic host list: @@ -35,7 +35,7 @@ Default dynamic host lists are populated from hosts in the Host Master Table whi inventory criteria for the list. Ensure the appropriate host list(s) have been populated through host inventory results. -Connection Profile +**Connection Profile** The SQL Data Collector requires a specific set of permissions. The account used can be either an Active Directory account or an Oracle account. @@ -75,24 +75,27 @@ See the [Connection](/docs/accessanalyzer/11.6/admin/settings/connection/overview.md) topic for additional information. -Schedule Frequency +**Schedule Frequency** One of the most important decisions to make is how frequently to collect this data. The Oracle Job Group can be scheduled to run as desired depending on the types of auditing being conducted and the scope of the target environment. The general recommendation is to schedule the solution to run daily. -Run Order +**Run Order** The 0-Oracle_Servers Job within the Oracle 0.Collection Job Group must be run first, before running the rest of the jobs. -**_RECOMMENDED:_** Run the solution at the top level: Oracle Job Group +:::info +Run the solution at the top level: Oracle Job Group +::: + The other job groups in the Jobs > Databases > Oracle Job Group can be run in any order only after running the 0.Collection Job Group. -Query Configuration +**Query Configuration** This solution is designed to be run with the default query configurations. However, the following SQL Data Collector configurations can be modified if desired: @@ -114,10 +117,13 @@ SQL Data Collector configurations can be modified if desired: - 4-Oracle_DefaultPasswordUsers Job - 5-Oracle_Configuration Job - **_RECOMMENDED:_** For reporting purposes, scope all queries to target the same + :::info + For reporting purposes, scope all queries to target the same databases/instances if applying a scope. + ::: + -Analysis Configuration +**Analysis Configuration** This solution should be run with the default analysis configurations. These analysis tasks are preconfigured and should not be modified or deselected! @@ -125,9 +131,12 @@ preconfigured and should not be modified or deselected! Remember, disabling obsolete or un-desired jobs allows the solution to run more efficiently. To disable a job or job group, right-click on the item and select Disable Job. -**_RECOMMENDED:_** Do not delete any jobs. Instead, jobs should be disabled. +:::info +Do not delete any jobs. Instead, jobs should be disabled. +::: + -Workflow +**Workflow** 1. Set a Connection Profile for the 0.Collection Job Group with the permissions listed in the Recommended Configurations section. See the diff --git a/docs/accessanalyzer/11.6/solutions/databases/oracle/sensitivedata/oracle_sensitivedata.md b/docs/accessanalyzer/11.6/solutions/databases/oracle/sensitivedata/oracle_sensitivedata.md index 23430f11a8..10193920d5 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/oracle/sensitivedata/oracle_sensitivedata.md +++ b/docs/accessanalyzer/11.6/solutions/databases/oracle/sensitivedata/oracle_sensitivedata.md @@ -14,8 +14,11 @@ discovered in targeted Oracle database servers based on selected scan criteria. Navigate to the **Oracle > 5.Sensitve Data > Oracle_SensitveData > Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/oracle/sensitivedata/jobgroup44.webp) @@ -31,7 +34,8 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the **Oracle_SensitveData Job** produces the following pre-configured reports. -| Report | Description | Default Tags | Report Elements | -| ----------------------- | --------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Enterprise Summary | This report shows a summary of the criteria matches found in the Enterprise | None | This report is comprised of two elements: - Pie Chart – Displays exceptions by match count - Table – Provides information on exception details | -| Sensitive Data Overview | This report highlights objects which contain sensitive data criteria | None | This report is comprised of three elements: - Bar Chart – Displays top instances by sensitive data hits - Table – Provides details on instances with sensitive data - Table – Provides information on sensitive data details | +| Report | Description | Default Tags | Report Elements | +| ----------------------- | --------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Enterprise Summary | This report shows a summary of the criteria matches found in the Enterprise | None | This report is comprised of two elements:
  • Pie Chart – Displays exceptions by match count
  • Table – Provides information on exception details
| +| Sensitive Data Overview | This report highlights objects which contain sensitive data criteria | None | This report is comprised of three elements:
  • Bar Chart – Displays top instances by sensitive data hits
  • Table – Provides details on instances with sensitive data
  • Table – Provides information on sensitive data details
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/oracle/sensitivedata/oracle_sensitivedatapermissions.md b/docs/accessanalyzer/11.6/solutions/databases/oracle/sensitivedata/oracle_sensitivedatapermissions.md index 4277298068..b8f1a9334d 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/oracle/sensitivedata/oracle_sensitivedatapermissions.md +++ b/docs/accessanalyzer/11.6/solutions/databases/oracle/sensitivedata/oracle_sensitivedatapermissions.md @@ -14,8 +14,11 @@ database objects containing sensitive data across all targeted Oracle database s Navigate to the **Oracle > 5.Sensitive Data > Oracle_SensitiveDataPermissions > Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/oracle/sensitivedata/jobgroup45.webp) @@ -29,6 +32,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis task, the **Oracle_SensitiveDataPermissions Job** produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| -------------------------- | ---------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Sensitive Data Permissions | This report highlights sensitive data permissions in the audited environment | None | This report is comprised of three elements: - Bar Chart – Displays top instances by permission count - Table – Provides details on instance permission summary - Table – Provides information on sensitive data permission details | +| Report | Description | Default Tags | Report Elements | +| -------------------------- | ---------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Sensitive Data Permissions | This report highlights sensitive data permissions in the audited environment | None | This report is comprised of three elements:
  • Bar Chart – Displays top instances by permission count
  • Table – Provides details on instance permission summary
  • Table – Provides information on sensitive data permission details
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/oracle/sensitivedata/overview.md b/docs/accessanalyzer/11.6/solutions/databases/oracle/sensitivedata/overview.md index 25307a8eab..9af2005551 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/oracle/sensitivedata/overview.md +++ b/docs/accessanalyzer/11.6/solutions/databases/oracle/sensitivedata/overview.md @@ -9,7 +9,7 @@ sidebar_position: 70 The 5.Sensitive Data Job Group is designed to provide insight into where sensitive data exists and who has access to said data across all targeted Oracle database servers. -Special Dependency for Data Collection +**Special Dependency for Data Collection** - Sensitive Data Discovery Add-On installed on the Enterprise Auditor Console server diff --git a/docs/accessanalyzer/11.6/solutions/databases/oracle/usersroles/oracle_passwordissues.md b/docs/accessanalyzer/11.6/solutions/databases/oracle/usersroles/oracle_passwordissues.md index 5c9b462050..7b533e9500 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/oracle/usersroles/oracle_passwordissues.md +++ b/docs/accessanalyzer/11.6/solutions/databases/oracle/usersroles/oracle_passwordissues.md @@ -14,7 +14,10 @@ passwords. The Oracle_PasswordIssues Job uses the PowerShell Data Collector for the following query: -**CAUTION:** Do not modify the query. The query is preconfigured for this job. +:::warning +Do not modify the query. The query is preconfigured for this job. +::: + ![Query Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/oracle/usersroles/jobgroup20.webp) @@ -30,8 +33,11 @@ topic for additional information. Navigate to the **Jobs** > **Oracle** > **1.Users and Roles** > **Oracle_PasswordIssues** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/oracle/usersroles/jobgroup21.webp) @@ -49,6 +55,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the Oracle_PasswordIssues Job produces the following pre-configured reports. -| Report | Description | Default Tags | Report Elements | -| -------------- | ---------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Weak Passwords | This report highlights users with weak passwords in the audited Oracle environment | None | This report is comprised of three elements: - Bar Chart – Displays password issues by instance - Table – Provides details on password issues by instance - Table – Provides information on password issue details | +| Report | Description | Default Tags | Report Elements | +| -------------- | ---------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Weak Passwords | This report highlights users with weak passwords in the audited Oracle environment | None | This report is comprised of three elements:
  • Bar Chart – Displays password issues by instance
  • Table – Provides details on password issues by instance
  • Table – Provides information on password issue details
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/oracle/usersroles/oracle_rolemembers.md b/docs/accessanalyzer/11.6/solutions/databases/oracle/usersroles/oracle_rolemembers.md index 341a0c54fc..a5255b5c64 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/oracle/usersroles/oracle_rolemembers.md +++ b/docs/accessanalyzer/11.6/solutions/databases/oracle/usersroles/oracle_rolemembers.md @@ -14,8 +14,11 @@ all targeted Oracle database servers. Navigate to the **Oracle** > **1.Users and Roles** > **Oracle_RoleMembers** > Configure node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/oracle/usersroles/jobgroup22.webp) @@ -29,6 +32,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the Oracle_RoleMembers Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| --------------- | --------------------------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Role Membership | This report shows details on the roles and role membership in the audited Oracle environment. | None | This report is comprised of three elements: - Bar Chart – Displays top roles by role membership - Table – Provides details on roles by role membership - Table – Provides information on role membership details | +| Report | Description | Default Tags | Report Elements | +| --------------- | --------------------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Role Membership | This report shows details on the roles and role membership in the audited Oracle environment. | None | This report is comprised of three elements:
  • Bar Chart – Displays top roles by role membership
  • Table – Provides details on roles by role membership
  • Table – Provides information on role membership details
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/oracle/usersroles/oracle_systemadministrators.md b/docs/accessanalyzer/11.6/solutions/databases/oracle/usersroles/oracle_systemadministrators.md index 6f53967311..63c309ba15 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/oracle/usersroles/oracle_systemadministrators.md +++ b/docs/accessanalyzer/11.6/solutions/databases/oracle/usersroles/oracle_systemadministrators.md @@ -14,8 +14,11 @@ and SYSOPER roles across all targeted Oracle database servers. Navigate to the **Oracle** > **1.Users and Roles** > **Oracle_SystemAdministrators** > Configure node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/oracle/usersroles/jobgroup23.webp) @@ -31,6 +34,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis task, the Oracle_SystemAdministrators Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ------------- | ---------------------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Admin Summary | This report highlights all principals which are members of specified administrator roles | None | This report is comprised of three elements: - Bar Chart – Displays top instances by admin count - Table – Provides information on admin details - Table – Provides details on top instances by admin count | +| Report | Description | Default Tags | Report Elements | +| ------------- | ---------------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Admin Summary | This report highlights all principals which are members of specified administrator roles | None | This report is comprised of three elements:
  • Bar Chart – Displays top instances by admin count
  • Table – Provides information on admin details
  • Table – Provides details on top instances by admin count
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/oracle/usersroles/oracle_users.md b/docs/accessanalyzer/11.6/solutions/databases/oracle/usersroles/oracle_users.md index 485e61391a..d1f64895de 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/oracle/usersroles/oracle_users.md +++ b/docs/accessanalyzer/11.6/solutions/databases/oracle/usersroles/oracle_users.md @@ -14,8 +14,11 @@ databases in targeted Oracle database servers. Navigate to the **Oracle** > **1.Users and Roles** > **Oracle_Users** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/oracle/usersroles/jobgroup24.webp) @@ -29,6 +32,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the Oracle_Users Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ------------ | -------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Oracle Users | This report shows details on users in the audited Oracle environment | None | This report is comprised of three elements: - Bar Chart – Displays users by instance - Table – Provides details on oracle user instance summary - Table – Provides information on oracle user details | +| Report | Description | Default Tags | Report Elements | +| ------------ | -------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Oracle Users | This report shows details on users in the audited Oracle environment | None | This report is comprised of three elements:
  • Bar Chart – Displays users by instance
  • Table – Provides details on oracle user instance summary
  • Table – Provides information on oracle user details
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/postgresql/collection/overview.md b/docs/accessanalyzer/11.6/solutions/databases/postgresql/collection/overview.md index 6c5e23fdda..b2d6e9b27f 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/postgresql/collection/overview.md +++ b/docs/accessanalyzer/11.6/solutions/databases/postgresql/collection/overview.md @@ -22,7 +22,7 @@ The jobs in the 0.Collection Job Group are: - [PgSQL_TablePrivileges Job](/docs/accessanalyzer/11.6/solutions/databases/postgresql/collection/pgsql_tableprivileges.md) - Designed to collect PostgreSQL table privileges from all the targeted servers. -Workflow +**Workflow** 1. Set a Connection Profile for the 0.Collection Job Group with the permissions listed in the Recommended Configurations section. See the diff --git a/docs/accessanalyzer/11.6/solutions/databases/postgresql/collection/pgsql_configuration.md b/docs/accessanalyzer/11.6/solutions/databases/postgresql/collection/pgsql_configuration.md index d95a267c3b..676394305e 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/postgresql/collection/pgsql_configuration.md +++ b/docs/accessanalyzer/11.6/solutions/databases/postgresql/collection/pgsql_configuration.md @@ -13,7 +13,10 @@ PostgreSQL servers. The PgSQL_Configuration Job uses the SQL Data Collector. -**CAUTION:** Do not modify the query. The query is preconfigured for this job. +:::warning +Do not modify the query. The query is preconfigured for this job. +::: + ![Query Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/postgresql/collection/configurationquery.webp) diff --git a/docs/accessanalyzer/11.6/solutions/databases/postgresql/collection/pgsql_sensitivedatascan.md b/docs/accessanalyzer/11.6/solutions/databases/postgresql/collection/pgsql_sensitivedatascan.md index b2c8f890fe..45dc91a5fa 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/postgresql/collection/pgsql_sensitivedatascan.md +++ b/docs/accessanalyzer/11.6/solutions/databases/postgresql/collection/pgsql_sensitivedatascan.md @@ -34,8 +34,11 @@ The Query Properties window appears. **Step 3 –** Select the Data Source tab, and click Configure. The SQL Data Collector Wizard opens. -**CAUTION:** Do not make changes to other wizard pages as they have been pre-configured for this +:::warning +Do not make changes to other wizard pages as they have been pre-configured for this job. +::: + ![Sensitive Data Scan Settings](/img/product_docs/accessanalyzer/11.6/solutions/databases/postgresql/collection/datascanjobsettings.webp) @@ -43,9 +46,12 @@ job. [SQL Data Collector](/docs/accessanalyzer/11.6/admin/datacollector/sql/overview.md) page. Select the desired scan options. -**NOTE:** The Sensitive Data Scan Settings are pre-configured for optimal performance for a +:::note +The Sensitive Data Scan Settings are pre-configured for optimal performance for a high-level table scan. Configuring these settings to increase the scope of the sensitive data scan may significantly increase scan time. +::: + ![Select DLP Criteria](/img/product_docs/accessanalyzer/11.6/solutions/databases/postgresql/collection/sensitivedatascancriteria.webp) @@ -93,8 +99,11 @@ The PgSQL_SensitiveDataScan Job is now ready to run with the customized settings Navigate to the **Databases** > **0.Collection** > **PostgreSQL** > **PgSQL_SensitiveDataScan** > **Configure** node and select Analysis to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/postgresql/collection/sensitivedataanalysis.webp) diff --git a/docs/accessanalyzer/11.6/solutions/databases/postgresql/collection/pgsql_tableprivileges.md b/docs/accessanalyzer/11.6/solutions/databases/postgresql/collection/pgsql_tableprivileges.md index 0581840042..78b8dc829e 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/postgresql/collection/pgsql_tableprivileges.md +++ b/docs/accessanalyzer/11.6/solutions/databases/postgresql/collection/pgsql_tableprivileges.md @@ -13,7 +13,10 @@ targeted servers. The PgSQL_TablePrivileges Job uses the SQL Data Collector for queries. -**CAUTION:** Do not modify the query. The query is preconfigured for this job. +:::warning +Do not modify the query. The query is preconfigured for this job. +::: + ![Query Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/postgresql/collection/tableprivileges_query.webp) @@ -26,8 +29,11 @@ The query is: Navigate to the **Databases** > **0.Collection** > **PostgreSQL** > **PgSQL_TablePrivileges** > **Configure** node and select Analysis to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/postgresql/collection/tableprivileges_analysis.webp) diff --git a/docs/accessanalyzer/11.6/solutions/databases/postgresql/overview.md b/docs/accessanalyzer/11.6/solutions/databases/postgresql/overview.md index 1ea16bb8a7..307ff57c50 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/postgresql/overview.md +++ b/docs/accessanalyzer/11.6/solutions/databases/postgresql/overview.md @@ -26,20 +26,20 @@ prioritize risks to sensitive data. Additionally, organizations can automate man and expensive processes associated with compliance, security, and operations to easily adhere to best practices that keep PostgreSQL Server safe and operational. -Supported Platforms +**Supported Platforms** - Open Source PostgreSQL 9x through 12x - Enterprise DB PostgreSQL (10x trhough 12x) - Amazon AWS Aurora PostgreSQL Engine (all versions supported by Amazon AWS) - Azure PostgreSQL (9.6) -Requirements, Permissions, and Ports +**Requirements, Permissions, and Ports** See the -[Target PostgreSQL Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/databases/databasepostgresql.md) +[Target PostgreSQL Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/databases/postgresql.md) topic for additional information. -Sensitive Data Discovery Considerations +**Sensitive Data Discovery Considerations** The Sensitive Data Discovery Add-On must be installed on the Enterprise Auditor Console server, which enables Sensitive Data criteria for scans. If running Sensitive Data Discovery (SDD) scans, it @@ -50,13 +50,16 @@ then an extra 16 GB of RAM are required (8x2=16). By default, the job is configured to use 10 threads, which can be adjusted based on available resources on the Enterprise Auditor server. -**NOTE:** The Sensitive Data Discovery Add-on installation package installs the appropriate JDK +:::note +The Sensitive Data Discovery Add-on installation package installs the appropriate JDK (Java) version on the server. The JDK deployed is prepackaged and does not require any configuration; it has been preconfigured to work with Enterprise Auditor and should never be customized through Java. It will not conflict with other JDKs or Java Runtimes in the same environment. +::: -Location + +**Location** The Structured Sensitive Data Discovery License is required to run the PostgreSQL Solution. It can be installed from theEnterprise Auditor Instant Job Wizard. Once it has been installed into the Jobs diff --git a/docs/accessanalyzer/11.6/solutions/databases/postgresql/pgsql_databasesizing.md b/docs/accessanalyzer/11.6/solutions/databases/postgresql/pgsql_databasesizing.md index d5652a2e72..3501e3a8f8 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/postgresql/pgsql_databasesizing.md +++ b/docs/accessanalyzer/11.6/solutions/databases/postgresql/pgsql_databasesizing.md @@ -20,8 +20,11 @@ The job in the Configuration Job Groups is: Navigate to the **Jobs > Databases > PostgreSQL > Configuration > PgSQL_DatabaseSizing > Configure** node and select Analysis to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/postgresql/pssqldatabasesizinganalysistasks.webp) @@ -33,6 +36,7 @@ The default analysis tasks are: In addition to the tables and views created the analysis task, the PgSQL_DatabaseSizing Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| --------------- | ---------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Database Sizing | This report highlights the size of databases in PostgreSQL | None | This report is comprised of three elements: - Bar Chart – Displays top databases by size (MB) - Bar Chart – Displays sizes by host (GB) - Table – Provides database details | +| Report | Description | Default Tags | Report Elements | +| --------------- | ---------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Database Sizing | This report highlights the size of databases in PostgreSQL | None | This report is comprised of three elements:
  • Bar Chart – Displays top databases by size (MB)
  • Bar Chart – Displays sizes by host (GB)
  • Table – Provides database details
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/postgresql/recommended.md b/docs/accessanalyzer/11.6/solutions/databases/postgresql/recommended.md index eb51baf85b..acd80433d3 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/postgresql/recommended.md +++ b/docs/accessanalyzer/11.6/solutions/databases/postgresql/recommended.md @@ -11,7 +11,7 @@ The jobs in the PostgreSQL Solution has been configured to inherit down from th at the data collection level, 0.Collection Job Group. Once these are assigned to the job group, it can be run directly or scheduled. -Dependencies +**Dependencies** - **.Active Directory Inventory** Job Group run successfully - For Sensitive Data Discovery Auditing – Sensitive Data Discovery Add-On installed on the @@ -20,14 +20,14 @@ Dependencies folder and open the properties window. Select the **Performance** tab and ensure that the **Skip Hosts that do not respond to PING**checkbox is not selected. -Targeted Host(s) +**Targeted Host(s)** - The 0.Collection Job Group must be set to run against a custom host list containing the PostgreSQL database instances / clusters. - For AWS RDS instances, specify the endpoint when creating a host list. This value may change after saving the list if the instance is part of a cluster. -Connection Profile +**Connection Profile** The SQL Data Collector requires a specific set of permissions. For the PostgreSQL Solution, the credentials configured in the Connection Profile must be able to access the PostgreSQL Database. See @@ -40,24 +40,27 @@ level. However, since this may not be the Connection Profile with the necessary assigned hosts, click the radio button for the **Select one of the following user defined profiles** option and select the appropriate Connection Profile drop-down menu. -Schedule Frequency +**Schedule Frequency** Daily -Run Order +**Run Order** The 0.Collection Job Group must be run first before running the other jobs and job groups. -**_RECOMMENDED:_** Run the solution at the top level: PostgreSQL Job Group +:::info +Run the solution at the top level: PostgreSQL Job Group +::: -Query Configuration + +**Query Configuration** This solution is designed to be run with the default query configurations. However, the PostgreSQL_SensitiveDataScan Job query can be customized as needed. See the [Configure the SensitiveDataScan Query](/docs/accessanalyzer/11.6/solutions/databases/postgresql/collection/pgsql_sensitivedatascan.md#configure-the-sensitivedatascan-query) topic for additional information. -Analysis Configuration +**Analysis Configuration** This solution should be run with the default analysis configurations. These analysis tasks are preconfigured and should not be modified or deselected! @@ -65,4 +68,7 @@ preconfigured and should not be modified or deselected! Disabling obsolete or run-desired jobs allows the solution to run more efficiently. To disable a job or job group, right-click on the item and select **Disable Job**. -**_RECOMMENDED:_** Do not delete any jobs. Instead, jobs should be disabled. +:::info +Do not delete any jobs. Instead, jobs should be disabled. + +::: diff --git a/docs/accessanalyzer/11.6/solutions/databases/postgresql/sensitivedata/pgsql_sensitivedata.md b/docs/accessanalyzer/11.6/solutions/databases/postgresql/sensitivedata/pgsql_sensitivedata.md index bca3315c87..2d18a03a3b 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/postgresql/sensitivedata/pgsql_sensitivedata.md +++ b/docs/accessanalyzer/11.6/solutions/databases/postgresql/sensitivedata/pgsql_sensitivedata.md @@ -14,8 +14,11 @@ discovered in the targeted PostgreSQL servers based on the selected scan criter Navigate to the **Jobs > Databases > PostgreSQL > Sensitive Data > PgSQL_SensitiveData > Configure** node and select Analysis to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![pgsqlsensitivedataanalysis](/img/product_docs/accessanalyzer/11.6/solutions/databases/postgresql/sensitivedata/pgsqlsensitivedataanalysis.webp) @@ -28,7 +31,8 @@ The default analysis tasks are: In addition to the tables and views created the analysis task, the PgSQL_SensitiveData Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ----------------------- | --------------------------------------------------------------------------- | -------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Enterprise Summary | This report shows a summary of the criteria matches found in the Enterprise | None | This report is comprised of two elements: - Bar Chart – Displays exceptions by match count - Table – Provides exception details | -| Sensitive Data Overview | This report highlights objects which contain sensitive data crtieria. | Sensitive Data | This report is comprised of three elements: - Bar Chart - Displays top databases by Sensitive Data Hits - Table - Provides information on databases with sensitive data - Table - Provides details on sensitive data | +| Report | Description | Default Tags | Report Elements | +| ----------------------- | --------------------------------------------------------------------------- | -------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Enterprise Summary | This report shows a summary of the criteria matches found in the Enterprise | None | This report is comprised of two elements:
  • Bar Chart – Displays exceptions by match count
  • Table – Provides exception details
| +| Sensitive Data Overview | This report highlights objects which contain sensitive data crtieria. | Sensitive Data | This report is comprised of three elements:
  • Bar Chart
  • Displays top databases by Sensitive Data Hits
  • Table
  • Provides information on databases with sensitive data
  • Table
  • Provides details on sensitive data
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/postgresql/sensitivedata/pgsql_sensitivedatapermissions.md b/docs/accessanalyzer/11.6/solutions/databases/postgresql/sensitivedata/pgsql_sensitivedatapermissions.md index f8e8d6cef1..ed29f32cb9 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/postgresql/sensitivedata/pgsql_sensitivedatapermissions.md +++ b/docs/accessanalyzer/11.6/solutions/databases/postgresql/sensitivedata/pgsql_sensitivedatapermissions.md @@ -16,8 +16,11 @@ Navigate to the **Jobs > Databases > PostgreSQL > Sensitive Data > PgSQL_SensitiveDataPermissions > Configure** node and select Analysis to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/postgresql/sensitivedata/sensitivedatapermission.webp) @@ -31,6 +34,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the PgSQL_SensitiveDataPermissions Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| -------------------------- | ----------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Sensitive Data Permissions | This report highlights sensitive data permissions in the audited environment. | None | This report is comprised of three elements: - Bar Chart – Displays top databases by permission count - Table – Provides details on database permission summary - Table – Provides details on sensitive data permission details | +| Report | Description | Default Tags | Report Elements | +| -------------------------- | ----------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Sensitive Data Permissions | This report highlights sensitive data permissions in the audited environment. | None | This report is comprised of three elements:
  • Bar Chart – Displays top databases by permission count
  • Table – Provides details on database permission summary
  • Table – Provides details on sensitive data permission details
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/redshift/collection/redshift_configuration.md b/docs/accessanalyzer/11.6/solutions/databases/redshift/collection/redshift_configuration.md index bf3fb6f6db..2062fcc5fd 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/redshift/collection/redshift_configuration.md +++ b/docs/accessanalyzer/11.6/solutions/databases/redshift/collection/redshift_configuration.md @@ -12,7 +12,10 @@ The Redshift_Configuration job returns additional configuration settings from Re The Redshift_Configuration Job uses the SQL Data Collector for queries. -**CAUTION:** Do not modify the query. The query is preconfigured for this job. +:::warning +Do not modify the query. The query is preconfigured for this job. +::: + ![0](/img/product_docs/accessanalyzer/11.6/solutions/databases/redshift/collection/0.collectionconfiguration.webp) diff --git a/docs/accessanalyzer/11.6/solutions/databases/redshift/collection/redshift_sensitivedatascan.md b/docs/accessanalyzer/11.6/solutions/databases/redshift/collection/redshift_sensitivedatascan.md index d1e64c9b5d..1db1421a11 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/redshift/collection/redshift_sensitivedatascan.md +++ b/docs/accessanalyzer/11.6/solutions/databases/redshift/collection/redshift_sensitivedatascan.md @@ -45,9 +45,12 @@ with Sensitive Data Collection category selected. [SQL: Options](/docs/accessanalyzer/11.6/admin/datacollector/sql/options.md) page for additional information. -**NOTE:** The Sensitive Data Scan Settings are preconfigured for optimal performance for a +:::note +The Sensitive Data Scan Settings are preconfigured for optimal performance for a high-level table scan. Configuring these settings to increase the scope of the sensitive data scan may significantly increase scan time. +::: + **Step 6 –** Click **Next**. The Select Criteria view appears. @@ -63,11 +66,14 @@ the following System Criteria have been selected: - User ID - Password -**NOTE:** For more information on adding or deleting criteria, navigate to the +:::note +For more information on adding or deleting criteria, navigate to the [SQL: Criteria](/docs/accessanalyzer/11.6/admin/datacollector/sql/criteria.md) page or See the [Sensitive Data Criteria Editor](/docs/accessanalyzer/11.6/sensitivedatadiscovery/criteriaeditor/overview.md) topic for additional information. +::: + **Step 8 –** Click **Next**. The Filters view appears. @@ -75,8 +81,11 @@ topic for additional information. **Step 9 –** Click **Connections** to open the Manage Connections window. -**NOTE:** SQL databases must be added to the query before they can be scanned. Before you can add a +:::note +SQL databases must be added to the query before they can be scanned. Before you can add a query, you must establish a connection to the database. +::: + ![Manage Connections](/img/product_docs/accessanalyzer/11.6/solutions/databases/redshift/collection/collectionsensitivedataconnection.webp) @@ -96,9 +105,12 @@ following information: **Step 12 –** Select Only select database objects. or **All database objects**. The query is configured by default to target Only select database objects. -**NOTE:** For more information on filtering, see the +:::note +For more information on filtering, see the [SQL: Filter](/docs/accessanalyzer/11.6/admin/datacollector/sql/filter.md) page. +::: + **Step 13 –** Click Retrieve. The Available database objects box will populate. @@ -124,8 +136,11 @@ Navigate to the _**_Databases > 0.Collection >**Redshift >__ **Redshift_Sensitiv require any configuration as they just populate the reports with the collected information and do not collect data themselves. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/redshift/collection/analysiscollectionsensitivedatascan.webp) diff --git a/docs/accessanalyzer/11.6/solutions/databases/redshift/collection/redshift_tableprivileges.md b/docs/accessanalyzer/11.6/solutions/databases/redshift/collection/redshift_tableprivileges.md index 16c6a78161..1116550ae2 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/redshift/collection/redshift_tableprivileges.md +++ b/docs/accessanalyzer/11.6/solutions/databases/redshift/collection/redshift_tableprivileges.md @@ -13,7 +13,10 @@ targeted servers. The Redshift_TablePrivileges Job uses the SQL Data Collector for queries. -**CAUTION:** Do not modify the query. The query is preconfigured for this job. +:::warning +Do not modify the query. The query is preconfigured for this job. +::: + ![Query Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/redshift/collection/tableprivilegesquery.webp) @@ -26,8 +29,11 @@ The query is: Navigate to the **Databases** > **0.Collection** > **Redshift** > **Redshift_TablePrivileges** > **Configure** node and select Analysis to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/redshift/collection/tableprivilegesanalysis.webp) diff --git a/docs/accessanalyzer/11.6/solutions/databases/redshift/overview.md b/docs/accessanalyzer/11.6/solutions/databases/redshift/overview.md index d4ecb80e69..80df29c7de 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/redshift/overview.md +++ b/docs/accessanalyzer/11.6/solutions/databases/redshift/overview.md @@ -13,18 +13,18 @@ and Sensitive Data. The Redshift Solution requires a special Enterprise Auditor license. Additionally, the Sensitive Data Discovery Add-On enables the solution to search Redshift and AWS content for sensitive data. -Supported Platforms +**Supported Platforms** - Amazon AWS Redshift - AWS Redshift Cluster -Requirements, Permissions, and Ports +**Requirements, Permissions, and Ports** See the -[Target Redshift Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/databases/databaseredshift.md) +[Target Redshift Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/databases/redshift.md) topic for additional information. -Sensitive Data Discovery Considerations +**Sensitive Data Discovery Considerations** The Sensitive Data Discovery Add-On must be installed on the Enterprise Auditor Console server, which enables Sensitive Data criteria for scans. If running Sensitive Data Discovery (SDD) scans, it @@ -35,13 +35,16 @@ then an extra 16 GB of RAM are required (8x2=16). By default, the job is configured to use 10 threads, which can be adjusted based on available resources on the Enterprise Auditor server. -**NOTE:** The Sensitive Data Discovery Add-on installation package installs the appropriate JDK +:::note +The Sensitive Data Discovery Add-on installation package installs the appropriate JDK (Java) version on the server. The JDK deployed is prepackaged and does not require any configuration; it has been preconfigured to work with Enterprise Auditor and should never be customized through Java. It will not conflict with other JDKs or Java Runtimes in the same environment. +::: -Location + +**Location** The Redshift Solution requires a special Enterprise Auditor license. It can be installed from the Enterprise Auditor Instant Job Wizard. Once it has been installed in the **Jobs** tree, navigate to diff --git a/docs/accessanalyzer/11.6/solutions/databases/redshift/recommended.md b/docs/accessanalyzer/11.6/solutions/databases/redshift/recommended.md index 828f217e68..356fbdfe57 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/redshift/recommended.md +++ b/docs/accessanalyzer/11.6/solutions/databases/redshift/recommended.md @@ -11,12 +11,12 @@ is best practice to assign the host list and the Connection Profile at the data the 0.Collection Job Group. Once these are assigned to the job group, it can be run directly or scheduled. -Dependencies +**Dependencies** - For Sensitive Data Discovery Auditing – Sensitive Data Discovery Add-On installed on the Enterprise Auditor Console server -Targeted Host(s) +**Targeted Host(s)** The Redshift Job Group has been configured to inherit the host list assignment from the collection group level. @@ -24,7 +24,7 @@ group level. The host list assignment should be assigned under the **Redshift** > **0.Collection** > **Settings** > **Host List Assignment** node. The **Local host** box is checked by default. -Connection Profile +**Connection Profile** The SQL Data Collector requires a specific set of permissions. See the Permissions section for necessary permissions. The account used can be either an Active Directory account or a SQL account. @@ -43,13 +43,16 @@ See the [Connection](/docs/accessanalyzer/11.6/admin/settings/connection/overview.md) topic for additional information. -Schedule Frequency +**Schedule Frequency** This job group can be scheduled to run as desired. -Run Order +**Run Order** The 0.Collection Jobs must be run first and in order. The other Redshift sub-job groups can be run in any order, together or individually, after running the 0.Collection Job Group. -**_RECOMMENDED:_** Run the solution at the top level. +:::info +Run the solution at the top level. + +::: diff --git a/docs/accessanalyzer/11.6/solutions/databases/redshift/redshift_databasesizing.md b/docs/accessanalyzer/11.6/solutions/databases/redshift/redshift_databasesizing.md index a582af8bb4..54c8b0eb0e 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/redshift/redshift_databasesizing.md +++ b/docs/accessanalyzer/11.6/solutions/databases/redshift/redshift_databasesizing.md @@ -20,8 +20,11 @@ The job(s) in the Configuration Job Group are: Navigate to the **Jobs** > **Databases**> **Redshift** > **Configuration** > **Redshift_DatabaseSizing** > **Configure** node and select **Analysis** to view the Analysis Tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![analysisredshiftconfigurationjob](/img/product_docs/accessanalyzer/11.6/solutions/databases/redshift/analysisredshiftconfigurationjob.webp) @@ -35,6 +38,7 @@ The default analysis tasks are: In addition to the tables and views created the analysis task, the Redshift_DatabaseSizing Job produces the following preconfigured reports. -| Report | Description | Default Tags | Report Elements | -| --------------- | --------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Database Sizing | This report highlights the size of databases in Redshift. | None | This report is comprised of three elements: - Bar Chart – Displays top databases by size (MB) - Bar Chart – Displays sizes by host (GB) - Table – Provides database details | +| Report | Description | Default Tags | Report Elements | +| --------------- | --------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Database Sizing | This report highlights the size of databases in Redshift. | None | This report is comprised of three elements:
  • Bar Chart – Displays top databases by size (MB)
  • Bar Chart – Displays sizes by host (GB)
  • Table – Provides database details
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/redshift/sensitivedata/redshift_sensitivedata.md b/docs/accessanalyzer/11.6/solutions/databases/redshift/sensitivedata/redshift_sensitivedata.md index 2ad51b9009..cd3c4cab35 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/redshift/sensitivedata/redshift_sensitivedata.md +++ b/docs/accessanalyzer/11.6/solutions/databases/redshift/sensitivedata/redshift_sensitivedata.md @@ -14,8 +14,11 @@ based on the selected scan criteria. Navigate to the **Jobs** > **Databases** > **Redshift** >  **Sensitive Data** > **Redshift_SensitiveData** > **Configure** node and select **Analysis** to view the Analysis Tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/redshift/sensitive_data/analysissensitivedata.webp) @@ -30,7 +33,8 @@ The default analysis tasks are: In addition to the tables and views created the analysis task, the Redshift_SensitiveData Job produces the following preconfigured reports. -| Report | Description | Default Tags | Report Elements | -| ----------------------- | ---------------------------------------------------------------------------- | -------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Enterprise Summary | This report shows a summary of the criteria matches found in the Enterprise. | None | This report is comprised of two elements: - Bar Chart - Displays exceptions by Match Count - Table - Displays Exception Details | -| Sensitive Data Overview | This report highlights objects which contain sensitive data criteria. | Sensitive Data | This report is comprised of three elements: - Bar Chart - Displays top databases by Sensitive Data Hits - Table - Provides details on top databases with Sensitive Data - Table - Provides Sensitive Data Details | +| Report | Description | Default Tags | Report Elements | +| ----------------------- | ---------------------------------------------------------------------------- | -------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Enterprise Summary | This report shows a summary of the criteria matches found in the Enterprise. | None | This report is comprised of two elements:
  • Bar Chart
  • Displays exceptions by Match Count
  • Table
  • Displays Exception Details
| +| Sensitive Data Overview | This report highlights objects which contain sensitive data criteria. | Sensitive Data | This report is comprised of three elements:
  • Bar Chart
  • Displays top databases by Sensitive Data Hits
  • Table
  • Provides details on top databases with Sensitive Data
  • Table
  • Provides Sensitive Data Details
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/redshift/sensitivedata/redshift_sensitivedatapermissions.md b/docs/accessanalyzer/11.6/solutions/databases/redshift/sensitivedata/redshift_sensitivedatapermissions.md index 1685c9d73a..e977a13bf1 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/redshift/sensitivedata/redshift_sensitivedatapermissions.md +++ b/docs/accessanalyzer/11.6/solutions/databases/redshift/sensitivedata/redshift_sensitivedatapermissions.md @@ -16,8 +16,11 @@ Navigate to the **Jobs > Databases > Redshift > Sensitive Data > Redshift_SensitiveDataPermissions > Configure** node and select Analysis to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/postgresql/sensitivedata/sensitivedatapermission.webp) @@ -31,6 +34,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the Redshift_SensitiveDataPermissions Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| -------------------------- | ----------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Sensitive Data Permissions | This report highlights sensitive data permissions in the audited environment. | None | This report is comprised of three elements: - Bar Chart – Displays top databases by permission count - Table – Provides details on database permission summary - Table – Provides details on sensitive data permission details | +| Report | Description | Default Tags | Report Elements | +| -------------------------- | ----------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Sensitive Data Permissions | This report highlights sensitive data permissions in the audited environment. | None | This report is comprised of three elements:
  • Bar Chart – Displays top databases by permission count
  • Table – Provides details on database permission summary
  • Table – Provides details on sensitive data permission details
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/sql/activity/sql_activity.md b/docs/accessanalyzer/11.6/solutions/databases/sql/activity/sql_activity.md index 8a5033b726..f0386c7525 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/sql/activity/sql_activity.md +++ b/docs/accessanalyzer/11.6/solutions/databases/sql/activity/sql_activity.md @@ -14,8 +14,11 @@ databases based on SQL Server Audit Specification settings. Navigate to the **Databases** > SQL > 2.Activity > SQL_Activity > Configure node and select Analysis to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task(s). The analysis task(s) are +:::warning +Do not modify or deselect the selected analysis task(s). The analysis task(s) are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/sql/activity/sqljobgroup31.webp) @@ -31,6 +34,7 @@ The default analysis tasks are: In addition to the tables and views created the analysis task, the SQL_Activity Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| --------------------- | ------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| User Activity Summary | This report lists all SQL events, and summarizes them by database and instance. | None | This report is comprised of three elements: - Bar Chart – Displays users with most events by instance - Table – Provides details on users with most events by database - Table – Provides details on event details | +| Report | Description | Default Tags | Report Elements | +| --------------------- | ------------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| User Activity Summary | This report lists all SQL events, and summarizes them by database and instance. | None | This report is comprised of three elements:
  • Bar Chart – Displays users with most events by instance
  • Table – Provides details on users with most events by database
  • Table – Provides details on event details
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/sql/activity/sql_logons.md b/docs/accessanalyzer/11.6/solutions/databases/sql/activity/sql_logons.md index 415680bd09..933019cec7 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/sql/activity/sql_logons.md +++ b/docs/accessanalyzer/11.6/solutions/databases/sql/activity/sql_logons.md @@ -14,8 +14,11 @@ activity across all targeted SQL and Azure SQL servers. Navigate to the **Databases** > SQL > 2.Activity > SQL_Logons > Configure node and select Analysis to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task(s). The analysis task(s) are +:::warning +Do not modify or deselect the selected analysis task(s). The analysis task(s) are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/sql/activity/sqljobgroup32.webp) @@ -28,6 +31,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the SQL_Logons Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| -------------------- | ----------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Server Logon Details | This report outlines successful and failed logins over the last 30 days | None | This report is comprised of three elements: - Stacked Bar Chart – Displays logon summary - Table – Provides details on logon summary - Table – Provides details on logon details | +| Report | Description | Default Tags | Report Elements | +| -------------------- | ----------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Server Logon Details | This report outlines successful and failed logins over the last 30 days | None | This report is comprised of three elements:
  • Stacked Bar Chart – Displays logon summary
  • Table – Provides details on logon summary
  • Table – Provides details on logon details
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/sql/activity/sql_permissionchanges.md b/docs/accessanalyzer/11.6/solutions/databases/sql/activity/sql_permissionchanges.md index ab1c6cfe93..c45a76ca53 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/sql/activity/sql_permissionchanges.md +++ b/docs/accessanalyzer/11.6/solutions/databases/sql/activity/sql_permissionchanges.md @@ -14,8 +14,11 @@ objects, specifically objects containing sensitive data. Navigate to the **Databases** > SQL > 2.Activity > SQL_PermissionChanges > Configure node and select Analysis to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task(s). The analysis task(s) are +:::warning +Do not modify or deselect the selected analysis task(s). The analysis task(s) are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/sql/activity/sqljobgroup33.webp) @@ -30,6 +33,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the SQL_SensitiveDataActivity Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| -------------------------- | -------------------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Permission Change Activity | This report lists all permission change related SQL events, and summarizes them by instance. | None | This report is comprised of three elements: - Bar Chart – Displays top instances by permission change activity - Table – Provides details on instances by permission change activity - Table – Provides details on event details | +| Report | Description | Default Tags | Report Elements | +| -------------------------- | -------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Permission Change Activity | This report lists all permission change related SQL events, and summarizes them by instance. | None | This report is comprised of three elements:
  • Bar Chart – Displays top instances by permission change activity
  • Table – Provides details on instances by permission change activity
  • Table – Provides details on event details
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/sql/activity/sql_sensitivedataactivity.md b/docs/accessanalyzer/11.6/solutions/databases/sql/activity/sql_sensitivedataactivity.md index 86fd0c89a1..1298d85d7e 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/sql/activity/sql_sensitivedataactivity.md +++ b/docs/accessanalyzer/11.6/solutions/databases/sql/activity/sql_sensitivedataactivity.md @@ -14,8 +14,11 @@ TRUNCATE) used against objects containing sensitive data. Navigate to the **Databases** > SQL > 2.Activity > SQL_SensitiveDataActivity > Configure node and select Analysis to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task(s). The analysis task(s) are +:::warning +Do not modify or deselect the selected analysis task(s). The analysis task(s) are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/sql/activity/sqljobgroup34.webp) @@ -29,6 +32,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the SQL_SensitiveDataActivity Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ----------------------- | --------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Sensitive Data Activity | This report highlights events in databases containing sensitive data. | None | This report is comprised of three elements: - Bar Chart – Displays top users by instance - Table – Provides details on user activity by instance - Table – Provides details on sensitive data activity details by database | +| Report | Description | Default Tags | Report Elements | +| ----------------------- | --------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Sensitive Data Activity | This report highlights events in databases containing sensitive data. | None | This report is comprised of three elements:
  • Bar Chart – Displays top users by instance
  • Table – Provides details on user activity by instance
  • Table – Provides details on sensitive data activity details by database
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/sql/activity/sql_unusualactivity.md b/docs/accessanalyzer/11.6/solutions/databases/sql/activity/sql_unusualactivity.md index 4e8e6bee0d..239e2480c3 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/sql/activity/sql_unusualactivity.md +++ b/docs/accessanalyzer/11.6/solutions/databases/sql/activity/sql_unusualactivity.md @@ -14,8 +14,11 @@ all targeted SQL and Azure SQL server instances. Navigate to the **Databases** > SQL > 2.Activity > SQL_UnusualActivity > Configure node and select Analysis to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task(s). The analysis task(s) are +:::warning +Do not modify or deselect the selected analysis task(s). The analysis task(s) are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/sql/activity/sqljobgroup35.webp) @@ -29,6 +32,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the SQL_SensitiveDataActivity Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ------------------------------ | ---------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Unusual Hourly Activity Report | This report lists abnormal user activity | None | This report is comprised of three elements: - Bar Chart – Displays abnormal user activity - Table – Provides details on number of outliers per instance - Table – Provides details on unusual hourly user activity | +| Report | Description | Default Tags | Report Elements | +| ------------------------------ | ---------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Unusual Hourly Activity Report | This report lists abnormal user activity | None | This report is comprised of three elements:
  • Bar Chart – Displays abnormal user activity
  • Table – Provides details on number of outliers per instance
  • Table – Provides details on unusual hourly user activity
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/sql/collection/0-azuresql_instancediscovery.md b/docs/accessanalyzer/11.6/solutions/databases/sql/collection-azuresql/0-azuresql_instancediscovery.md similarity index 93% rename from docs/accessanalyzer/11.6/solutions/databases/sql/collection/0-azuresql_instancediscovery.md rename to docs/accessanalyzer/11.6/solutions/databases/sql/collection-azuresql/0-azuresql_instancediscovery.md index e6ff20b34c..b87567271f 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/sql/collection/0-azuresql_instancediscovery.md +++ b/docs/accessanalyzer/11.6/solutions/databases/sql/collection-azuresql/0-azuresql_instancediscovery.md @@ -24,8 +24,11 @@ The 0-AzureSQL_InstanceDiscovery job uses the SQL Data Collector for the followi Navigate to the **Databases** > **0.Collection** > **AzureSQL** > **0-AzureSQL_InstanceDiscovery** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/azuresql/collection/instancediscanalysis.webp) diff --git a/docs/accessanalyzer/11.6/solutions/databases/azuresql/collection/azuresql_permissionscan-1.md b/docs/accessanalyzer/11.6/solutions/databases/sql/collection-azuresql/1-azuresql_permissionscan.md similarity index 92% rename from docs/accessanalyzer/11.6/solutions/databases/azuresql/collection/azuresql_permissionscan-1.md rename to docs/accessanalyzer/11.6/solutions/databases/sql/collection-azuresql/1-azuresql_permissionscan.md index f7454e5996..e39f86d061 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/azuresql/collection/azuresql_permissionscan-1.md +++ b/docs/accessanalyzer/11.6/solutions/databases/sql/collection-azuresql/1-azuresql_permissionscan.md @@ -1,3 +1,9 @@ +--- +title: "1-AzureSQL_PermissionScan Job" +description: "1-AzureSQL_PermissionScan Job" +sidebar_position: 15 +--- + # 1-AzureSQL_PermissionScan Job The 1–AzureSQL_PermissionScan Job is designed to collect Azure SQL instance and database level @@ -24,8 +30,11 @@ Properties. The Query Properties window appears. **Step 3 –** Select the Data Source tab and click Configure. The SQL Data Collector Wizard opens. -**CAUTION:** Do not make changes to other wizard pages as they have been pre-configured for this +:::warning +Do not make changes to other wizard pages as they have been pre-configured for this job. +::: + ![Filters](/img/product_docs/accessanalyzer/11.6/solutions/databases/azuresql/collection/1sqlpermissionscanfilterpage.webp) @@ -61,8 +70,11 @@ The 1-AzureSQL_PermissionsScan Job is now ready to run with the customized setti Navigate to the Databases > 0.Collection > **AzureSQL** > 1-AzureSQL_PermissionsScan > Configure node and select Analysis to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/azuresql/collection/jobanalysis.webp) diff --git a/docs/accessanalyzer/11.6/solutions/databases/sql/collection/2-azuresql_sensitivedatascan.md b/docs/accessanalyzer/11.6/solutions/databases/sql/collection-azuresql/2-azuresql_sensitivedatascan.md similarity index 93% rename from docs/accessanalyzer/11.6/solutions/databases/sql/collection/2-azuresql_sensitivedatascan.md rename to docs/accessanalyzer/11.6/solutions/databases/sql/collection-azuresql/2-azuresql_sensitivedatascan.md index ef4158a6bf..54cbbaf2ff 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/sql/collection/2-azuresql_sensitivedatascan.md +++ b/docs/accessanalyzer/11.6/solutions/databases/sql/collection-azuresql/2-azuresql_sensitivedatascan.md @@ -22,8 +22,11 @@ The 2–AzureSQL_SensitiveDataScan Job uses the SQL Data Collector for the follo Navigate to the **Databases** > **0.Collection** > **AzureSQL** > **2–AzureSQL_SensitiveDataScan** > **Configure** node and select Analysis to view the analysis task. -**CAUTION:** Do not modify or deselect the selected analysis task(s). The analysis tasks are +:::warning +Do not modify or deselect the selected analysis task(s). The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/azuresql/collection/sensitivedatascananalysis.webp) diff --git a/docs/accessanalyzer/11.6/solutions/databases/sql/collection/3-azuresql_activityscan.md b/docs/accessanalyzer/11.6/solutions/databases/sql/collection-azuresql/3-azuresql_activityscan.md similarity index 92% rename from docs/accessanalyzer/11.6/solutions/databases/sql/collection/3-azuresql_activityscan.md rename to docs/accessanalyzer/11.6/solutions/databases/sql/collection-azuresql/3-azuresql_activityscan.md index 773333669c..28a8c15429 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/sql/collection/3-azuresql_activityscan.md +++ b/docs/accessanalyzer/11.6/solutions/databases/sql/collection-azuresql/3-azuresql_activityscan.md @@ -22,8 +22,11 @@ The 3–AzureSQL_ActivityScan Job uses the SQL Data Collector for the following Navigate to the **Databases** > **0.Collection** > **Azure SQL** > **3–AzureSQL_ActivityScan** > **Configure** node and select **Analysis** to view the analysis task. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![3-AzureSQL_ActivityScan Job - Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/azuresql/collection/activityscanjobanalysis.webp) diff --git a/docs/accessanalyzer/11.6/solutions/databases/sql/collection/4-azuresql_serversettings.md b/docs/accessanalyzer/11.6/solutions/databases/sql/collection-azuresql/4-azuresql_serversettings.md similarity index 94% rename from docs/accessanalyzer/11.6/solutions/databases/sql/collection/4-azuresql_serversettings.md rename to docs/accessanalyzer/11.6/solutions/databases/sql/collection-azuresql/4-azuresql_serversettings.md index 893957b5c6..42182bd7e7 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/sql/collection/4-azuresql_serversettings.md +++ b/docs/accessanalyzer/11.6/solutions/databases/sql/collection-azuresql/4-azuresql_serversettings.md @@ -28,8 +28,11 @@ Navigate to the **Databases** > **0.Collection** > **Azure SQL** > **4–AzureSQL_ServerSettings** > **Configure** node and select **Analysis** to view the analysis task. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/azuresql/collection/serversettingsanalysis.webp) diff --git a/docs/accessanalyzer/11.6/solutions/databases/sql/collection-azuresql/_category_.json b/docs/accessanalyzer/11.6/solutions/databases/sql/collection-azuresql/_category_.json new file mode 100644 index 0000000000..8748de9750 --- /dev/null +++ b/docs/accessanalyzer/11.6/solutions/databases/sql/collection-azuresql/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "0.Collection > AzureSQL Job Group", + "position": 15, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/accessanalyzer/11.6/solutions/databases/sql/collection/overview_1.md b/docs/accessanalyzer/11.6/solutions/databases/sql/collection-azuresql/overview.md similarity index 82% rename from docs/accessanalyzer/11.6/solutions/databases/sql/collection/overview_1.md rename to docs/accessanalyzer/11.6/solutions/databases/sql/collection-azuresql/overview.md index 0cc90c483a..2668cc1af1 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/sql/collection/overview_1.md +++ b/docs/accessanalyzer/11.6/solutions/databases/sql/collection-azuresql/overview.md @@ -17,18 +17,18 @@ The jobs in 0.Collection Jobs Group are: - 0-AzureSQL_InstanceDiscovery Job — Enumerates a list of Azure SQL Server Instances from target endpoints and populates the necessary instance connection information which is used throughout the solution set -- [1-AzureSQL_PermissionScan Job](/docs/accessanalyzer/11.6/solutions/databases/azuresql/collection/azuresql_permissionscan-1.md) +- [1-AzureSQL_PermissionScan Job](/docs/accessanalyzer/11.6/solutions/databases/sql/collection-azuresql/1-azuresql_permissionscan.md) — Collects Azure SQL database level permissions from all targeted Azure SQL database servers -- [2-AzureSQL_SensitiveDataScan Job](/docs/accessanalyzer/11.6/solutions/databases/sql/collection/2-azuresql_sensitivedatascan.md) +- [2-AzureSQL_SensitiveDataScan Job](/docs/accessanalyzer/11.6/solutions/databases/sql/collection-azuresql/2-azuresql_sensitivedatascan.md) — Discovers sensitive data in Azure SQL databases across all targeted Azure SQL database servers based on pre-defined or user-defined search criteria -- [3-AzureSQL_ActivityScan Job](/docs/accessanalyzer/11.6/solutions/databases/sql/collection/3-azuresql_activityscan.md) +- [3-AzureSQL_ActivityScan Job](/docs/accessanalyzer/11.6/solutions/databases/sql/collection-azuresql/3-azuresql_activityscan.md) — Captures user activity from all targeted Azure SQL instances and databases -- [4-AzureSQL_ServerSettings Job](/docs/accessanalyzer/11.6/solutions/databases/sql/collection/4-azuresql_serversettings.md) +- [4-AzureSQL_ServerSettings Job](/docs/accessanalyzer/11.6/solutions/databases/sql/collection-azuresql/4-azuresql_serversettings.md) — Collects Azure SQL instances and database configuration settings to evaluate them against recommended best practices -Workflow +**Workflow** 1. Prerequisite: 1. Successful execution of the .Active Directory Inventory Job Group @@ -37,5 +37,8 @@ Workflow 2. (Optional) Configure the queries for the jobs in the 0.Collection Job Group 3. Schedule the 0.Collection Job Group to run daily or as desired - **NOTE:** Running the 0.Collection Job Group is a prerequisite for the other job groups in the + :::note + Running the 0.Collection Job Group is a prerequisite for the other job groups in the Azure SQL solution + + ::: diff --git a/docs/accessanalyzer/11.6/solutions/databases/sql/collection/0-sql_instancediscovery.md b/docs/accessanalyzer/11.6/solutions/databases/sql/collection/0-sql_instancediscovery.md index d071e1be0a..7ed636747e 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/sql/collection/0-sql_instancediscovery.md +++ b/docs/accessanalyzer/11.6/solutions/databases/sql/collection/0-sql_instancediscovery.md @@ -23,8 +23,11 @@ The 0-SQL_InstanceDiscovery job uses the SQL Data Collector for the following qu Navigate to the **Databases** > **0.Collection** > **SQL** > **0-SQL_InstanceDiscovery** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/sql/collection/instancedisc_analysis.webp) diff --git a/docs/accessanalyzer/11.6/solutions/databases/sql/collection/1-sql_permissionsscan.md b/docs/accessanalyzer/11.6/solutions/databases/sql/collection/1-sql_permissionsscan.md index b76f9ce444..4d1378f252 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/sql/collection/1-sql_permissionsscan.md +++ b/docs/accessanalyzer/11.6/solutions/databases/sql/collection/1-sql_permissionsscan.md @@ -33,8 +33,11 @@ Properties. The Query Properties window appears. **Step 3 –** Select the Data Source tab and click Configure. The SQL Data Collector Wizard opens. -**CAUTION:** Do not make changes to other wizard pages as they have been pre-configured for this +:::warning +Do not make changes to other wizard pages as they have been pre-configured for this job. +::: + ![Filters](/img/product_docs/accessanalyzer/11.6/solutions/databases/azuresql/collection/1sqlpermissionscanfilterpage.webp) @@ -58,8 +61,11 @@ The 1-SQL_PermissionsScan Job is now ready to run with the customized settings. Navigate to the **Databases** > 0.Collection > SQL > 1-SQL_PermissionsScan > Configure node and select Analysis to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task(s). The analysis task(s) are +:::warning +Do not modify or deselect the selected analysis task(s). The analysis task(s) are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/sql/collection/sqljobgroup8.webp) diff --git a/docs/accessanalyzer/11.6/solutions/databases/sql/collection/2-sql_sensitivedatascan.md b/docs/accessanalyzer/11.6/solutions/databases/sql/collection/2-sql_sensitivedatascan.md index d91c035a5b..0474fd09b8 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/sql/collection/2-sql_sensitivedatascan.md +++ b/docs/accessanalyzer/11.6/solutions/databases/sql/collection/2-sql_sensitivedatascan.md @@ -9,7 +9,7 @@ sidebar_position: 30 The 2-SQL_SensitiveDataScan Job discovers sensitive data in the database SQL server instances and databases based on a pre-defined or user defined search criteria. -Special Dependency +**Special Dependency** - Sensitive Data Discovery Add-On installed on the Enterprise Auditor Console server - See the @@ -46,8 +46,11 @@ Properties. The Query Properties window appears. **Step 3 –** Select the Data Source tab, and click Configure. The SQL Data Collector Wizard opens. -**CAUTION:** Do not make changes to other wizard pages as they have been pre-configured for this +:::warning +Do not make changes to other wizard pages as they have been pre-configured for this job. +::: + ![2sqlsensitivedatascanoptionspage](/img/product_docs/accessanalyzer/11.6/solutions/databases/sql/collection/2sqlsensitivedatascanoptionspage.webp) @@ -55,9 +58,12 @@ job. [SQL: Options](/docs/accessanalyzer/11.6/admin/datacollector/sql/options.md) page for additional information. -**NOTE:** The Sensitive Data Scan Settings are pre-configured for optimal performance for a +:::note +The Sensitive Data Scan Settings are pre-configured for optimal performance for a high-level table scan. Configuring these settings to increase the scope of the sensitive data scan may significantly increase scan time. +::: + ![Criteria Page](/img/product_docs/accessanalyzer/11.6/solutions/databases/sql/collection/2sqlsensitivedatascanquerycriteriapage.webp) @@ -97,8 +103,11 @@ The 2-SQL_SensitsveDataScan Job is now ready to run with the customized settings Navigate to the **Databases** > 0.Collection > SQL > 2-SQL_SensitiveDataScan > Configure node and select Analysis to view the analysis task. -**CAUTION:** Do not modify or deselect the selected analysis task(s). The analysis task(s) are +:::warning +Do not modify or deselect the selected analysis task(s). The analysis task(s) are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/sql/collection/sqljobgroup13.webp) diff --git a/docs/accessanalyzer/11.6/solutions/databases/sql/collection/3-sql_activityscan.md b/docs/accessanalyzer/11.6/solutions/databases/sql/collection/3-sql_activityscan.md index 178704dc18..6853218dda 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/sql/collection/3-sql_activityscan.md +++ b/docs/accessanalyzer/11.6/solutions/databases/sql/collection/3-sql_activityscan.md @@ -8,7 +8,7 @@ sidebar_position: 40 The 3-SQL_ActivityScan Job captures user activity from targeted SQL server instances and databases. -Special Dependency +**Special Dependency** - SQL Server Audit Specifications to be configured on the target databases - Audit destination must be a binary file @@ -40,8 +40,11 @@ appears. **Step 3 –** Select the Data Source tab, and click Configure. The SQL Data Collector Wizard opens. -**CAUTION:** Do not make changes to other wizard pages as they have been pre-configured for the +:::warning +Do not make changes to other wizard pages as they have been pre-configured for the purpose of this job. +::: + ![Options Page](/img/product_docs/accessanalyzer/11.6/solutions/databases/sql/collection/3sqlactivityscanoptionspage.webp) @@ -79,8 +82,11 @@ The 3-SQL_ActivityScan Job is now ready to run with the customized settings. Navigate to the **Databases** > 0.Collection > SQL > 3-SQL_ActivityScan > Configure node and select Analysis to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task(s). The analysis task(s) are +:::warning +Do not modify or deselect the selected analysis task(s). The analysis task(s) are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/sql/collection/sqljobgroup17.webp) diff --git a/docs/accessanalyzer/11.6/solutions/databases/sql/collection/4-sql_serverlogons.md b/docs/accessanalyzer/11.6/solutions/databases/sql/collection/4-sql_serverlogons.md index 2ef1078b1a..b6ce4946d0 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/sql/collection/4-sql_serverlogons.md +++ b/docs/accessanalyzer/11.6/solutions/databases/sql/collection/4-sql_serverlogons.md @@ -14,7 +14,10 @@ logons. The AppnLogSQL Query uses the SMARTLog Data Collector and has been preconfigured to process the Windows Event Log Type. -**CAUTION:** Do not modify the query. The query is preconfigured for this job. +:::warning +Do not modify the query. The query is preconfigured for this job. +::: + ![sqljobgroup18](/img/product_docs/accessanalyzer/11.6/solutions/databases/sql/collection/sqljobgroup18.webp) diff --git a/docs/accessanalyzer/11.6/solutions/databases/sql/collection/5-sql_serversettings.md b/docs/accessanalyzer/11.6/solutions/databases/sql/collection/5-sql_serversettings.md index b641c00706..e6f3e8b05b 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/sql/collection/5-sql_serversettings.md +++ b/docs/accessanalyzer/11.6/solutions/databases/sql/collection/5-sql_serversettings.md @@ -46,8 +46,11 @@ Properties. The Query Properties window will appear. **Step 3 –** Select the Data Source tab, and click Configure. The SQL Data Collector Wizard will open. -**CAUTION:** Do not make changes to other wizard pages as they have been pre-configured for the +:::warning +Do not make changes to other wizard pages as they have been pre-configured for the purpose of this job. +::: + ![Instance Filters](/img/product_docs/accessanalyzer/11.6/solutions/databases/sql/collection/5sqlserversettingsfilterpage.webp) @@ -82,8 +85,11 @@ Query Properties window will appear. **Step 3 –** Select the Data Source tab, and click Configure. The SQL Data Collector Wizard will open. -**CAUTION:** Do not make changes to other wizard pages as they have been pre-configured for the +:::warning +Do not make changes to other wizard pages as they have been pre-configured for the purpose of this job. +::: + ![Filter Page](/img/product_docs/accessanalyzer/11.6/solutions/databases/sql/collection/5sqlserversettingsfilterpage.webp) diff --git a/docs/accessanalyzer/11.6/solutions/databases/sql/configuration/sql_authentication.md b/docs/accessanalyzer/11.6/solutions/databases/sql/configuration/sql_authentication.md index 7af638eb62..00e02e736c 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/sql/configuration/sql_authentication.md +++ b/docs/accessanalyzer/11.6/solutions/databases/sql/configuration/sql_authentication.md @@ -16,8 +16,11 @@ versus SQL server authentication. Navigate to the **Databases** > SQL > 4.Configuration > SQL_Authentication > Configure node and select Analysis to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task(s). The analysis task(s) are +:::warning +Do not modify or deselect the selected analysis task(s). The analysis task(s) are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/sql/configuration/sqljobgroup43.webp) @@ -31,6 +34,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis task, the SQL_Authentication Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| SQL  Authentication | This report identifies authentication settings on the targeted servers, and highlights those with SQL Authentication enabled. Additionally, the number of SQL logins on a given instance, and whether or not the 'sa' login exists, are indicated. Best practices recommend that SQL instances be integrated login only, and that the 'sa' principal be renamed or removed. | None | This report is comprised of two elements: - Pie Chart – Displays instances with integrated security only - Table – Displays integrated security details by instance | +| Report | Description | Default Tags | Report Elements | +| ------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| SQL  Authentication | This report identifies authentication settings on the targeted servers, and highlights those with SQL Authentication enabled. Additionally, the number of SQL logins on a given instance, and whether or not the 'sa' login exists, are indicated. Best practices recommend that SQL instances be integrated login only, and that the 'sa' principal be renamed or removed. | None | This report is comprised of two elements:
  • Pie Chart – Displays instances with integrated security only
  • Table – Displays integrated security details by instance
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/sql/configuration/sql_bestpractices.md b/docs/accessanalyzer/11.6/solutions/databases/sql/configuration/sql_bestpractices.md index bcd2e6b386..7f7afcfa97 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/sql/configuration/sql_bestpractices.md +++ b/docs/accessanalyzer/11.6/solutions/databases/sql/configuration/sql_bestpractices.md @@ -15,8 +15,11 @@ maintaining, and securing SQL and Azure SQL servers. Navigate to the **Databases** > SQL > 4.Configuration > SQL_BestPractices > Configure node and select Analysis to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task(s). The analysis task(s) are +:::warning +Do not modify or deselect the selected analysis task(s). The analysis task(s) are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/sql/configuration/sqljobgroup44.webp) @@ -30,6 +33,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the SQL_BestPractices Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ------------------------- | --------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| SQL Server Best Practices | Evaluates settings on SQL and Azure SQL Instances and Databases for SQL Best Practices. | None | This report is comprised of three elements: - Pie Chart – Displays best practice adherence - Table– Displays configuration settings - Table – Displays instance summary | +| Report | Description | Default Tags | Report Elements | +| ------------------------- | --------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| SQL Server Best Practices | Evaluates settings on SQL and Azure SQL Instances and Databases for SQL Best Practices. | None | This report is comprised of three elements:
  • Pie Chart – Displays best practice adherence
  • Table– Displays configuration settings
  • Table – Displays instance summary
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/sql/configuration/sql_cmdshell.md b/docs/accessanalyzer/11.6/solutions/databases/sql/configuration/sql_cmdshell.md index 6eed9c44f3..6b52c2884c 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/sql/configuration/sql_cmdshell.md +++ b/docs/accessanalyzer/11.6/solutions/databases/sql/configuration/sql_cmdshell.md @@ -16,8 +16,11 @@ the Azure SQL server, it can be used to launch malicious attacks. Microsoft reco Navigate to the **Databases** > SQL > 4.Configuration > SQL_CMDShell > Configure node and select Analysis to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task(s). The analysis task(s) are +:::warning +Do not modify or deselect the selected analysis task(s). The analysis task(s) are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/sql/configuration/sqljobgroup45.webp) @@ -28,6 +31,7 @@ The default analysis task is: In addition to the tables and views created by the analysis task, the SQL_CMDShell Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| -------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------- | -| xp_cmdshell Settings | Because malicious users sometimes attempt to elevate their privileges by using xp_cmdshell, xp_cmdshell is disabled by default. Use sp_configure or Policy Based Management to disable it on any instances which have it enabled. | None | This report is comprised of two elements: - Pie Chart – Displays instance summary - Table– Displays configuration details | +| Report | Description | Default Tags | Report Elements | +| -------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------- | +| xp_cmdshell Settings | Because malicious users sometimes attempt to elevate their privileges by using xp_cmdshell, xp_cmdshell is disabled by default. Use sp_configure or Policy Based Management to disable it on any instances which have it enabled. | None | This report is comprised of two elements:
  • Pie Chart – Displays instance summary
  • Table– Displays configuration details
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/sql/configuration/sql_databasesizing.md b/docs/accessanalyzer/11.6/solutions/databases/sql/configuration/sql_databasesizing.md index c6a2be2234..4201f34500 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/sql/configuration/sql_databasesizing.md +++ b/docs/accessanalyzer/11.6/solutions/databases/sql/configuration/sql_databasesizing.md @@ -13,8 +13,11 @@ The SQL_DatabaseSizing Job provides details on database file sizes and overall d Navigate to the **Databases** > Jobs > SQL > 4.Configuration > SQL_DatabaseSizing Job >Configure node and select Analysis to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/sql/configuration/analysistask.webp) @@ -26,6 +29,7 @@ The default analysis tasks are: In addition to the tables created by the analysis tasks, the **SQL_DatabaseSizing Job** produces the following preconfigured report: -| Report | Description | Default Tags | Report Elements | -| --------------- | ---------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Database Sizing | This report provides details on database files and sizing. | None | This report is comprised of three elements: - Bar Chart – Provides information on the top five databases by size (MB) - Bar Chart – Provides information on database sizes by host (GB) - Table – Provides details on database sizing | +| Report | Description | Default Tags | Report Elements | +| --------------- | ---------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Database Sizing | This report provides details on database files and sizing. | None | This report is comprised of three elements:
  • Bar Chart – Provides information on the top five databases by size (MB)
  • Bar Chart – Provides information on database sizes by host (GB)
  • Table – Provides details on database sizing
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/sql/configuration/sql_linkedservers.md b/docs/accessanalyzer/11.6/solutions/databases/sql/configuration/sql_linkedservers.md index 92f7215a65..348d249fc8 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/sql/configuration/sql_linkedservers.md +++ b/docs/accessanalyzer/11.6/solutions/databases/sql/configuration/sql_linkedservers.md @@ -16,8 +16,11 @@ handle distributed queries in SQL and Azure SQL server . Navigate to the **Databases** > Jobs > SQL > 4.Configuration > SQL_LinkedServers Job >Configure node and select Analysis to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are pre-configured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/sql/configuration/analysistasks.webp) @@ -29,6 +32,7 @@ The default analysis tasks are: In addition to the tables created by the analysis tasks, the **SQL_DatabaseSizing Job** produces the following preconfigured report: -| Report | Description | Default Tags | Report Elements | -| -------------- | ----------------------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Linked Servers | This report highlights Linked Servers where the listed SQL Server is able to execute remote commands. | None | This report is comprised of three elements: - Bar Chart – Provides information on top five linked servers by instance - Table – Provides details on linked servers by instance - Table – Provides details on linked servers | +| Report | Description | Default Tags | Report Elements | +| -------------- | ----------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Linked Servers | This report highlights Linked Servers where the listed SQL Server is able to execute remote commands. | None | This report is comprised of three elements:
  • Bar Chart – Provides information on top five linked servers by instance
  • Table – Provides details on linked servers by instance
  • Table – Provides details on linked servers
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/sql/overview.md b/docs/accessanalyzer/11.6/solutions/databases/sql/overview.md index 6cbb4cb128..5ff7a850ed 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/sql/overview.md +++ b/docs/accessanalyzer/11.6/solutions/databases/sql/overview.md @@ -11,7 +11,7 @@ run. The SQL Job Group is a comprehensive set of pre-configured audit jobs and r information on users and roles, activity, permissions, configuration, sensitive data, and overall security assessment. -Supported Platforms +**Supported Platforms** - Azure SQL @@ -20,13 +20,13 @@ Supported Platforms - SQL Server 2017 - SQL Server 2016 -Requirements, Permissions, and Ports +**Requirements, Permissions, and Ports** See the -[Target SQL Server Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/databases/databasesql/databasesql.md) +[Target SQL Server Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/databases/sql/sql.md) topic for additional information. -Sensitive Data Discovery Considerations +**Sensitive Data Discovery Considerations** The Sensitive Data Discovery Add-On must be installed on the Enterprise Auditor Console server, which enables Sensitive Data criteria for scans.If running Sensitive Data Discovery (SDD) scans, it @@ -34,13 +34,16 @@ will be necessary to increase the minimum amount of RAM. Each thread requires a additional GB of RAM per host.For example, if the job is configured to scan 8 hosts at a time , then an extra 16 GB of RAM are required (8x2=16). -**NOTE:** The Sensitive Data Discovery Add-on installation package installs the appropriate JDK +:::note +The Sensitive Data Discovery Add-on installation package installs the appropriate JDK (Java) version on the server. The JDK deployed is prepackaged and does not require any configuration; it has been preconfigured to work with Enterprise Auditor and should never be customized through Java. It will not conflict with other JDKs or Java Runtimes in the same environment. +::: -Location + +**Location** The SQL Job Group within the Jobs tree, as part of the Database Solution: Jobs > Database > SQL. @@ -58,7 +61,7 @@ The SQL Job Group includes: This information is used by other jobs in the SQL solution set for further analysis and for producing respective reports. - Databases > 0.Collection > AzureSQL > - [0.Collection > Azure SQL Job Group](/docs/accessanalyzer/11.6/solutions/databases/sql/collection/overview_1.md) + [0.Collection > Azure SQL Job Group](/docs/accessanalyzer/11.6/solutions/databases/sql/collection-azuresql/overview.md) — This job group is designed to collect high level summary information from targeted Azure SQL Instances. This information is used by other jobs in the Azure SQL solution set to provide further analysis and for producing respective reports. diff --git a/docs/accessanalyzer/11.6/solutions/databases/sql/permissions/sql_controlserver.md b/docs/accessanalyzer/11.6/solutions/databases/sql/permissions/sql_controlserver.md index e500469585..87df9e6085 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/sql/permissions/sql_controlserver.md +++ b/docs/accessanalyzer/11.6/solutions/databases/sql/permissions/sql_controlserver.md @@ -14,8 +14,11 @@ server permissions can command full control of a SQL and Azure SQL server instan Navigate to the **Databases** > SQL > 3.Permissions > SQL_ControlServer > Configure node and select Analysis to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task(s). The analysis task(s) are +:::warning +Do not modify or deselect the selected analysis task(s). The analysis task(s) are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/sql/permissions/sqljobgroup37.webp) @@ -31,6 +34,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis task, the SQL_ControlServer Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| -------------------------- | ------------------------------------------------------------------------------------------------------ | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Control Server Permissions | This report highlights control server permissions, and summarizes them by instance and by domain user. | None | This report is comprised of three elements: - Bar Chart – Displays top instances by control server permissions - Table – Provides details on instances by control server permission count - Table – Provides details on control server permissions | +| Report | Description | Default Tags | Report Elements | +| -------------------------- | ------------------------------------------------------------------------------------------------------ | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Control Server Permissions | This report highlights control server permissions, and summarizes them by instance and by domain user. | None | This report is comprised of three elements:
  • Bar Chart – Displays top instances by control server permissions
  • Table – Provides details on instances by control server permission count
  • Table – Provides details on control server permissions
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/sql/permissions/sql_directpermissions.md b/docs/accessanalyzer/11.6/solutions/databases/sql/permissions/sql_directpermissions.md index d0ed2b0a2e..c261abfba0 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/sql/permissions/sql_directpermissions.md +++ b/docs/accessanalyzer/11.6/solutions/databases/sql/permissions/sql_directpermissions.md @@ -14,8 +14,11 @@ database, and server level. Navigate to the **Databases** > SQL > 3.Permissions > SQL_DirectPermissions > Configure node and select Analysis to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task(s). The analysis task(s) are +:::warning +Do not modify or deselect the selected analysis task(s). The analysis task(s) are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/sql/permissions/sqljobgroup38.webp) @@ -31,8 +34,9 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the SQL_DirectPermissions Job produces the following pre-configured reports. -| Report | Description | Default Tags | Report Elements | -| -------------------- | ------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Database Permissions | This report highlights SQL permissions granted at the database level. | None | This report is comprised of three elements: - Bar Chart – Displays database permission summary - Table – Provides details on database permission summary - Table – Provides details on database permission details | -| Schema Permissions | This report lists all SQL permissions granted at the schema level. | None | This report is comprised of three elements: - Bar Chart – Displays top schema by permission count - Table – Provides details on permission summary - Table – Provides details on schema permission details | -| Server Permissions | This report highlights SQL permissions being granted at the server level. | None | This report is comprised of three elements: - Bar Chart – Displays server permission summary - Table – Provides details on server permission summary - Table – Provides details on server permission details | +| Report | Description | Default Tags | Report Elements | +| -------------------- | ------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Database Permissions | This report highlights SQL permissions granted at the database level. | None | This report is comprised of three elements:
  • Bar Chart – Displays database permission summary
  • Table – Provides details on database permission summary
  • Table – Provides details on database permission details
| +| Schema Permissions | This report lists all SQL permissions granted at the schema level. | None | This report is comprised of three elements:
  • Bar Chart – Displays top schema by permission count
  • Table – Provides details on permission summary
  • Table – Provides details on schema permission details
| +| Server Permissions | This report highlights SQL permissions being granted at the server level. | None | This report is comprised of three elements:
  • Bar Chart – Displays server permission summary
  • Table – Provides details on server permission summary
  • Table – Provides details on server permission details
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/sql/permissions/sql_domainuserpermissions.md b/docs/accessanalyzer/11.6/solutions/databases/sql/permissions/sql_domainuserpermissions.md index 4107b665dc..fce0751110 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/sql/permissions/sql_domainuserpermissions.md +++ b/docs/accessanalyzer/11.6/solutions/databases/sql/permissions/sql_domainuserpermissions.md @@ -14,8 +14,11 @@ access to SQL and Azure SQL server objects at both the instance and database lev Navigate to the **Databases** > SQL > 3.Permissions > SQL_DomainUserPermissions > Configure node and select Analysis to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task(s). The analysis task(s) are +:::warning +Do not modify or deselect the selected analysis task(s). The analysis task(s) are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/sql/permissions/sqljobgroup39.webp) @@ -29,6 +32,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the SQL_DomainUserPermissions Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ---------------------- | --------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Domain User SQL Access | This report looks at SQL server permissions granted to domain users across the audited environment. | None | This report is comprised of three elements: - Bar Chart – Displays top users by instance count - Table – Provides details on access sprawl - Table – Provides details on permission details | +| Report | Description | Default Tags | Report Elements | +| ---------------------- | --------------------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Domain User SQL Access | This report looks at SQL server permissions granted to domain users across the audited environment. | None | This report is comprised of three elements:
  • Bar Chart – Displays top users by instance count
  • Table – Provides details on access sprawl
  • Table – Provides details on permission details
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/sql/permissions/sql_publicpermissions.md b/docs/accessanalyzer/11.6/solutions/databases/sql/permissions/sql_publicpermissions.md index 763450407c..98d8f50512 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/sql/permissions/sql_publicpermissions.md +++ b/docs/accessanalyzer/11.6/solutions/databases/sql/permissions/sql_publicpermissions.md @@ -14,8 +14,11 @@ assigned. In addition, it also provides the list of permissions assigned to the Navigate to the **Databases** > SQL > 5.Permissions > SQL_PublicPermissions > Configure node and select Analysis to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task(s). The analysis task(s) are +:::warning +Do not modify or deselect the selected analysis task(s). The analysis task(s) are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/sql/permissions/sqljobgroup40.webp) @@ -33,6 +36,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis task, the SQL_PublicPermissions Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ------------------ | -------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Public Permissions | This report determines highlights objects with public permissions applied. | None | This report is comprised of three elements: - Bar Chart – Displays top databases by public permission count - Table – Provides details on databases by public permission count - Table – Provides details on public permission details | +| Report | Description | Default Tags | Report Elements | +| ------------------ | -------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Public Permissions | This report determines highlights objects with public permissions applied. | None | This report is comprised of three elements:
  • Bar Chart – Displays top databases by public permission count
  • Table – Provides details on databases by public permission count
  • Table – Provides details on public permission details
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/sql/permissions/sql_serverpermissions.md b/docs/accessanalyzer/11.6/solutions/databases/sql/permissions/sql_serverpermissions.md index 7d1ccbe9ce..4426d509cd 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/sql/permissions/sql_serverpermissions.md +++ b/docs/accessanalyzer/11.6/solutions/databases/sql/permissions/sql_serverpermissions.md @@ -14,8 +14,11 @@ effective server level permissions across all audited SQL and Azure SQL server i Navigate to the **Databases** > SQL > 3.Permissions > SQL_ServerPermissions > Configure node and select Analysis to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task(s). The analysis task(s) are +:::warning +Do not modify or deselect the selected analysis task(s). The analysis task(s) are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/sql/permissions/sqljobgroup41.webp) @@ -29,6 +32,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis task, the SQL_ServerPermissions Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ------------------ | -------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Server Permissions | This report highlights server permissions and summarizes them by instance. | None | This report is comprised of three elements: - Bar Chart – Displays top instances by server permissions - Table – Provides details on instances by server permission count - Table – Provides details on server permissions | +| Report | Description | Default Tags | Report Elements | +| ------------------ | -------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Server Permissions | This report highlights server permissions and summarizes them by instance. | None | This report is comprised of three elements:
  • Bar Chart – Displays top instances by server permissions
  • Table – Provides details on instances by server permission count
  • Table – Provides details on server permissions
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/sql/recommended.md b/docs/accessanalyzer/11.6/solutions/databases/sql/recommended.md index 9b04ebad1e..4e894a7d4d 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/sql/recommended.md +++ b/docs/accessanalyzer/11.6/solutions/databases/sql/recommended.md @@ -9,7 +9,10 @@ sidebar_position: 10 The following sections describe the recommended configurations for the SQL Solution 0.Collection Job Group and the Azure SQL 0.Collection Job Group. -**NOTE:** The SQL Solution Jobs report on both the SQL and Azure SQL Collection Jobs. +:::note +The SQL Solution Jobs report on both the SQL and Azure SQL Collection Jobs. +::: + ## SQL Solution 0.Collection Job Group @@ -18,7 +21,7 @@ best practice to assign the host list and the Connection Profile at the data col 0.Collection Job Group. Once these are assigned to the job group, it can be run directly or scheduled. -Dependencies +**Dependencies** - .Active Directory Inventory Job Group run successfully - For Activity Auditing – SQL Server Audit Specifications to be configured on the target databases @@ -43,17 +46,20 @@ the queries. Therefore, the [0-SQL_InstanceDiscovery Job](/docs/accessanalyzer/11.6/solutions/databases/sql/collection/0-sql_instancediscovery.md) must be manually executed before attempting to scope the 0.Collection Job Group queries. -Targeted Host(s) +**Targeted Host(s)** The 0.Collection Job Group has been set to run against the following default dynamic host list: - All Microsoft SQL Server Hosts - **NOTE:** Default dynamic host lists are populated from hosts in the Host Master Table which + :::note + Default dynamic host lists are populated from hosts in the Host Master Table which meet the host inventory criteria for the list. Ensure the appropriate host list(s) have been populated through host inventory results. + ::: + -Connection Profile +**Connection Profile** The SQL Data Collector requires a specific set of permissions. See the Permissions section for necessary permissions. The account used can be either an Active Directory account or a SQL account. @@ -72,21 +78,24 @@ See the [Connection](/docs/accessanalyzer/11.6/admin/settings/connection/overview.md) topic for additional information. -Schedule Frequency +**Schedule Frequency** One of the most important decisions to make is how frequently to collect this data. The SQL Job Group can be scheduled to run as desired depending on the types of auditing being conducted and the scope of the target environment. The general recommendation is to schedule the solution to run daily. -Run Order +**Run Order** The 0.Collection Jobs must be run first and in order. The other SQL Solution sub-job groups can be run in any order, together or individually, after running the 0.Collection Job Group. -**_RECOMMENDED:_** Run the solution at the top level. +:::info +Run the solution at the top level. +::: + -Workflow +**Workflow** Prerequisites: @@ -103,8 +112,11 @@ Prerequisites: 1. (Optional) Configure the queries for the jobs in the 0.Collection Job Group 2. Schedule the 0.Collection Job Group to run daily or as desired - **NOTE:** Running the 0.Collection Job Group is a prerequisite for the other job groups in the + :::note + Running the 0.Collection Job Group is a prerequisite for the other job groups in the SQL solution + ::: + 3. Review the reports generated by the 0.Collection Job Group’s jobs @@ -115,7 +127,7 @@ However, it is best practice to assign the host list and the Connection Profile collection level, the 0.Collection Job Group. Once these are assigned to the job group, it can be run directly or scheduled. -Dependencies +**Dependencies** - Full registration within Microsoft's Azure portal: @@ -127,20 +139,23 @@ Dependencies - Creation of an Azure Tenancy host list (ex. COMPANY.onmicrosoft.com) and Azure Active Directory user credential(s) - **_RECOMMENDED:_** To avoid functional issues with Enterprise Auditor, create multiple + :::info + To avoid functional issues with Enterprise Auditor, create multiple connection profiles to accommodate multiple credentials. + ::: + - Define and validate connection information in the Connection screen -- [0-AzureSQL_InstanceDiscovery Job](/docs/accessanalyzer/11.6/solutions/databases/sql/collection/0-azuresql_instancediscovery.md) +- [0-AzureSQL_InstanceDiscovery Job](/docs/accessanalyzer/11.6/solutions/databases/sql/collection-azuresql/0-azuresql_instancediscovery.md) run successfully -Targeted Host(s) +**Targeted Host(s)** The 0.Collection Job Group has been set to run against the following default dynamic host list: - All targeted Azure SQL Tenants -Connection Profile +**Connection Profile** The SQL Data Collector requires a specific set of permissions. See the Permissions section for necessary permissions. The account used can be either an Active Directory account with database @@ -159,16 +174,19 @@ See the [Connection](/docs/accessanalyzer/11.6/admin/settings/connection/overview.md) topic for additional information. -Schedule Frequency +**Schedule Frequency** One of the most important decisions to make is how frequently to collect this data. The Azure SQL Job Group can be scheduled to run as desired depending on the types of auditing being conducted and the scope of the target environment. The general recommendation is to schedule the solution to run daily. -Run Order +**Run Order** The 0.Collection Jobs must be run first and in order. The other Azure SQL Solution sub-job groups can be run in any order, together or individually, after running the 0.Collection Job Group. -**_RECOMMENDED:_** Run the solution at the top level. +:::info +Run the solution at the top level. + +::: diff --git a/docs/accessanalyzer/11.6/solutions/databases/sql/sensitivedata/overview.md b/docs/accessanalyzer/11.6/solutions/databases/sql/sensitivedata/overview.md index 492918dce4..02232c7ca4 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/sql/sensitivedata/overview.md +++ b/docs/accessanalyzer/11.6/solutions/databases/sql/sensitivedata/overview.md @@ -9,7 +9,7 @@ sidebar_position: 80 The 5.Sensitive Data Job Group provides information on where sensitive data exists, and who has access to that sensitive data, across all targeted SQL and Azure SQL server databases. -Special Dependency for Data Collection +**Special Dependency for Data Collection** - Sensitive Data Discovery Add-On installed on the Enterprise Auditor Console server diff --git a/docs/accessanalyzer/11.6/solutions/databases/sql/sensitivedata/sql_sensitivedata.md b/docs/accessanalyzer/11.6/solutions/databases/sql/sensitivedata/sql_sensitivedata.md index fde3ffbe2d..103940ce0e 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/sql/sensitivedata/sql_sensitivedata.md +++ b/docs/accessanalyzer/11.6/solutions/databases/sql/sensitivedata/sql_sensitivedata.md @@ -14,8 +14,11 @@ discovered in the targeted SQL or Azure SQL servers based on the selected scan c Navigate to the **Databases** > SQL > 5.Sensitve Data > SQL_SensitiveData > Configure node and select Analysis to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task(s). The analysis task(s) are +:::warning +Do not modify or deselect the selected analysis task(s). The analysis task(s) are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/sql/sensitivedata/sqljobgroup47.webp) @@ -31,7 +34,8 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the SQL_SensitiveData Job produces the following pre-configured reports. -| Report | Description | Default Tags | Report Elements | -| ----------------------- | ---------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Enterprise Summary | This report shows a summary of the criteria matches found in the Enterprise. | None | This report is comprised of two elements: - Pie Chart – Displays exceptions by match count - Table – Provides details on exception details | -| Sensitive Data Overview | This report highlights objects which contain sensitive data criteria. | None | This report is comprised of three elements: - Bar Chart – Displays top databases by sensitive data hits - Table – Provides details on databases with sensitive data - Table – Provides details on sensitive data details | +| Report | Description | Default Tags | Report Elements | +| ----------------------- | ---------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Enterprise Summary | This report shows a summary of the criteria matches found in the Enterprise. | None | This report is comprised of two elements:
  • Pie Chart – Displays exceptions by match count
  • Table – Provides details on exception details
| +| Sensitive Data Overview | This report highlights objects which contain sensitive data criteria. | None | This report is comprised of three elements:
  • Bar Chart – Displays top databases by sensitive data hits
  • Table – Provides details on databases with sensitive data
  • Table – Provides details on sensitive data details
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/sql/sensitivedata/sql_sensitivedatapermissions.md b/docs/accessanalyzer/11.6/solutions/databases/sql/sensitivedata/sql_sensitivedatapermissions.md index 63550abab1..2d1eb19040 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/sql/sensitivedata/sql_sensitivedatapermissions.md +++ b/docs/accessanalyzer/11.6/solutions/databases/sql/sensitivedata/sql_sensitivedatapermissions.md @@ -14,8 +14,11 @@ objects containing sensitive data across all the targeted SQL or Azure SQL serve Navigate to the **Databases** > SQL > 5.Sensitve Data > SQL_SensitiveDataPermissions > Configure node and select Analysis to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task(s). The analysis task(s) are +:::warning +Do not modify or deselect the selected analysis task(s). The analysis task(s) are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/sql/sensitivedata/sqljobgroup48.webp) @@ -29,6 +32,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the SQL_SensitiveDataPermissions Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| -------------------------- | ----------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Sensitive Data Permissions | This report highlights sensitive data permissions in the audited environment. | None | This report is comprised of three elements: - Bar Chart – Displays top databases by permission count - Table – Provides details on database permission summary - Table – Provides details on sensitive data permission details | +| Report | Description | Default Tags | Report Elements | +| -------------------------- | ----------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Sensitive Data Permissions | This report highlights sensitive data permissions in the audited environment. | None | This report is comprised of three elements:
  • Bar Chart – Displays top databases by permission count
  • Table – Provides details on database permission summary
  • Table – Provides details on sensitive data permission details
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/sql/sql_securityassessment.md b/docs/accessanalyzer/11.6/solutions/databases/sql/sql_securityassessment.md index 7b9749ac66..0c9f75315b 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/sql/sql_securityassessment.md +++ b/docs/accessanalyzer/11.6/solutions/databases/sql/sql_securityassessment.md @@ -11,7 +11,7 @@ and NO FINDINGS categories based on severity. ![SQL_SecurityAssessment](/img/product_docs/accessanalyzer/11.6/solutions/databases/sql/sqljobgroup49.webp) -Special Dependencies +**Special Dependencies** One or more of the following jobs or job groups must be run to produce results: @@ -40,6 +40,7 @@ The default analysis task is: In addition to the tables and views created by the analysis task, the SQL_SecurityAssessment Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ----------------------- | -------------------------------------------------------------------------- | ------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| SQL Security Assessment | This report summarizes security related results from the SQL solution set. | Security Assessment | This report is comprised of four elements: - Table – Provides details on the scope of the audit of the SQL Solution set - Pie Chart – Displays job findings by severity - Table – Displays findings by category and provides details on the SQL_SecurityAssessment job results | +| Report | Description | Default Tags | Report Elements | +| ----------------------- | -------------------------------------------------------------------------- | ------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| SQL Security Assessment | This report summarizes security related results from the SQL solution set. | Security Assessment | This report is comprised of four elements:
  • Table – Provides details on the scope of the audit of the SQL Solution set
  • Pie Chart – Displays job findings by severity
  • Table – Displays findings by category and provides details on the SQL_SecurityAssessment job results
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/sql/usersroles/sql_databaseprinciples.md b/docs/accessanalyzer/11.6/solutions/databases/sql/usersroles/sql_databaseprinciples.md index c8464eb622..8e2df9116e 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/sql/usersroles/sql_databaseprinciples.md +++ b/docs/accessanalyzer/11.6/solutions/databases/sql/usersroles/sql_databaseprinciples.md @@ -14,8 +14,11 @@ targeted SQL or Azure SQL server instances. Navigate to the **Databases** > SQL > 3.Users and Roles > SQL_DatabasePrinciples > Configure node and select Analysis to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task(s). The analysis task(s) are +:::warning +Do not modify or deselect the selected analysis task(s). The analysis task(s) are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/sql/usersroles/sqljobgroup23.webp) @@ -29,6 +32,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the SQL_DataPrinciples Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ------------------- | ----------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Database Principles | This report determines all database principals on a per-instance basis. | None | This report is comprised of three elements: - Bar Chart – Displays top instances by domain principal count - Table – Provides details on principal count by instance - Table – Provides details on principal details | +| Report | Description | Default Tags | Report Elements | +| ------------------- | ----------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Database Principles | This report determines all database principals on a per-instance basis. | None | This report is comprised of three elements:
  • Bar Chart – Displays top instances by domain principal count
  • Table – Provides details on principal count by instance
  • Table – Provides details on principal details
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/sql/usersroles/sql_passwordissues.md b/docs/accessanalyzer/11.6/solutions/databases/sql/usersroles/sql_passwordissues.md index e64821ccdd..eb6c647bd6 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/sql/usersroles/sql_passwordissues.md +++ b/docs/accessanalyzer/11.6/solutions/databases/sql/usersroles/sql_passwordissues.md @@ -14,7 +14,10 @@ weak passwords. The Collect Weak Passwords Job uses the PowerShell Data Collector for the following query: -**CAUTION:** Do not modify the query. The query is preconfigured for this job. +:::warning +Do not modify the query. The query is preconfigured for this job. +::: + ![Query Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/sql/usersroles/sqljobgroup24.webp) @@ -29,8 +32,11 @@ The Collect Weak Passwords Job uses the PowerShell Data Collector for the follow Navigate to the Jobs > **Databases** > SQL > 3.Users and Roles > SQL_PasswordIssues > Configure node and select Analysis to view the analysis tasks. -**CAUTION:** Most of these analysis tasks are preconfigured and should not be modified and or +:::warning +Most of these analysis tasks are preconfigured and should not be modified and or deselected unless otherwise specified. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/sql/usersroles/sqlpasswordissuesanalysistasks.webp) @@ -57,7 +63,8 @@ The following analysis task is deselected by default: In addition to the tables and views created by the analysis tasks, the SQL_PasswordIssues Job produces the following pre-configured reports. -| Report | Description | Default Tags | Report Elements | -| ---------------- | ----------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Reused Passwords | This report highlights instances where a password hash is being reused. | None | This report is comprised of one element: - Table – Provides details on reused password details | -| Weak Passwords | This report highlights SQL logins that have a weak password. | None | This report is comprised of three elements: - Bar Chart – Displays weak passwords by instance - Table – Provides details on weak passwords by instance data - Table – Provides details on logins with weak passwords | +| Report | Description | Default Tags | Report Elements | +| ---------------- | ----------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Reused Passwords | This report highlights instances where a password hash is being reused. | None | This report is comprised of one element:
  • Table – Provides details on reused password details
| +| Weak Passwords | This report highlights SQL logins that have a weak password. | None | This report is comprised of three elements:
  • Bar Chart – Displays weak passwords by instance
  • Table – Provides details on weak passwords by instance data
  • Table – Provides details on logins with weak passwords
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/sql/usersroles/sql_rolemembers.md b/docs/accessanalyzer/11.6/solutions/databases/sql/usersroles/sql_rolemembers.md index c747c0825a..ecb6da5a9c 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/sql/usersroles/sql_rolemembers.md +++ b/docs/accessanalyzer/11.6/solutions/databases/sql/usersroles/sql_rolemembers.md @@ -14,8 +14,11 @@ group, both at the instance and database level, across all targeted SQL servers. Navigate to the **Databases** > SQL > 3.Users and Roles > SQL_RoleMembers > Configure node and select Analysis to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task(s). The analysis task(s) are +:::warning +Do not modify or deselect the selected analysis task(s). The analysis task(s) are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/sql/usersroles/sqljobgroup26.webp) @@ -35,6 +38,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the SQL_RoleMembers Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| --------------- | ------------------------------------------------------------------------------------------ | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Role Membership | This report shows details on the roles and role membership in the audited SQL environment. | None | This report is comprised of three elements: - Stacked Bar Chart – Displays top instances by server and database role membership - Table – Provides details on instances by server and database role membership - Table – Provides details on role membership details | +| Report | Description | Default Tags | Report Elements | +| --------------- | ------------------------------------------------------------------------------------------ | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Role Membership | This report shows details on the roles and role membership in the audited SQL environment. | None | This report is comprised of three elements:
  • Stacked Bar Chart – Displays top instances by server and database role membership
  • Table – Provides details on instances by server and database role membership
  • Table – Provides details on role membership details
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/sql/usersroles/sql_serverprincipals.md b/docs/accessanalyzer/11.6/solutions/databases/sql/usersroles/sql_serverprincipals.md index 8f75a884ff..57b59c8b76 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/sql/usersroles/sql_serverprincipals.md +++ b/docs/accessanalyzer/11.6/solutions/databases/sql/usersroles/sql_serverprincipals.md @@ -14,8 +14,11 @@ targeted SQL or Azure SQL servers. Navigate to the **Databases** > SQL > 3.Users and Roles > SQL_ServerPrincipals > Configure node and select Analysis to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task(s). The analysis task(s) are +:::warning +Do not modify or deselect the selected analysis task(s). The analysis task(s) are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/sql/usersroles/sqljobgroup27.webp) @@ -29,6 +32,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the SQL_ServerPrincipals Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ----------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Server Principals | This report determines all server principals on a per-instance basis. Users are considered stale if they have not authenticated to the domain in 60 days. This threshold can be configured in the 3-AD_Exceptions job in the .Active Directory Inventory job group. | None | This report is comprised of three elements: - Bar Chart – Displays top instances - Table – Provides details on principal count by instance - Table – Provides details on principal details | +| Report | Description | Default Tags | Report Elements | +| ----------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Server Principals | This report determines all server principals on a per-instance basis. Users are considered stale if they have not authenticated to the domain in 60 days. This threshold can be configured in the 3-AD_Exceptions job in the .Active Directory Inventory job group. | None | This report is comprised of three elements:
  • Bar Chart – Displays top instances
  • Table – Provides details on principal count by instance
  • Table – Provides details on principal details
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/sql/usersroles/sql_sqllogins.md b/docs/accessanalyzer/11.6/solutions/databases/sql/usersroles/sql_sqllogins.md index d58f58e4e4..e866dba4cc 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/sql/usersroles/sql_sqllogins.md +++ b/docs/accessanalyzer/11.6/solutions/databases/sql/usersroles/sql_sqllogins.md @@ -14,8 +14,11 @@ targeted SQL or Azure SQL servers. Navigate to the **Databases** > SQL > 3.Users and Roles > SQL_SQLLogins > Configure node and select Analysis to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task(s). The analysis task(s) are +:::warning +Do not modify or deselect the selected analysis task(s). The analysis task(s) are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/sql/usersroles/sqljobgroup28.webp) @@ -29,6 +32,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis task, the SQL_SQLLogins Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ---------- | ----------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| SQL Logins | This report lists user login information. | None | This report is comprised of three elements: - Bar Chart– Displays number of logins by instance - Table – Provides details on login exceptions by instance - Table – Provides details on SQL logins | +| Report | Description | Default Tags | Report Elements | +| ---------- | ----------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| SQL Logins | This report lists user login information. | None | This report is comprised of three elements:
  • Bar Chart– Displays number of logins by instance
  • Table – Provides details on login exceptions by instance
  • Table – Provides details on SQL logins
| + diff --git a/docs/accessanalyzer/11.6/solutions/databases/sql/usersroles/sql_sysadmins.md b/docs/accessanalyzer/11.6/solutions/databases/sql/usersroles/sql_sysadmins.md index 4d911b8b00..29229364be 100644 --- a/docs/accessanalyzer/11.6/solutions/databases/sql/usersroles/sql_sysadmins.md +++ b/docs/accessanalyzer/11.6/solutions/databases/sql/usersroles/sql_sysadmins.md @@ -14,8 +14,11 @@ all targeted SQL or Azure SQL servers. Navigate to the **Databases** > SQL > 3.Users and Roles > SQL_SysAdmins > Configure node and select Analysis to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task(s). The analysis task(s) are +:::warning +Do not modify or deselect the selected analysis task(s). The analysis task(s) are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/databases/sql/usersroles/sqljobgroup29.webp) @@ -31,6 +34,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis task, the **SQL_SysAdmins Job** produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ------------- | --------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Admin Summary | This report highlights all principals with the 'sysadmin' role. | None | This report is comprised of three elements: - Bar Chart – Displays top instances by admin count - Table – Provides top instances by admin count - Table – Provides details on admin details - Table – Provides details on domain user admin details | +| Report | Description | Default Tags | Report Elements | +| ------------- | --------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Admin Summary | This report highlights all principals with the 'sysadmin' role. | None | This report is comprised of three elements:
  • Bar Chart – Displays top instances by admin count
  • Table – Provides top instances by admin count
  • Table – Provides details on admin details
  • Table – Provides details on domain user admin details
| + diff --git a/docs/accessanalyzer/11.6/solutions/dropbox/collection/1-dropbox_permissions_scan.md b/docs/accessanalyzer/11.6/solutions/dropbox/collection/1-dropbox_permissions_scan.md index b179d3f2b3..3c88274685 100644 --- a/docs/accessanalyzer/11.6/solutions/dropbox/collection/1-dropbox_permissions_scan.md +++ b/docs/accessanalyzer/11.6/solutions/dropbox/collection/1-dropbox_permissions_scan.md @@ -9,8 +9,11 @@ sidebar_position: 10 The 1-Dropbox_Permissions Scan job collects data from the Dropbox environment on access rights, sharing policies, configurations, and content. -**CAUTION:** This job should not be run if running sensitive data scans against the Dropbox Business +:::warning +This job should not be run if running sensitive data scans against the Dropbox Business environment. +::: + ## Queries for the 1-Dropbox_Permissions Scan Job diff --git a/docs/accessanalyzer/11.6/solutions/dropbox/collection/2-dropbox_permissions_bulk_import.md b/docs/accessanalyzer/11.6/solutions/dropbox/collection/2-dropbox_permissions_bulk_import.md index 347544c214..e6f23eac94 100644 --- a/docs/accessanalyzer/11.6/solutions/dropbox/collection/2-dropbox_permissions_bulk_import.md +++ b/docs/accessanalyzer/11.6/solutions/dropbox/collection/2-dropbox_permissions_bulk_import.md @@ -9,8 +9,11 @@ sidebar_position: 30 The 2-Dropbox_Permissions Bulk Import job imports the data collected by the 1-Dropbox _Permissions Scan job to the Enterprise Auditor database for use by the analysis tasks. -**CAUTION:** This job should not be run if running sensitive data scans against the Dropbox Business +:::warning +This job should not be run if running sensitive data scans against the Dropbox Business environment. +::: + ## Queries for the 2-Dropbox_Permissions Bulk Import Job diff --git a/docs/accessanalyzer/11.6/solutions/dropbox/collection/overview.md b/docs/accessanalyzer/11.6/solutions/dropbox/collection/overview.md index 1f3c6238b4..384d1febc0 100644 --- a/docs/accessanalyzer/11.6/solutions/dropbox/collection/overview.md +++ b/docs/accessanalyzer/11.6/solutions/dropbox/collection/overview.md @@ -43,10 +43,15 @@ The relationship between the scan and bulk import jobs requires the following co - For the Dropbox Solution, the bulk import jobs require the same connection profile as used in the corresponding scan jobs -**_RECOMMENDED:_** When running the sensitive data jobs, disable the permissions jobs, and vice +:::info +When running the sensitive data jobs, disable the permissions jobs, and vice versa. +::: -_Remember,_ prior to running the Dropbox Solution for the first time, it is necessary to generate an + +:::tip +Remember, prior to running the Dropbox Solution for the first time, it is necessary to generate an access token to be used in the Connection Profile. This only needs to be done once. See the [Configure the Dropbox Access Query](/docs/accessanalyzer/11.6/solutions/dropbox/collection/1-dropbox_permissions_scan.md#configure-the-dropbox-access-query) topic for additional information. +::: diff --git a/docs/accessanalyzer/11.6/solutions/dropbox/dropbox_access.md b/docs/accessanalyzer/11.6/solutions/dropbox/dropbox_access.md index 85f558628c..411cf001ae 100644 --- a/docs/accessanalyzer/11.6/solutions/dropbox/dropbox_access.md +++ b/docs/accessanalyzer/11.6/solutions/dropbox/dropbox_access.md @@ -20,8 +20,11 @@ The Dropbox_Access job is located in the 1.Access job group. View the analysis tasks by navigating to the **Jobs** > **Dropbox** > **1.Access** > **Dro pbox_Access** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the Dropbox_Access Job](/img/product_docs/accessanalyzer/11.6/solutions/dropbox/accessanalysis.webp) @@ -33,7 +36,8 @@ preconfigured for this job. In addition to the tables created by the analysis tasks which display effective access to resources, the Dropbox_Access job produces the following pre-configured reports. -| Report | Description | Default Tags | Report Elements | -| ---------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Effective Access | This report shows effective access for all files in Dropbox. | GDPR SOX HIPAA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of three elements: - Stacked Bar Chart – Displays access by team - Table – Provides summary of database access - Table – Provides details on database access | -| Inactive Access | This report identifies instances of inactive access in Dropbox. Inactive access to a shared folder occurs when a user has left the shared folder, but can still rejoin it. | None | This report is comprised of two elements: - Bar Chart – Displays inactive access by team - Table – Provides details on inactive access | +| Report | Description | Default Tags | Report Elements | +| ---------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Effective Access | This report shows effective access for all files in Dropbox. | GDPR SOX HIPAA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of three elements:
  • Stacked Bar Chart – Displays access by team
  • Table – Provides summary of database access
  • Table – Provides details on database access
| +| Inactive Access | This report identifies instances of inactive access in Dropbox. Inactive access to a shared folder occurs when a user has left the shared folder, but can still rejoin it. | None | This report is comprised of two elements:
  • Bar Chart – Displays inactive access by team
  • Table – Provides details on inactive access
| + diff --git a/docs/accessanalyzer/11.6/solutions/dropbox/dropbox_content.md b/docs/accessanalyzer/11.6/solutions/dropbox/dropbox_content.md index 500200fe90..aad862e307 100644 --- a/docs/accessanalyzer/11.6/solutions/dropbox/dropbox_content.md +++ b/docs/accessanalyzer/11.6/solutions/dropbox/dropbox_content.md @@ -34,8 +34,11 @@ topic for additional information. View the analysis tasks by navigating to the **Jobs** > **Dropbox** > **4.Content** > **Dropbox_Content** > **Configure** node and select **Analysis**. -**CAUTION:** Most of the analysis tasks should not be modified or deselected. The analysis tasks are +:::warning +Most of the analysis tasks should not be modified or deselected. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the Dropbox_Content Job](/img/product_docs/accessanalyzer/11.6/solutions/dropbox/contentanalysis.webp) @@ -54,10 +57,11 @@ preconfigured for this job. In addition to the tables created by the analysis tasks which display content details, the Dropbox_Content job produces the following pre-configured reports. -| Report | Description | Default Tags | Report Elements | -| --------------- | ----------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Content By Type | This report breaks down Dropbox content by mimetype and classification. | None | This report is comprised of two elements: - Pie Chart – Displays content types by size - Table – Provides details on all content | -| Stale Content | This report identifies stale content within Dropbox by owner. | Stale Data | This report is comprised of three elements: - Stacked Bar Chart – Displays data ownership - Table – Provides summary of content - Table – Provides details on owners | +| Report | Description | Default Tags | Report Elements | +| --------------- | ----------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Content By Type | This report breaks down Dropbox content by mimetype and classification. | None | This report is comprised of two elements:
  • Pie Chart – Displays content types by size
  • Table – Provides details on all content
| +| Stale Content | This report identifies stale content within Dropbox by owner. | Stale Data | This report is comprised of three elements:
  • Stacked Bar Chart – Displays data ownership
  • Table – Provides summary of content
  • Table – Provides details on owners
| + ### Customizable Analysis Tasks for the Dropbox_Content Job diff --git a/docs/accessanalyzer/11.6/solutions/dropbox/dropbox_groupmembership.md b/docs/accessanalyzer/11.6/solutions/dropbox/dropbox_groupmembership.md index 745f29fc2c..a2e31e5e6f 100644 --- a/docs/accessanalyzer/11.6/solutions/dropbox/dropbox_groupmembership.md +++ b/docs/accessanalyzer/11.6/solutions/dropbox/dropbox_groupmembership.md @@ -19,8 +19,11 @@ The Dropbox_GroupMembership job is located in the 3.Group Membership job group. View the analysis tasks by navigating to the **Jobs** > **Dropbox** > **3.Group Membership** > **Dropbox_GroupMembership** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the Dropbox_GroupMembership Job](/img/product_docs/accessanalyzer/11.6/solutions/dropbox/groupmembershipanalysis.webp) @@ -32,6 +35,7 @@ preconfigured for this job. In addition to the tables created by the analysis tasks which display group membership details, the Dropbox_GroupMembership job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ---------------- | ---------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Group Membership | This report lists membership and owners for all groups within Dropbox. | None | This report is comprised of three elements: - Bar Chart – Displays largest groups - Table – Provides summary of group membership - Table – Provides details on membership | +| Report | Description | Default Tags | Report Elements | +| ---------------- | ---------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Group Membership | This report lists membership and owners for all groups within Dropbox. | None | This report is comprised of three elements:
  • Bar Chart – Displays largest groups
  • Table – Provides summary of group membership
  • Table – Provides details on membership
| + diff --git a/docs/accessanalyzer/11.6/solutions/dropbox/dropbox_sensitivedata.md b/docs/accessanalyzer/11.6/solutions/dropbox/dropbox_sensitivedata.md index 40b9f5e3de..09a17229c0 100644 --- a/docs/accessanalyzer/11.6/solutions/dropbox/dropbox_sensitivedata.md +++ b/docs/accessanalyzer/11.6/solutions/dropbox/dropbox_sensitivedata.md @@ -21,27 +21,31 @@ The Dropbox_SensitiveData job is located in the 5.Sensitive Data job group. View the analysis tasks by navigating to the **Jobs** > **Dropbox** > **5.Sensitive Data** > **Dropbox_SensitiveData** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the Dropbox_SensitiveData Job](/img/product_docs/accessanalyzer/11.6/solutions/dropbox/sensitivedataanalysis.webp) -- 1. Enterprise Summary – Creates the SA_Dropbox_SensitiveData_EnterpriseSummary table accessible +- **1. Enterprise Summary** – Creates the SA_Dropbox_SensitiveData_EnterpriseSummary table accessible under the job’s Results node -- 2. Folder Details – Creates the SA*Dropbox* SensitiveData_FolderDetails table accessible under +- **2. Folder Details** – Creates the SA*Dropbox* SensitiveData_FolderDetails table accessible under the job’s Results node -- 3. Folder Summary – Creates the SA*Dropbox* SensitiveData_FolderSummary table accessible under +- **3. Folder Summary** – Creates the SA*Dropbox* SensitiveData_FolderSummary table accessible under the job’s Results node -- 4. Permission Details – Creates the SA*Dropbox* SensitiveData_PermissionDetails table accessible +- **4. Permission Details** – Creates the SA*Dropbox* SensitiveData_PermissionDetails table accessible under the job’s Results node -- 5. Permission Summary – Creates the SA*Dropbox* SensitiveData_PermissionSummary table accessible +- **5. Permission Summary** – Creates the SA*Dropbox* SensitiveData_PermissionSummary table accessible under the job’s Results node In addition to the tables created by the analysis tasks which display effective access to resources, the Dropbox_SensitiveData job produces the following pre-configured reports. -| Report | Description | Default Tags | Report Elements | -| -------------------------- | ---------------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Enterprise Summary | This report identifies the type and amount of sensitive content found on Dropbox. | None | This report is comprised of two elements: - Pie Chart – Displays criteria summary by match count - Table – Provides criteria summary by match count | -| Folder Details | This report identifies the location of sensitive data, and flags whether or not this data is accessible through open access. | None | This report is comprised of three elements: - Bar Chart – Displays top sensitive folders by file count - Table – Provides top sensitive folders by file count - Table – Provides top sensitive folder details by match count | -| Sensitive Data Permissions | This report identifies the sensitive data locations and associated permissions. | None | This report is comprised of three elements: - Bar Chart – Displays sensitive data permission summary by file count - Table – Provides sensitive data permission summary by file count - Table – Provides sensitive data permissions by match count | +| Report | Description | Default Tags | Report Elements | +| -------------------------- | ---------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Enterprise Summary | This report identifies the type and amount of sensitive content found on Dropbox. | None | This report is comprised of two elements:
  • Pie Chart – Displays criteria summary by match count
  • Table – Provides criteria summary by match count
| +| Folder Details | This report identifies the location of sensitive data, and flags whether or not this data is accessible through open access. | None | This report is comprised of three elements:
  • Bar Chart – Displays top sensitive folders by file count
  • Table – Provides top sensitive folders by file count
  • Table – Provides top sensitive folder details by match count
| +| Sensitive Data Permissions | This report identifies the sensitive data locations and associated permissions. | None | This report is comprised of three elements:
  • Bar Chart – Displays sensitive data permission summary by file count
  • Table – Provides sensitive data permission summary by file count
  • Table – Provides sensitive data permissions by match count
| + diff --git a/docs/accessanalyzer/11.6/solutions/dropbox/dropbox_sharing.md b/docs/accessanalyzer/11.6/solutions/dropbox/dropbox_sharing.md index a02b8c01b8..a6c8d3e6f7 100644 --- a/docs/accessanalyzer/11.6/solutions/dropbox/dropbox_sharing.md +++ b/docs/accessanalyzer/11.6/solutions/dropbox/dropbox_sharing.md @@ -22,8 +22,11 @@ The Dropbox_Sharing job is located in the 2.Sharing job group. View the analysis tasks by navigating to the **Jobs** > **Dropbox** > **2.Sharing** > **Dropbox_Sharing** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the Dropbox_Sharing Job](/img/product_docs/accessanalyzer/11.6/solutions/dropbox/sharinganalysis.webp) @@ -35,6 +38,7 @@ preconfigured for this job. In addition to the tables created by the analysis tasks which display details on shared resources, the Dropbox_Sharing job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ------------------------ | ---------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Shared Files and Folders | This report lists all shares by team, and provides sharing policy and owner information. | None | This report is comprised of three elements: - Bar Chart – Displays shared folders by team - Table – Provides details on shared folders by team - Table – Provides details on shares | +| Report | Description | Default Tags | Report Elements | +| ------------------------ | ---------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Shared Files and Folders | This report lists all shares by team, and provides sharing policy and owner information. | None | This report is comprised of three elements:
  • Bar Chart – Displays shared folders by team
  • Table – Provides details on shared folders by team
  • Table – Provides details on shares
| + diff --git a/docs/accessanalyzer/11.6/solutions/dropbox/overview.md b/docs/accessanalyzer/11.6/solutions/dropbox/overview.md index 6b8da2bcf1..4bdd0f7547 100644 --- a/docs/accessanalyzer/11.6/solutions/dropbox/overview.md +++ b/docs/accessanalyzer/11.6/solutions/dropbox/overview.md @@ -22,17 +22,17 @@ scanning the targeted Dropbox site. Key information includes: Dropbox can scan the contents of over 400 file types to discover which files contain sensitive data using the Sensitive Data Discovery Add-on. -Supported Platforms +**Supported Platforms** - Dropbox -Requirements, Permissions, and Ports +**Requirements, Permissions, and Ports** See the -[Target Dropbox Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/dropbox/dropbox_1.md) +[Target Dropbox Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/dropbox/target.md) topic for additional information. -Sensitive Data Discovery Considerations +**Sensitive Data Discovery Considerations** The Sensitive Data Discovery Add-On must be installed on the Enterprise Auditor Console server, which enables Sensitive Data criteria for scans. If running Sensitive Data Discovery (SDD) scans, it @@ -40,13 +40,16 @@ will be necessary to increase the minimum amount of RAM. Each thread requires a additional GB of RAM per host. For example, if the job is configured to scan 8 hosts at a time , then an extra 16 GB of RAM are required (8x2=16). -**NOTE:** The Sensitive Data Discovery Add-on installation package installs the appropriate JDK +:::note +The Sensitive Data Discovery Add-on installation package installs the appropriate JDK (Java) version on the server. The JDK deployed is prepackaged and does not require any configuration; it has been preconfigured to work with Enterprise Auditor and should never be customized through Java. It will not conflict with other JDKs or Java Runtimes in the same environment. +::: -Location + +**Location** The Dropbox Solution requires a special Enterprise Auditor license. It can be installed from the Instant Job Wizard. Once it has been installed into the Jobs tree, navigate to the solution: diff --git a/docs/accessanalyzer/11.6/solutions/dropbox/recommended.md b/docs/accessanalyzer/11.6/solutions/dropbox/recommended.md index 5efa15b282..d1dd985914 100644 --- a/docs/accessanalyzer/11.6/solutions/dropbox/recommended.md +++ b/docs/accessanalyzer/11.6/solutions/dropbox/recommended.md @@ -9,7 +9,7 @@ sidebar_position: 10 The Dropbox Solution requires the host list to be assigned and the Connection Profile configured before job execution. Once these are assigned to the job group, it can be run directly or scheduled. -Targeted Hosts +**Targeted Hosts** The Dropbox solution has been configured to inherit the host list assignment from the collection job group level. @@ -17,7 +17,7 @@ group level. The host list assignment should be assigned under the **Dropbox** > **0.Collection** > **Settings** > **Host List Assignment** node. Select the **Local host** option. -Connection Profile +**Connection Profile** The DropboxAccess Data Collector requires a specific set of permissions to generate an access token which is used to configure the Connection Profile for Dropbox. The access token is generated in the @@ -42,43 +42,49 @@ See the [Connection](/docs/accessanalyzer/11.6/admin/settings/connection/overview.md) topic for additional information on creating Connection Profiles. -Schedule Frequency +**Schedule Frequency** The Dropbox solution can be scheduled to run as desired. -History Retention +**History Retention** Not supported and should be turned off. -Multi Console Support +**Multi Console Support** Not supported. -Run Order +**Run Order** The 0.Collection jobs must be run first and in order. Run the **1-Dropbox_Permissions Scan** job and then the **2-Dropbox_Permissions Bulk Import** job. For the sensitive data jobs, run the **1-Dropbox_SDD Scan** job and then the **2-Dropbox_SDD Bulk Import** job. -**_RECOMMENDED:_** When running the sensitive data jobs, disable the permissions jobs, and vice +:::info +When running the sensitive data jobs, disable the permissions jobs, and vice versa. +::: + After running the 0.Collection jobs, the other Dropbox solution job groups can be run in any order. Best practice is to run at the solution level. -Query Configuration +**Query Configuration** This solution can be run with the default query configurations. The Scoping page of the Dropbox Access Auditor Data Collector Wizard can be customized to target specific user accounts. See the [DropboxAccess: Scoping](/docs/accessanalyzer/11.6/admin/datacollector/dropboxaccess/scoping.md) topic for additional information. -Analysis Configuration +**Analysis Configuration** This solution should be run with the default analysis configuration. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this solution. +::: + Though the analysis tasks should not be deselected the time frame used to define staleness can be modified: @@ -91,13 +97,13 @@ modified: [4.Content > Dropbox_Content Job](/docs/accessanalyzer/11.6/solutions/dropbox/dropbox_content.md) topic for additional information -Additional Consideration +**Additional Consideration** The jobs contained in the solution use custom SQL scripts to render views on collected data. SQL views are used to populate report element tables and graphs. Changing or modifying the group, job, or table names will result in no data displayed within the Access Information Center. -Workflow +**Workflow** The following is the recommended workflow: @@ -109,7 +115,9 @@ Scan** job). **Step 3 –** Run the desired corresponding analysis and reporting sub-job groups. -_Remember,_ prior to running the Dropbox solution for the first time, it is necessary to generate an +:::tip +Remember, prior to running the Dropbox solution for the first time, it is necessary to generate an access token to be used in the Connection Profile. This only needs to be done once. See the [Configure the Dropbox Access Query](/docs/accessanalyzer/11.6/solutions/dropbox/collection/1-dropbox_permissions_scan.md#configure-the-dropbox-access-query) topic for additional information. +::: diff --git a/docs/accessanalyzer/11.6/solutions/entraid/groups/aad_circularnesting.md b/docs/accessanalyzer/11.6/solutions/entraid/groups/aad_circularnesting.md index 0ecb3a10fe..2e86cfaf44 100644 --- a/docs/accessanalyzer/11.6/solutions/entraid/groups/aad_circularnesting.md +++ b/docs/accessanalyzer/11.6/solutions/entraid/groups/aad_circularnesting.md @@ -14,8 +14,11 @@ pose administrative and operational challenges with identifying effective access Navigate to the **Jobs** > **Entra ID** > **1.Groups** > **AAD_CircularNesting** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis tasks for AAD_CircularNesting Job](/img/product_docs/accessanalyzer/11.6/solutions/entraid/groups/circularnestinganalysis.webp) @@ -29,6 +32,7 @@ The default analysis tasks are: In addition to the tables created by the analysis tasks, the AAD_CircularNesting Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ---------------- | ----------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Circular Nesting | This report identifies instances of circular nesting within your environment. | None | This report is comprised of three elements: - Bar Chart– Displays circular nesting by domain - Table – Provides details on circular nesting - Table – Provides details on circular nesting by domain | +| Report | Description | Default Tags | Report Elements | +| ---------------- | ----------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Circular Nesting | This report identifies instances of circular nesting within your environment. | None | This report is comprised of three elements:
  • Bar Chart– Displays circular nesting by domain
  • Table – Provides details on circular nesting
  • Table – Provides details on circular nesting by domain
| + diff --git a/docs/accessanalyzer/11.6/solutions/entraid/groups/aad_duplicategroups.md b/docs/accessanalyzer/11.6/solutions/entraid/groups/aad_duplicategroups.md index afb25036b4..1a61b0f476 100644 --- a/docs/accessanalyzer/11.6/solutions/entraid/groups/aad_duplicategroups.md +++ b/docs/accessanalyzer/11.6/solutions/entraid/groups/aad_duplicategroups.md @@ -14,8 +14,11 @@ contain the same group membership as one another and are suitable candidates for Navigate to the **Jobs** > **Entra ID** > **1.Groups** > **AAD_DuplicateGroups** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Anaylsis tasks for AAD_DuplicateGroups Job](/img/product_docs/accessanalyzer/11.6/solutions/entraid/groups/duplicategroupsanalysis.webp) @@ -27,6 +30,7 @@ The default analysis tasks are: In addition to the tables created by the analysis tasks, the AAD_DuplicateGroups Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ---------------- | ------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Duplicate Groups | This report identifies duplicate groups within the audited domains. | None | This report is comprised of one elements: - Bar Chart – Displays domains by number of groups with duplicates - Table – Provides duplicate groups details - Table – Provides details on domains by number of groups with duplicates | +| Report | Description | Default Tags | Report Elements | +| ---------------- | ------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Duplicate Groups | This report identifies duplicate groups within the audited domains. | None | This report is comprised of one elements:
  • Bar Chart – Displays domains by number of groups with duplicates
  • Table – Provides duplicate groups details
  • Table – Provides details on domains by number of groups with duplicates
| + diff --git a/docs/accessanalyzer/11.6/solutions/entraid/groups/aad_emptygroups.md b/docs/accessanalyzer/11.6/solutions/entraid/groups/aad_emptygroups.md index 02652d3dc9..6c4bb40d83 100644 --- a/docs/accessanalyzer/11.6/solutions/entraid/groups/aad_emptygroups.md +++ b/docs/accessanalyzer/11.6/solutions/entraid/groups/aad_emptygroups.md @@ -14,8 +14,11 @@ candidates for consolidation or cleanup. Navigate to the **Jobs** > **Entra ID** > **1.Groups** > **AAD_EmptyGroups** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis tasks for AAD_EmptyGroups Job](/img/product_docs/accessanalyzer/11.6/solutions/entraid/groups/emptygroupsanalysis.webp) @@ -32,7 +35,8 @@ The default analysis tasks are: In addition to the tables created by the analysis tasks, the AAD_EmptyGroups Job produces the following pre-configured reports. -| Report | Description | Default Tags | Report Elements | -| ------------------ | --------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Empty Groups | This report identifies all groups without any members. | None | This report is comprised of three elements: - Bar Chart – Displays domains by number of empty groups - Table – Provides details on empty groups - Table – Provides details on number of empty groups by domain | -| Single User Groups | This report identifies groups which only contain a single user. | | This report is comprised of three elements: - Bar Chart – Displays top domains by single user group count - Table – Provides details on top domains by single user group count - Table – Provides details on single user group details | +| Report | Description | Default Tags | Report Elements | +| ------------------ | --------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Empty Groups | This report identifies all groups without any members. | None | This report is comprised of three elements:
  • Bar Chart – Displays domains by number of empty groups
  • Table – Provides details on empty groups
  • Table – Provides details on number of empty groups by domain
| +| Single User Groups | This report identifies groups which only contain a single user. | | This report is comprised of three elements:
  • Bar Chart – Displays top domains by single user group count
  • Table – Provides details on top domains by single user group count
  • Table – Provides details on single user group details
| + diff --git a/docs/accessanalyzer/11.6/solutions/entraid/groups/aad_groupdirsync.md b/docs/accessanalyzer/11.6/solutions/entraid/groups/aad_groupdirsync.md index 2d2624e9f0..c896bf445d 100644 --- a/docs/accessanalyzer/11.6/solutions/entraid/groups/aad_groupdirsync.md +++ b/docs/accessanalyzer/11.6/solutions/entraid/groups/aad_groupdirsync.md @@ -14,8 +14,11 @@ Entra ID environment. Navigate to the **Jobs** > **Entra ID** > **1.Groups** > **AAD_GroupDirSync** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis tasks for AAD_GroupDirSync Job](/img/product_docs/accessanalyzer/11.6/solutions/entraid/groups/groupdirsyncanalysis.webp) @@ -29,6 +32,7 @@ The default analysis tasks are: In addition to the tables created by the analysis tasks, the AAD_GroupDirSync Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ------------- | ------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------- | -| Group Syncing | This report indicates the sync status of groups within the audited environment. | None | This report is comprised of two elements: - Pie Chart – Displays an enterprise group synching summary - Table – Provides group sync details | +| Report | Description | Default Tags | Report Elements | +| ------------- | ------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Group Syncing | This report indicates the sync status of groups within the audited environment. | None | This report is comprised of two elements:
  • Pie Chart – Displays an enterprise group synching summary
  • Table – Provides group sync details
| + diff --git a/docs/accessanalyzer/11.6/solutions/entraid/groups/aad_largestgroups.md b/docs/accessanalyzer/11.6/solutions/entraid/groups/aad_largestgroups.md index e06d398f55..5105f82894 100644 --- a/docs/accessanalyzer/11.6/solutions/entraid/groups/aad_largestgroups.md +++ b/docs/accessanalyzer/11.6/solutions/entraid/groups/aad_largestgroups.md @@ -15,8 +15,11 @@ resources, or how much access is being granted to resources through these groups Navigate to the **Jobs** > **Entra ID** > **1.Groups** > **AAD_LargestGroups** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis tasks for AAD_LargestGroups Job](/img/product_docs/accessanalyzer/11.6/solutions/entraid/groups/largestgroupsanalysis.webp) @@ -28,6 +31,7 @@ The default analysis tasks are: In addition to the tables created by the analysis tasks, the AAD_LargestGroups Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| -------------- | ------------------------------------------------------------------------ | ------------ | ---------------------------------------------------------------------------------------------------------------- | -| Largest Groups | This report identifies the largest groups within the audited environment | None | This report is comprised of two elements: - Bar Chart – Displays largest groups - Table – Provides group details | +| Report | Description | Default Tags | Report Elements | +| -------------- | ------------------------------------------------------------------------ | ------------ | -------------------------------------------------------------------------------------------------------------------------------------- | +| Largest Groups | This report identifies the largest groups within the audited environment | None | This report is comprised of two elements:
  • Bar Chart – Displays largest groups
  • Table – Provides group details
| + diff --git a/docs/accessanalyzer/11.6/solutions/entraid/groups/aad_nestedgroups.md b/docs/accessanalyzer/11.6/solutions/entraid/groups/aad_nestedgroups.md index 382861e9ed..99826e696e 100644 --- a/docs/accessanalyzer/11.6/solutions/entraid/groups/aad_nestedgroups.md +++ b/docs/accessanalyzer/11.6/solutions/entraid/groups/aad_nestedgroups.md @@ -16,8 +16,11 @@ to avoid difficulties in understanding effective membership and access. Navigate to the **Jobs** > **Entra ID** > **1.Groups** > **AAD_NestedGroups** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis tasks for AAD_NestedGroups Job](/img/product_docs/accessanalyzer/11.6/solutions/entraid/groups/nestedgroupsanalysis.webp) @@ -31,6 +34,7 @@ The default analysis tasks are: In addition to the tables created by the analysis tasks, the AAD_NestedGroups Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ------------- | ----------------------------------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Nested Groups | This report identifies the groups with the largest nested group count, as well as their deepest level of nesting. | None | This report is comprised of three elements: - Bar Chart – Displays top domains by group nesting - Table – Provides nested group details - Tables – Provides details on top domains by group nesting | +| Report | Description | Default Tags | Report Elements | +| ------------- | ----------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Nested Groups | This report identifies the groups with the largest nested group count, as well as their deepest level of nesting. | None | This report is comprised of three elements:
  • Bar Chart – Displays top domains by group nesting
  • Table – Provides nested group details
  • Tables – Provides details on top domains by group nesting
| + diff --git a/docs/accessanalyzer/11.6/solutions/entraid/groups/aad_probableowners.md b/docs/accessanalyzer/11.6/solutions/entraid/groups/aad_probableowners.md index c67c8af49c..b6bc26eec7 100644 --- a/docs/accessanalyzer/11.6/solutions/entraid/groups/aad_probableowners.md +++ b/docs/accessanalyzer/11.6/solutions/entraid/groups/aad_probableowners.md @@ -15,8 +15,11 @@ requests. Navigate to the **Jobs** > **Entra ID** > **1.Groups** > **AAD_ProbableOwners** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis tasks for AAD_ProbableOwners Job](/img/product_docs/accessanalyzer/11.6/solutions/entraid/groups/probableownersanalysis.webp) @@ -30,6 +33,7 @@ The default analysis tasks are: In addition to the tables created by the analysis tasks, the AAD_ProbableOwners Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| --------------- | -------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Probable Owners | This report identifies the most probable manager based on effective member attributes. | None | This report is comprised of three elements: - Stacked Bar Chart – Displays top domains by blank manager field - Table – Provides probable owner details - Tables – Provides details on top domains by blank manager field | +| Report | Description | Default Tags | Report Elements | +| --------------- | -------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Probable Owners | This report identifies the most probable manager based on effective member attributes. | None | This report is comprised of three elements:
  • Stacked Bar Chart – Displays top domains by blank manager field
  • Table – Provides probable owner details
  • Tables – Provides details on top domains by blank manager field
| + diff --git a/docs/accessanalyzer/11.6/solutions/entraid/groups/aad_stalegroups.md b/docs/accessanalyzer/11.6/solutions/entraid/groups/aad_stalegroups.md index 10414d95c8..5b0bd92a24 100644 --- a/docs/accessanalyzer/11.6/solutions/entraid/groups/aad_stalegroups.md +++ b/docs/accessanalyzer/11.6/solutions/entraid/groups/aad_stalegroups.md @@ -16,8 +16,11 @@ removed. Navigate to the **Jobs** > **Entra ID** > **1.Groups** > **AAD_StaleGroups** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis tasks for AAD_StaleGroups Job](/img/product_docs/accessanalyzer/11.6/solutions/entraid/groups/stalegroupsanalysis.webp) @@ -33,6 +36,7 @@ The default analysis tasks are: In addition to the tables created by the analysis tasks, the AAD_StaleGroups Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ----------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Stale Effective Membership (Stale Groups) | This report identifies groups with stale effective membership. A stale user is defined as someone who has not logged into the domain in over 30 days or is currently disabled. | None | This report is comprised of three elements: - Chart – Displays group membership - Table – Provides group membership details - Tables – Provides stale groups organization summary | +| Report | Description | Default Tags | Report Elements | +| ----------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Stale Effective Membership (Stale Groups) | This report identifies groups with stale effective membership. A stale user is defined as someone who has not logged into the domain in over 30 days or is currently disabled. | None | This report is comprised of three elements:
  • Chart – Displays group membership
  • Table – Provides group membership details
  • Tables – Provides stale groups organization summary
| + diff --git a/docs/accessanalyzer/11.6/solutions/entraid/overview.md b/docs/accessanalyzer/11.6/solutions/entraid/overview.md index 07507c66d7..61dbedfbc2 100644 --- a/docs/accessanalyzer/11.6/solutions/entraid/overview.md +++ b/docs/accessanalyzer/11.6/solutions/entraid/overview.md @@ -11,17 +11,17 @@ regarding Microsoft Entra ID configuration, operational management, and trouble within this group help pinpoint potential areas of administrative and security concerns related to Microsoft Entra ID users and groups, including syncing with on-premises Active Directory. -Supported Platforms +**Supported Platforms** - Microsoft Entra ID (formerly Azure AD) -Requirements, Permissions, and Ports +**Requirements, Permissions, and Ports** See the [Microsoft Entra ID Tenant Target Requirements](/docs/accessanalyzer/11.6/requirements/entraid/entraid/overview.md) topic for additional information. -Location +**Location** The Entra ID Solution requires a special Enterprise Auditor license. It can be installed from the Instant Job Wizard, see the diff --git a/docs/accessanalyzer/11.6/solutions/entraid/recommended.md b/docs/accessanalyzer/11.6/solutions/entraid/recommended.md index c9deb307e3..20353edf52 100644 --- a/docs/accessanalyzer/11.6/solutions/entraid/recommended.md +++ b/docs/accessanalyzer/11.6/solutions/entraid/recommended.md @@ -10,7 +10,7 @@ The Entra ID Solution has been configured to inherit down from the job group ** host list must be assigned and the Connection Profile configured before job execution. Once these are assigned to the job group, it can be run directly or scheduled. -Dependencies +**Dependencies** Running the .Entra ID Inventory Job Group provides essential data to the Entra ID Solution. @@ -19,7 +19,7 @@ syncing information. See the [.Active Directory Inventory Solution](/docs/accessanalyzer/11.6/solutions/activedirectoryinventory/overview.md) topic for additional information. -Targeted Hosts +**Targeted Hosts** The Entra ID Solution does not require a target host because the jobs use data collected from the .Entra ID Inventory Job Group and the .Active Directory Inventory Job Group. However, Enterprise @@ -27,17 +27,17 @@ Auditor jobs do not execute successfully without a host list assigned. Assign th the **Entra ID** > **Settings** > **Host Lists Assignment** node. Check the **Local host** box and click **Save**. -Connection Profile +**Connection Profile** Since the Entra ID Solution is not collecting any data, a specific connection profile is not necessary. Therefore, the default setting **Use the Default Profile** is sufficient for this solution. -Schedule Frequency +**Schedule Frequency** Schedule the Entra ID Job Group to run on a preferred schedule. -Optional Configuration +**Optional Configuration** The Entra ID Solution receives user and group membership information from the .Entra ID Inventory Solution. Information received includes manager, email addresses, and direct membership. Customize @@ -48,7 +48,7 @@ See the [.Entra ID Inventory Solution](/docs/accessanalyzer/11.6/solutions/entraidinventory/overview.md) topic for additional information. -Workflow +**Workflow** The following is the recommended workflow: diff --git a/docs/accessanalyzer/11.6/solutions/entraid/users/aad_directmembership.md b/docs/accessanalyzer/11.6/solutions/entraid/users/aad_directmembership.md index 9d2f22ea3d..4cd2cb1faa 100644 --- a/docs/accessanalyzer/11.6/solutions/entraid/users/aad_directmembership.md +++ b/docs/accessanalyzer/11.6/solutions/entraid/users/aad_directmembership.md @@ -15,8 +15,11 @@ review and cleanup. Navigate to the **Jobs** > **Entra ID** > **2.Users** > **AAD_DirectMembership** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AAD_DirectMembership Job](/img/product_docs/accessanalyzer/11.6/solutions/entraid/users/directmembershipanalysis.webp) @@ -30,6 +33,7 @@ The default analysis tasks are: In addition to the tables created by the analysis tasks, the AAD_DirectMembership Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ------------------- | ------------------------------------------------------ | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| No Group Membership | This report identifies users with no group membership. | None | This report is comprised of three elements: - Bar Chart – Displays top domains by users with no group membership - Table – Provides details on all users with no group membership - Tables – Provides details on top domains by users with no group membership | +| Report | Description | Default Tags | Report Elements | +| ------------------- | ------------------------------------------------------ | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| No Group Membership | This report identifies users with no group membership. | None | This report is comprised of three elements:
  • Bar Chart – Displays top domains by users with no group membership
  • Table – Provides details on all users with no group membership
  • Tables – Provides details on top domains by users with no group membership
| + diff --git a/docs/accessanalyzer/11.6/solutions/entraid/users/aad_disabledusers.md b/docs/accessanalyzer/11.6/solutions/entraid/users/aad_disabledusers.md index e0fff00d4f..5d9adb18e0 100644 --- a/docs/accessanalyzer/11.6/solutions/entraid/users/aad_disabledusers.md +++ b/docs/accessanalyzer/11.6/solutions/entraid/users/aad_disabledusers.md @@ -14,8 +14,11 @@ accounts should be reviewed and cleaned up in order to increase security and red Navigate to the **Jobs** > **Entra ID** > **2.Users** > **AAD_DisabledUsers** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AAD_DisabledUsers Job](/img/product_docs/accessanalyzer/11.6/solutions/entraid/users/disabledusersanalysis.webp) @@ -29,6 +32,7 @@ The default analysis tasks are: In addition to the tables created by the analysis tasks, the AAD_DisabledUsers Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ---------------------- | ---------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Disabled User Accounts | This report identifies disabled user accounts and summarizes them by domain. | None | This report is comprised of three elements: - Stacked Bar Chart – Displays disabled users by domain - Table – Provides user details - Tables – Provides details on disabled users by domain | +| Report | Description | Default Tags | Report Elements | +| ---------------------- | ---------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Disabled User Accounts | This report identifies disabled user accounts and summarizes them by domain. | None | This report is comprised of three elements:
  • Stacked Bar Chart – Displays disabled users by domain
  • Table – Provides user details
  • Tables – Provides details on disabled users by domain
| + diff --git a/docs/accessanalyzer/11.6/solutions/entraid/users/aad_staleusers.md b/docs/accessanalyzer/11.6/solutions/entraid/users/aad_staleusers.md index 619c88825f..e14d6cd64c 100644 --- a/docs/accessanalyzer/11.6/solutions/entraid/users/aad_staleusers.md +++ b/docs/accessanalyzer/11.6/solutions/entraid/users/aad_staleusers.md @@ -14,8 +14,11 @@ accounts should be reviewed and cleaned up in order to increase security and red Navigate to the **Jobs** > **Entra ID** > **2.Users** > **AAD_StaleUsers** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AAD_StaleUsers Job](/img/product_docs/accessanalyzer/11.6/solutions/entraid/users/staleusersanalysis.webp) @@ -29,6 +32,7 @@ The default analysis tasks are: In addition to the tables created by the analysis tasks, the AAD_StaleUsers Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ----------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Stale Users | This report identifies user accounts which have not logged into the domain for an extended amount of time or are currently disabled. A user account is considered stale if the last logon is over 30 days ago or is currently disabled. | None | This report is comprised of three elements: - Stacked Bar Chart – Displays users by domain - Table – Provides details on users - Tables – Provides details on users by domain | +| Report | Description | Default Tags | Report Elements | +| ----------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Stale Users | This report identifies user accounts which have not logged into the domain for an extended amount of time or are currently disabled. A user account is considered stale if the last logon is over 30 days ago or is currently disabled. | None | This report is comprised of three elements:
  • Stacked Bar Chart – Displays users by domain
  • Table – Provides details on users
  • Tables – Provides details on users by domain
| + diff --git a/docs/accessanalyzer/11.6/solutions/entraid/users/aad_userattributecompletion.md b/docs/accessanalyzer/11.6/solutions/entraid/users/aad_userattributecompletion.md index a6f963646d..f8d5ee6ab5 100644 --- a/docs/accessanalyzer/11.6/solutions/entraid/users/aad_userattributecompletion.md +++ b/docs/accessanalyzer/11.6/solutions/entraid/users/aad_userattributecompletion.md @@ -15,8 +15,11 @@ within Microsoft Entra ID which are lacking appropriate information. Navigate to the **Jobs** > **Entra ID** > **2.Users** > **AAD_UserAttributeCompletion** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AAD_UserAttributeCompletion Job](/img/product_docs/accessanalyzer/11.6/solutions/entraid/users/userattributecompletionanalysis.webp) @@ -30,6 +33,7 @@ The default analysis tasks are: In addition to the tables created by the analysis tasks, the AAD_UserAttributeCompletion Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| User Attribute Completion | This report identifies which attributes are present within User fields in Microsoft Entra ID, and which ones are blank for a majority of User objects. | None | This report is comprised of three elements: - Stacked Bar Chart – Displays completeness by attribute - Table – Provides details on users with blank attributes - Tables – Provides details om completeness by attribute | +| Report | Description | Default Tags | Report Elements | +| ------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| User Attribute Completion | This report identifies which attributes are present within User fields in Microsoft Entra ID, and which ones are blank for a majority of User objects. | None | This report is comprised of three elements:
  • Stacked Bar Chart – Displays completeness by attribute
  • Table – Provides details on users with blank attributes
  • Tables – Provides details om completeness by attribute
| + diff --git a/docs/accessanalyzer/11.6/solutions/entraid/users/aad_userdirsync.md b/docs/accessanalyzer/11.6/solutions/entraid/users/aad_userdirsync.md index af6c6744f1..8e9a339d2a 100644 --- a/docs/accessanalyzer/11.6/solutions/entraid/users/aad_userdirsync.md +++ b/docs/accessanalyzer/11.6/solutions/entraid/users/aad_userdirsync.md @@ -14,8 +14,11 @@ Entra ID environment. Navigate to the **Jobs** > **Entra ID** > **2.Users** > **AAD_UserDirSync** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the AAD_UserDirSync Job](/img/product_docs/accessanalyzer/11.6/solutions/entraid/users/userdirsyncanalysis.webp) @@ -29,6 +32,7 @@ The default analysis tasks are: In addition to the tables created by the analysis tasks, the AAD_UserDirSync Job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ------------ | -------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------- | -| User Syncing | This report indicates the sync status of user accounts within the audited environment. | None | This report is comprised of two elements: - Bar Chart – Displays enterprise user synchronization summary - Table – Provides user sync details | +| Report | Description | Default Tags | Report Elements | +| ------------ | -------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| User Syncing | This report indicates the sync status of user accounts within the audited environment. | None | This report is comprised of two elements:
  • Bar Chart – Displays enterprise user synchronization summary
  • Table – Provides user sync details
| + diff --git a/docs/accessanalyzer/11.6/solutions/entraidinventory/1-aad_scan.md b/docs/accessanalyzer/11.6/solutions/entraidinventory/1-aad_scan.md index 6d92b80e39..c2b9dd158b 100644 --- a/docs/accessanalyzer/11.6/solutions/entraidinventory/1-aad_scan.md +++ b/docs/accessanalyzer/11.6/solutions/entraidinventory/1-aad_scan.md @@ -45,8 +45,11 @@ DC Wizard. - Collect only updates since the last scan – Enables differential scanning. - **NOTE:** Enabling the Collect Open Extensions option on the Custom Attributes page overrides + :::note + Enabling the Collect Open Extensions option on the Custom Attributes page overrides this function. + ::: + - Collect sign-in activity with scan – Required to collect the LastLogonTimestamp attribute of user objects. A message will alert users that deselecting this option will disable this function. @@ -60,8 +63,11 @@ attributes. - Select **Collect Open Extensions** to enable the data collector to collect all extension attributes in Microsoft Entra ID. Enabling this option will increase scan times. - **NOTE:** Enabling this option overrides the differential scan setting and will direct the data + :::note + Enabling this option overrides the differential scan setting and will direct the data controller to run a full scan every time the job is run. + ::: + - See the [AzureADInventory Data Collector](/docs/accessanalyzer/11.6/admin/datacollector/azureadinventory/overview.md) @@ -77,8 +83,11 @@ The 1-AAD_Scan Job is now ready to run with the customized settings. Navigate to the **.Entra ID Inventory** > **1-AAD_Scan** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for 1-AAD_Scan Job](/img/product_docs/accessanalyzer/11.6/solutions/entraidinventory/scananalysistasks.webp) @@ -100,6 +109,7 @@ In addition to the tables and views listed in the [Standard Reference Tables & Views for the AzureADInventory Data Collector](/docs/accessanalyzer/11.6/admin/datacollector/azureadinventory/standardtables.md) section, the 1-AAD_Scan Job produces the following preconfigured report. -| Report | Description | Default Tags | Report Elements | -| ---------------- | ------------------------------------------------------------------ | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Entra ID Summary | This report provides a summary of all audited domains and objects. | None | This report has two elements: - Table – Provides details on general statistics on the Users and groups found with each tenant scanned - Table – Provides details on statistical information for each of these Entra ID objects | +| Report | Description | Default Tags | Report Elements | +| ---------------- | ------------------------------------------------------------------ | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Entra ID Summary | This report provides a summary of all audited domains and objects. | None | This report has two elements:
  • Table – Provides details on general statistics on the Users and groups found with each tenant scanned
  • Table – Provides details on statistical information for each of these Entra ID objects
| + diff --git a/docs/accessanalyzer/11.6/solutions/entraidinventory/2-aad_exceptions.md b/docs/accessanalyzer/11.6/solutions/entraidinventory/2-aad_exceptions.md index d7cd72eec4..2a5ec9f527 100644 --- a/docs/accessanalyzer/11.6/solutions/entraidinventory/2-aad_exceptions.md +++ b/docs/accessanalyzer/11.6/solutions/entraidinventory/2-aad_exceptions.md @@ -15,9 +15,12 @@ Navigate to the **.Entra ID Inventory** > **2-AAD_Exceptions** > **Configure** n **Analysis**. Analysis tasks with configuration parameters that define security concerns can be modified. -**CAUTION:** Most of these analysis tasks are preconfigured and should not be modified and not be +:::warning +Most of these analysis tasks are preconfigured and should not be modified and not be deselected. There are a few which are deselected by default, as they are for troubleshooting purposes. +::: + ![Analysis Tasks for 2-AAD_Exceptions Job](/img/product_docs/accessanalyzer/11.6/solutions/entraidinventory/exceptionsanalysistasks.webp) @@ -89,8 +92,11 @@ group objects during this job’s analysis. The parameters can be customized and section at the bottom of the SQL Script Editor. Follow the steps to customize an analysis task’s parameters. -**CAUTION:** Modifying these parameters affects solutions with .Entra ID Inventory Job Group +:::warning +Modifying these parameters affects solutions with .Entra ID Inventory Job Group dependency. +::: + **Step 1 –** Navigate to the **.Entra ID Inventory** > **2-AAD_Exceptions** > **Configure** node and select **Analysis**. @@ -106,7 +112,10 @@ Configuration**. The SQL Script Editor opens. **Step 4 –** Double-click in a field in the Value column and enter a custom value. -**CAUTION:** Do not change any parameters where the Value states **Created during execution**. +:::warning +Do not change any parameters where the Value states **Created during execution**. +::: + **Step 5 –** Click **Save and Close** to finalize the customization and close the SQL Script Editor. diff --git a/docs/accessanalyzer/11.6/solutions/entraidinventory/overview.md b/docs/accessanalyzer/11.6/solutions/entraidinventory/overview.md index 03d9cd1325..5011739bf1 100644 --- a/docs/accessanalyzer/11.6/solutions/entraidinventory/overview.md +++ b/docs/accessanalyzer/11.6/solutions/entraidinventory/overview.md @@ -14,17 +14,17 @@ duplicate groups. The user and group information assists with understanding prob ownership, group memberships, largest groups, user status, attribute completion, and synchronization status between on-premises Active Directory and Microsoft Entra ID. -Supported Platforms +**Supported Platforms** - Microsoft Entra ID (formerly Azure AD) -Requirements, Permissions, and Ports +**Requirements, Permissions, and Ports** See the [Microsoft Entra ID Tenant Target Requirements](/docs/accessanalyzer/11.6/requirements/entraid/entraid/overview.md) topic for additional information. -Location +**Location** The .Entra ID Inventory Solution is a core component of all Enterprise Auditor installations. It can be installed from the Enterprise Auditor Instant Job Wizard. See the @@ -51,5 +51,8 @@ The data collection is conducted by the AzureADInventory Data Collector. See the [Standard Reference Tables & Views for the AzureADInventory Data Collector](/docs/accessanalyzer/11.6/admin/datacollector/azureadinventory/standardtables.md) topic for database table information. -**NOTE:** This solution is required for SharePoint Online reports in the Netwrix Access Information +:::note +This solution is required for SharePoint Online reports in the Netwrix Access Information Center. + +::: diff --git a/docs/accessanalyzer/11.6/solutions/entraidinventory/recommended.md b/docs/accessanalyzer/11.6/solutions/entraidinventory/recommended.md index 1e824c2ee4..5d5ad062d9 100644 --- a/docs/accessanalyzer/11.6/solutions/entraidinventory/recommended.md +++ b/docs/accessanalyzer/11.6/solutions/entraidinventory/recommended.md @@ -10,15 +10,15 @@ The .Entra ID Inventory Solution is configured to inherit settings from the Glob The host list and connection profile must be assigned before job execution. Once these are assigned to the job group, it can be run directly or scheduled. -Dependencies +**Dependencies** This job group does not have dependencies. -Targeted Hosts +**Targeted Hosts** All Microsoft Entra Tenants. -Connection Profile +**Connection Profile** The Connection Profile is assigned under **.Entra ID Inventory** > **Settings** > **Connection**. It is set to **Use the Default Profile**, as configured at the global **Settings** level. However, if @@ -28,39 +28,42 @@ appropriate Connection Profile. See the [Microsoft Entra ID Connection Profile & Host List](/docs/accessanalyzer/11.6/admin/datacollector/azureadinventory/configurejob.md) topic for information. -History Retention +**History Retention** Not supported. -Multi-Console Support +**Multi-Console Support** Not supported. -Schedule Frequency +**Schedule Frequency** -**_RECOMMENDED:_** Schedule the .Entra ID Inventory job group to run once a day. If there are +:::info +Schedule the .Entra ID Inventory job group to run once a day. If there are frequent Microsoft Entra ID changes within the target environment, then it can be executed more often. It is best to rerun it anytime Entra ID changes might have occurred. +::: -Run at the Solution Level + +**Run at the Solution Level** The jobs in the .Entra ID Inventory Job Group should be run together and in order by running the entire solution, instead of the individual jobs. -Query Configuration +**Query Configuration** Run the solution with the default query configuration for best results. While it is recommended to make no changes to the [1-AAD_Scan Job](/docs/accessanalyzer/11.6/solutions/entraidinventory/1-aad_scan.md), a possible modification might be to scope the query to not collect login activity. -Analysis Configuration +**Analysis Configuration** Run the solution with the default analysis configuration for best results. However, a possible modification might be to customize exception analysis parameters within the [2-AAD_Exceptions Job](/docs/accessanalyzer/11.6/solutions/entraidinventory/2-aad_exceptions.md). -Workflow +**Workflow** The following is the recommended workflow: diff --git a/docs/accessanalyzer/11.6/solutions/exchange/casmetrics/ex_activesync.md b/docs/accessanalyzer/11.6/solutions/exchange/casmetrics/ex_activesync.md index 525bc2ce48..4ad2c845fd 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/casmetrics/ex_activesync.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/casmetrics/ex_activesync.md @@ -17,26 +17,29 @@ The EX_ActiveSync job is located in the ActiveSync job group. View the analysis tasks by navigating to the **Exchange** > **2. CAS Metrics** > **ActiveSync** > **EX_ActiveSync** > **Configure** node and select **Analysis**. -**CAUTION:** Most of these analysis tasks are preconfigured and should not be modified or +:::warning +Most of these analysis tasks are preconfigured and should not be modified or deselected. There are some that are deselected by default, as they are for troubleshooting purposes. +::: + ![Analysis Tasks for the EX_ActiveSync Job](/img/product_docs/accessanalyzer/11.6/solutions/exchange/casmetrics/activesyncanalysis.webp) The following analysis tasks are selected by default: -- 01b. Active Sync Data – Creates the SA_EX_ActiveSync_Details table, accessible under the job’s +- **01b. Active Sync Data** – Creates the SA_EX_ActiveSync_Details table, accessible under the job’s Results node -- 2. Last Week Summary – Creates an interim processing table in the database for use by downstream +- **2. Last Week Summary** – Creates an interim processing table in the database for use by downstream analysis and report generation -- 3. User Device History – Creates the SA_EX_ActiveSync_UserDeviceHistory table, accessible under +- **3. User Device History** – Creates the SA_EX_ActiveSync_UserDeviceHistory table, accessible under the job’s Results node -- 4. Device Population – Creates the SA_EX_ActiveSync_DevicePopulation table, accessible under the +- **4. Device Population** – Creates the SA_EX_ActiveSync_DevicePopulation table, accessible under the job’s Results node -- 5. Users Ranked – Creates the SA_EX_ActiveSync_UsersRanked table accessible, under the job’s +- **5. Users Ranked** – Creates the SA_EX_ActiveSync_UsersRanked table accessible, under the job’s Results node -- 6. Servers Ranked – Creates the SA_EX_ActiveSync_ServersRanked table accessible, under the job’s +- **6. Servers Ranked** – Creates the SA_EX_ActiveSync_ServersRanked table accessible, under the job’s Results node -- 7. SET HISTORY RETENTION – Sets retention period in months +- **7. SET HISTORY RETENTION** – Sets retention period in months - The default is **6 months**. It can be modified. - See the @@ -46,10 +49,13 @@ The following analysis tasks are selected by default: The following analysis task deletes table data from the analysis jobs. This analysis task should remain cleared unless specifically needed: -**CAUTION:** Do not select the **00. Deletes all History** option. This analysis task is for +:::warning +Do not select the **00. Deletes all History** option. This analysis task is for troubleshooting and cleanup only. Data will be deleted from the database. +::: + -- 0. Delete all History +- **0. Delete all History** - See the [Troubleshooting Data Collection](/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/collection/ex_metricscollection.md#troubleshooting-data-collection) @@ -64,9 +70,10 @@ that is returned as NULL is updated based on existing data in the table: In addition to the tables and views created by the analysis tasks, the EX_ActiveSync Job produces the following pre-configured reports: -| Report | Description | Default Tags | Report Elements | -| ----------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Device Types (Device Population) | This report identifies what device models are currently being used with ActiveSync, and the average load they put on the environment each day. | None | This report is comprised of two elements: - Bar Chart – Displays most popular devices - Table – Provides details on most popular devices | -| Server Traffic (Top Servers by Average Daily Traffic) | This report ranks CAS servers by volume of ActiveSync traffic. | None | This report is comprised of two elements: - Bar Chart – Displays top users by average daily traffic - Table – Provides details on top users by average daily traffic | -| Top Users (Top Users by Average Daily Traffic) | This report shows the top users of ActiveSync. | None | This report is comprised of two elements: - Bar Chart – Displays top users by average daily traffic - Table – Provides details on top users by average daily traffic | -| User Devices (User Phones) | This report identifies all devices which have been associated with a User, and the time frames when they were used. | None | This report is comprised of one element: - Table – Provides details on user devices | +| Report | Description | Default Tags | Report Elements | +| ----------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Device Types (Device Population) | This report identifies what device models are currently being used with ActiveSync, and the average load they put on the environment each day. | None | This report is comprised of two elements:
  • Bar Chart – Displays most popular devices
  • Table – Provides details on most popular devices
| +| Server Traffic (Top Servers by Average Daily Traffic) | This report ranks CAS servers by volume of ActiveSync traffic. | None | This report is comprised of two elements:
  • Bar Chart – Displays top users by average daily traffic
  • Table – Provides details on top users by average daily traffic
| +| Top Users (Top Users by Average Daily Traffic) | This report shows the top users of ActiveSync. | None | This report is comprised of two elements:
  • Bar Chart – Displays top users by average daily traffic
  • Table – Provides details on top users by average daily traffic
| +| User Devices (User Phones) | This report identifies all devices which have been associated with a User, and the time frames when they were used. | None | This report is comprised of one element:
  • Table – Provides details on user devices
| + diff --git a/docs/accessanalyzer/11.6/solutions/exchange/casmetrics/ex_aspolicies.md b/docs/accessanalyzer/11.6/solutions/exchange/casmetrics/ex_aspolicies.md index 2feb98fd9f..0f2d3f5132 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/casmetrics/ex_aspolicies.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/casmetrics/ex_aspolicies.md @@ -36,7 +36,10 @@ Properties**. The Query Properties window opens. **Step 3 –** Select the **Data Source** tab, and click **Configure**. The ExchangePS Data Collector Wizard opens. -**CAUTION:** Do not modify other wizard pages. The wizard pages are pre-configured for this job. +:::warning +Do not modify other wizard pages. The wizard pages are pre-configured for this job. +::: + ![ExchangePS Data Collector Wizard Scope page](/img/product_docs/activitymonitor/7.1/config/activedirectory/scope.webp) @@ -70,18 +73,22 @@ The job applies the modification to future job executions. View the analysis tasks by navigating to the **Exchange** > **2. CAS Metrics** > **EX_ASPolicies** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the EX_ASPolicies Job](/img/product_docs/accessanalyzer/11.6/solutions/exchange/casmetrics/aspoliciesanalysis.webp) The following analysis task is selected by default: -- 1. Update Nulls – Updates the NULLs in the table to show information +- **1. Update Nulls** – Updates the NULLs in the table to show information In addition to the tables and views created by the analysis task, the EX_ASPolicies Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ---------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------- | -| User ActiveSync Policies (ActiveSync Settings) | Exchange introduced many ActiveSync policies and settings which can be applied to users. This report identifies which users have these settings enabled. | None | This report is comprised of two elements: - Pie Chart – Displays ActiveSync Policies - Table – Provides details ActiveSync Policies | +| Report | Description | Default Tags | Report Elements | +| ---------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------- | +| User ActiveSync Policies (ActiveSync Settings) | Exchange introduced many ActiveSync policies and settings which can be applied to users. This report identifies which users have these settings enabled. | None | This report is comprised of two elements:
  • Pie Chart – Displays ActiveSync Policies
  • Table – Provides details ActiveSync Policies
| + diff --git a/docs/accessanalyzer/11.6/solutions/exchange/casmetrics/ex_iislogs.md b/docs/accessanalyzer/11.6/solutions/exchange/casmetrics/ex_iislogs.md index 4beb2ba27b..9fbec8b1b3 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/casmetrics/ex_iislogs.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/casmetrics/ex_iislogs.md @@ -46,8 +46,11 @@ opens. **Step 3 –** Select the **Data Source** tab, and click **Configure**. The SMART Log DC Wizard opens. -**CAUTION:** Do not modify other wizard pages. The other wizard pages are pre-configured for this +:::warning +Do not modify other wizard pages. The other wizard pages are pre-configured for this job. +::: + ![SMART Log DC Wizard Target Log page](/img/product_docs/accessanalyzer/11.6/solutions/exchange/casmetrics/smartlogdctargetlog.webp) @@ -55,8 +58,11 @@ job. [SMARTLog: Target Log](/docs/accessanalyzer/11.6/admin/datacollector/smartlog/targetlog/targetlog.md) topic for additional information. -_Remember,_ if the date range configuration includes data older than the last scan, the **Persist +:::tip +Remember, if the date range configuration includes data older than the last scan, the **Persist Log State** checkbox on the Log State page must be disabled. +::: + **Step 5 –** Navigate to the Summary page. Click **Finish**. diff --git a/docs/accessanalyzer/11.6/solutions/exchange/casmetrics/ex_owatraffic.md b/docs/accessanalyzer/11.6/solutions/exchange/casmetrics/ex_owatraffic.md index 65bd99d9bc..6dbf811a16 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/casmetrics/ex_owatraffic.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/casmetrics/ex_owatraffic.md @@ -17,22 +17,25 @@ The EX_OWATraffic job is located in the Outlook Web Access Job Group. View the analysis tasks by navigating to the **Exchange** > **2. CAS Metrics** > **Outlook Web Access** > **EX_OWATraffic** > **Configure** node and select **Analysis**. -**CAUTION:** Most of these analysis tasks are preconfigured and should not be modified ordeselected. +:::warning +Most of these analysis tasks are preconfigured and should not be modified ordeselected. There is one that is deselected by default, as it is for troubleshooting purposes. +::: + ![Analysis Tasks for the EX_OWATraffic Job](/img/product_docs/accessanalyzer/11.6/solutions/exchange/casmetrics/owatrafficanalysis.webp) The following analysis tasks are selected by default: -- 1. OWA Traffic – Creates the SA_EX_OWATraffic_Details table, accessible under the job’s Results +- **1. OWA Traffic** – Creates the SA_EX_OWATraffic_Details table, accessible under the job’s Results node -- 2. User Summary – Creates the SA_EX_OWATraffic_UserSummary table, accessible under the job’s +- **2. User Summary** – Creates the SA_EX_OWATraffic_UserSummary table, accessible under the job’s Results node -- 3. Server View – Creates the SA_EX_OWATraffic_ServerSummary table, accessible under the job’s +- **3. Server View** – Creates the SA_EX_OWATraffic_ServerSummary table, accessible under the job’s Results node -- 4. Server View – Creates the SA_EX_OWATraffic_ServerRanked table, accessible under the job’s +- **4. Server View** – Creates the SA_EX_OWATraffic_ServerRanked table, accessible under the job’s Results node -- 5. SET HISTORY RETENTION – Sets retention period in months +- **5. SET HISTORY RETENTION** – Sets retention period in months - By default it is set to retain 6 months. This can be modified. - See the @@ -42,10 +45,13 @@ The following analysis tasks are selected by default: The following analysis task deletes table data from data collection and analysis jobs. This analysis task should remain cleared unless specifically needed: -**CAUTION:** Do not select the **00. Delete all History** option. This analysis task is for +:::warning +Do not select the **00. Delete all History** option. This analysis task is for troubleshooting and cleanup only. Data will be deleted from the database. +::: + -- 0. Deletes all History - LEAVE UNCHECKED – Clears all historical data +- **0. Deletes all History - LEAVE UNCHECKED** – Clears all historical data - See the [Troubleshooting Data Collection](/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/collection/ex_metricscollection.md#troubleshooting-data-collection) topic for additional information @@ -53,7 +59,8 @@ troubleshooting and cleanup only. Data will be deleted from the database. In addition to the tables and views created by the analysis tasks, the EX_OWATraffic Job produces the following pre-configured reports: -| Report | Description | Default Tags | Report Elements | -| -------------------------------------- | -------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Top Servers by Average Load | This report shows servers with the highest average load. | None | This report is comprised of two elements: - Bar Chart – Displays top servers by average daily user count - Table – Provides details on top servers by average daily user count | -| Top Users (Outlook Web Access Traffic) | This report identifies top users of OWA. | None | This report is comprised of two elements: - Bar Chart – Displays top users - Table – Provides details on top users | +| Report | Description | Default Tags | Report Elements | +| -------------------------------------- | -------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Top Servers by Average Load | This report shows servers with the highest average load. | None | This report is comprised of two elements:
  • Bar Chart – Displays top servers by average daily user count
  • Table – Provides details on top servers by average daily user count
| +| Top Users (Outlook Web Access Traffic) | This report identifies top users of OWA. | None | This report is comprised of two elements:
  • Bar Chart – Displays top users
  • Table – Provides details on top users
| + diff --git a/docs/accessanalyzer/11.6/solutions/exchange/casmetrics/ex_rpctraffic.md b/docs/accessanalyzer/11.6/solutions/exchange/casmetrics/ex_rpctraffic.md index 273d13aea3..6a75690305 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/casmetrics/ex_rpctraffic.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/casmetrics/ex_rpctraffic.md @@ -18,22 +18,25 @@ The EX_RPCTraffic job is located in the Outlook Anywhere job group. View the analysis tasks by navigating to the **Exchange** > **2. CAS Metrics** > **Outlook Anywhere** > **EX_RPCTraffic** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the EX_RPCTraffic Job](/img/product_docs/accessanalyzer/11.6/solutions/exchange/casmetrics/rpctrafficanalysis.webp) The following analysis tasks are selected by default: -- 1. RPC View – Creates the SA_EX_RPCTraffic_Details table, accessible under the job’s Results +- **1. RPC View** – Creates the SA_EX_RPCTraffic_Details table, accessible under the job’s Results node -- 2. User Summary – Creates the SA_EX_RPCTraffic_UserSummary table, accessible under the job’s +- **2. User Summary** – Creates the SA_EX_RPCTraffic_UserSummary table, accessible under the job’s Results node -- 3. Server View – Creates the SA_EX_RPCTraffic_ServerSummary table, accessible under the job’s +- **3. Server View** – Creates the SA_EX_RPCTraffic_ServerSummary table, accessible under the job’s Results node -- 4. Servers Ranked – Creates the SA_EX_RPCTraffic_ServerRanked table, accessible under the job’s +- **4. Servers Ranked** – Creates the SA_EX_RPCTraffic_ServerRanked table, accessible under the job’s Results node -- 5. SET HISTORY RETENTION – Sets retention period in months +- **5. SET HISTORY RETENTION** – Sets retention period in months - The default is 6 months. It can be modified. - See the @@ -43,10 +46,13 @@ The following analysis tasks are selected by default: The following analysis tasks deletes table data from data collection and analysis jobs. These analysis tasks should remain cleared unless specifically needed: -**CAUTION:** Do not select the **00. Delete all History** option. This analysis task is for +:::warning +Do not select the **00. Delete all History** option. This analysis task is for troubleshooting and cleanup only. Data will be deleted from the database. +::: + -- 0. Delete all History - LEAVE UNCHECKED – Clears all historical data +- **0. Delete all History - LEAVE UNCHECKED** – Clears all historical data - See the [Troubleshooting Data Collection](/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/collection/ex_metricscollection.md#troubleshooting-data-collection) @@ -55,7 +61,8 @@ troubleshooting and cleanup only. Data will be deleted from the database. In addition to the tables and views created by the analysis tasks, the EX_RPCTraffic Job produces the following pre-configured reports: -| Report | Description | Default Tags | Report Elements | -| ---------------------------------------------------------------------- | -------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Top Servers by Average Load ( Top Servers by Average Daily User Count) | This report shows servers with the highest average load. | None | This report is comprised of two elements: - Stacked Bar Chart – Displays top servers by average daily user count - Table – Provides details on top servers by average daily user count | -| Top Users (Outlook Anywhere Traffic) | This report identifies top users of Outlook Anywhere. | None | This report is comprised of two elements: - Bar Chart – Displays top users - Table – Provides details on top users | +| Report | Description | Default Tags | Report Elements | +| ---------------------------------------------------------------------- | -------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Top Servers by Average Load ( Top Servers by Average Daily User Count) | This report shows servers with the highest average load. | None | This report is comprised of two elements:
  • Stacked Bar Chart – Displays top servers by average daily user count
  • Table – Provides details on top servers by average daily user count
| +| Top Users (Outlook Anywhere Traffic) | This report identifies top users of Outlook Anywhere. | None | This report is comprised of two elements:
  • Bar Chart – Displays top users
  • Table – Provides details on top users
| + diff --git a/docs/accessanalyzer/11.6/solutions/exchange/casmetrics/overview.md b/docs/accessanalyzer/11.6/solutions/exchange/casmetrics/overview.md index 0ff6386947..1f3ee284b9 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/casmetrics/overview.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/casmetrics/overview.md @@ -29,8 +29,11 @@ The jobs in the 2.CAS Metrics Job Group are: – Comprised of data collection and a report to show information about what policies are enabled for which users - **NOTE:** An actual CAS name is required for the data collection. When targeting Exchange 2013 + :::note + An actual CAS name is required for the data collection. When targeting Exchange 2013 or 2016, it is possible for the **Settings** > **Exchange** node to have been configured with a web address instead of an actual server. See the [ExchangePS Data Collector & Client Access Server](/docs/accessanalyzer/11.6/solutions/exchange/recommended.md) topic for additional information. + + ::: diff --git a/docs/accessanalyzer/11.6/solutions/exchange/casmetrics/recommended.md b/docs/accessanalyzer/11.6/solutions/exchange/casmetrics/recommended.md index 402685492c..2ee3077ce0 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/casmetrics/recommended.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/casmetrics/recommended.md @@ -6,14 +6,14 @@ sidebar_position: 10 # Recommended Configurations for the 2. CAS Metrics Job Group -Dependencies +**Dependencies** The following job groups need to be successfully run: - .Active Directory Inventory Job Group - .Entra ID Inventory Job Group -Targeted Hosts +**Targeted Hosts** The 0. Collection Job Group has been set to run against the following default dynamic host list: @@ -23,13 +23,19 @@ The EX_ASPolicies Job has been set to run against the following default dynamic - Exchange MB Servers -**NOTE:** Default dynamic host lists are populated from hosts in the Host Master Table which meet +:::note +Default dynamic host lists are populated from hosts in the Host Master Table which meet the host inventory criteria for the list. Ensure the appropriate host lists have been populated through host inventory results. +::: -**_RECOMMENDED:_** Modify hosts lists only in the 0. Collection Job Group or EX_ASPolicies Job. -Connection Profile +:::info +Modify hosts lists only in the 0. Collection Job Group or EX_ASPolicies Job. +::: + + +**Connection Profile** A Connection Profile must be set directly on the EX_IISLogs Job and the EX_ASPolicies Job. @@ -43,14 +49,17 @@ See the [Connection](/docs/accessanalyzer/11.6/admin/settings/connection/overview.md) topic for additional information. -Schedule Frequency +**Schedule Frequency** This job group has been designed to run daily one hour after the 1.HUB Metrics Job Group to process and collect the previous day’s message tracking logs. -**_RECOMMENDED:_** Run this Job Group at 2:00 AM. +:::info +Run this Job Group at 2:00 AM. +::: + -History Retention +**History Retention** History retention should not be enabled on this job group. History is kept through analysis tasks. Modify the following analysis tasks to customize the amount of history which is kept. @@ -61,7 +70,7 @@ Modify the following analysis tasks to customize the amount of history which is | EX_RPCTraffic | SET HISTORY RETENTION | 6 Months | | EX_OWATraffic | SET HISTORY RETENTION | 6 Months | -Query Configuration +**Query Configuration** The 2. CAS Metrics Job Group is designed to be run with the default query configurations. However, the following queries can be modified: @@ -71,12 +80,15 @@ the following queries can be modified: No other queries should be modified. -Analysis Configuration +**Analysis Configuration** The 2. CAS Metrics Job Group should be run with the default analysis configurations. -**CAUTION:** Most of these analysis tasks are preconfigured and should not be modified or +:::warning +Most of these analysis tasks are preconfigured and should not be modified or deselected. There are some that are deselected by default, as they are for troubleshooting purposes. +::: + The following analysis tasks should not be deselected, but their parameters can be modified: @@ -84,7 +96,7 @@ The following analysis tasks should not be deselected, but their parameters can - **Outlook Anywhere** > **EX_RPCTraffic** Job – **05. SET HISTORY RETENTION** Analysis Task - **Outlook Web Access** > **OWATraffic** Job – **05. SET HISTORY RETENTION** Analysis Task -Workflow +**Workflow** **Step 1 –** Set a Connection Profile on the jobs which run data collection. @@ -93,6 +105,9 @@ Workflow **Step 3 –** Schedule the **2. CAS Metrics** job group to run daily one hour after running the 1. HUB Metrics job group. -**_RECOMMENDED:_** Run Job group at 2:00 AM. +:::info +Run Job group at 2:00 AM. +::: + **Step 4 –** Review the reports generated by the jobs. diff --git a/docs/accessanalyzer/11.6/solutions/exchange/databases/collection/ex_dbinfo.md b/docs/accessanalyzer/11.6/solutions/exchange/databases/collection/ex_dbinfo.md index 884f456a71..d2becab51b 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/databases/collection/ex_dbinfo.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/databases/collection/ex_dbinfo.md @@ -12,11 +12,14 @@ The EX_DBInfo job utilizes Exchange PowerShell to gather 2010/2013 Mailbox Size The EX_DBInfo job is located in the 1.Local job group. -**NOTE:** An actual CAS name is required for the data collection. When targeting Exchange 2013 or +:::note +An actual CAS name is required for the data collection. When targeting Exchange 2013 or 2016, it is possible for the **Settings** > **Exchange** node to have been configured with a web address instead of an actual server. See the [ExchangePS Data Collector & Client Access Server](/docs/accessanalyzer/11.6/solutions/exchange/recommended.md) topic for additional information. +::: + ## Queries for the EX_DBInfo Job diff --git a/docs/accessanalyzer/11.6/solutions/exchange/databases/collection/ex_pfinfo.md b/docs/accessanalyzer/11.6/solutions/exchange/databases/collection/ex_pfinfo.md index db62a4669e..fdb7ececdc 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/databases/collection/ex_pfinfo.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/databases/collection/ex_pfinfo.md @@ -17,7 +17,10 @@ The EX_PFInfo job is located in the 2.PF job group. The EX_PFInfo Job uses the Exchange2K Data Collector for the query. -**CAUTION:** Do not modify the query. The query is preconfigured for this job. +:::warning +Do not modify the query. The query is preconfigured for this job. +::: + ![Queries for the EX_PFInfo Job](/img/product_docs/accessanalyzer/11.6/solutions/exchange/databases/collection/pfinfoquery.webp) diff --git a/docs/accessanalyzer/11.6/solutions/exchange/databases/ex_dbsizing.md b/docs/accessanalyzer/11.6/solutions/exchange/databases/ex_dbsizing.md index de785f9852..129521e8e1 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/databases/ex_dbsizing.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/databases/ex_dbsizing.md @@ -14,14 +14,17 @@ historical sizing information. View the analysis tasks by navigating to the **Exchange** > **3. Databases** > **EX_DBSizing** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the EX_DBSizing Job](/img/product_docs/accessanalyzer/11.6/solutions/exchange/databases/dbsizinganalysis.webp) The following analysis tasks are selected by default: -- 2. Database Size History – Creates the SA_EX_DBSizing_SizeHist table, accessible under the job’s +- **2. Database Size History** – Creates the SA_EX_DBSizing_SizeHist table, accessible under the job’s Results node - SET HISTORY RETENTION – Sets retention period in months @@ -30,18 +33,21 @@ The following analysis tasks are selected by default: [Exchange History Retention](/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/collection/ex_metricscollection.md#exchange-history-retention) topic for additional information -- 3. Database details table – Creates the SA_EX_DBSizing_StoreDetails table, accessible under the +- **3. Database details table** – Creates the SA_EX_DBSizing_StoreDetails table, accessible under the job’s Results node -- 4. 30 day Database growth table – Creates the SA_EX_DBSizing_30DayGrowth table, accessible under +- **4. 30 day Database growth table** – Creates the SA_EX_DBSizing_30DayGrowth table, accessible under the job’s Results node -- 5. 7 day Database growth table – Creates the SA_EX_DBSizing_7DayGrowth table, accessible under +- **5. 7 day Database growth table** – Creates the SA_EX_DBSizing_7DayGrowth table, accessible under the job’s Results node The following analysis task deletes table data from data collection and analysis jobs. This analysis task should remain cleared unless specifically needed: -**CAUTION:** Do not select the **00. Deletes all Stored Data** option. This analysis task is for +:::warning +Do not select the **00. Deletes all Stored Data** option. This analysis task is for troubleshooting and cleanup only. Data will be deleted from the database. +::: + - 1. Deletes all Stored Data @@ -52,9 +58,10 @@ troubleshooting and cleanup only. Data will be deleted from the database. In addition to the tables and views created by the analysis tasks, the EX_DBSizing Job produces the following pre-configured reports: -| Report | Description | Default Tags | Report Elements | -| ---------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Database Details (Storage Group Details) | This report provides the details of Mailbox Stores grouped by Server, then Storage Group. This report helps administrators locate Storage Groups that may be growing out of control. If a storage group with very few users is extremely large, further investigation may be required. | None | This report is comprised of two elements: - Bar Chart – Displays database sizes - Table – Provides details on database sizes | -| Database Growth Statistics | This report displays the top 10 Databases that grew over the last 30 days in pure MB. This report is filtered on the Rank Column for Top 10 and may be modified to fit any desired Top outcome. | None | This report is comprised of four elements: - Stacked Bar Chart – Displays store size growth - Stacked Bar Chart – Displays WhiteSpace growth - Table – Provides details on store size growth - Table – Provides details on WhiteSpace growth | -| Historical Database Information | This report shows the history of the store size, white space, mailbox count, and hard drive space on all targeted servers. | None | This report is comprised of one element: - Table – Displays details on historical store information | -| Mailbox Counts by Database | This report graphically displays the number of Mailboxes by Database.  It provides an overall picture of the Exchange Mailbox Environment. Having a clear break down of the number of mailboxes per database allows for better planning of architecture in the future. | None | This report is comprised of two elements: - Bar Chart – Displays mailbox counts by database - Table – Provides details on mailbox counts by database | +| Report | Description | Default Tags | Report Elements | +| ---------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Database Details (Storage Group Details) | This report provides the details of Mailbox Stores grouped by Server, then Storage Group. This report helps administrators locate Storage Groups that may be growing out of control. If a storage group with very few users is extremely large, further investigation may be required. | None | This report is comprised of two elements:
  • Bar Chart – Displays database sizes
  • Table – Provides details on database sizes
| +| Database Growth Statistics | This report displays the top 10 Databases that grew over the last 30 days in pure MB. This report is filtered on the Rank Column for Top 10 and may be modified to fit any desired Top outcome. | None | This report is comprised of four elements:
  • Stacked Bar Chart – Displays store size growth
  • Stacked Bar Chart – Displays WhiteSpace growth
  • Table – Provides details on store size growth
  • Table – Provides details on WhiteSpace growth
| +| Historical Database Information | This report shows the history of the store size, white space, mailbox count, and hard drive space on all targeted servers. | None | This report is comprised of one element:
  • Table – Displays details on historical store information
| +| Mailbox Counts by Database | This report graphically displays the number of Mailboxes by Database.  It provides an overall picture of the Exchange Mailbox Environment. Having a clear break down of the number of mailboxes per database allows for better planning of architecture in the future. | None | This report is comprised of two elements:
  • Bar Chart – Displays mailbox counts by database
  • Table – Provides details on mailbox counts by database
| + diff --git a/docs/accessanalyzer/11.6/solutions/exchange/databases/ex_dbtrending.md b/docs/accessanalyzer/11.6/solutions/exchange/databases/ex_dbtrending.md index c53d1261a8..ba2434db4e 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/databases/ex_dbtrending.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/databases/ex_dbtrending.md @@ -14,26 +14,30 @@ entire organization. View the analysis tasks by navigating to the **Exchange** > **3. Databases** > **EX_DBTrending** > **Configure** node and selecting **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the EX_DBTrending Job](/img/product_docs/accessanalyzer/11.6/solutions/exchange/databases/dbtrendinganalysis.webp) The following analysis tasks are selected by default: -- 0. Drop tables – Drops tables from previous runs -- 1. Store size history – Creates the SA_EX_DBTrending_History table, accessible under the job’s +- **0. Drop tables** – Drops tables from previous runs +- **1. Store size history** – Creates the SA_EX_DBTrending_History table, accessible under the job’s Results node -- 2. Trend Mailbox Database – Creates the SA_EX_DBTrending_MBTREND table, accessible under the +- **2. Trend Mailbox Database** – Creates the SA_EX_DBTrending_MBTREND table, accessible under the job’s Results node -- 3. Trend Public Store – Creates the SA_EX_DBTrending_PFTREND table, accessible under the job’s +- **3. Trend Public Store** – Creates the SA_EX_DBTrending_PFTREND table, accessible under the job’s Results node -- 4. Modify Runtime to be Date – Modifies the runtime for the SA_EX_DBTrending_MBTREND table and +- **4. Modify Runtime to be Date** – Modifies the runtime for the SA_EX_DBTrending_MBTREND table and the SA_EX_DBTrending_PFTREND table, to be set to a month/day/year (mdy) date format In addition to the tables and views created by the analysis tasks, the EX_DBTrending Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ----------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------- | -| Capacity Planning - Databases | This report displays the growth rate trend of your private stores and the growth rate trend of your public stores.  The trend is projected for two months. These reports help identify bad trends in growth on Exchange servers for hard drive space usage is key in avoiding running out of space. | None | This report is comprised of two elements: - Line Chart – Displays private store trend - Line Chart – Displays public store trend | +| Report | Description | Default Tags | Report Elements | +| --------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Capacity Planning
  • Databases
| This report displays the growth rate trend of your private stores and the growth rate trend of your public stores.  The trend is projected for two months. These reports help identify bad trends in growth on Exchange servers for hard drive space usage is key in avoiding running out of space. | None | This report is comprised of two elements:
  • Line Chart – Displays private store trend
  • Line Chart – Displays public store trend
| + diff --git a/docs/accessanalyzer/11.6/solutions/exchange/databases/recommended.md b/docs/accessanalyzer/11.6/solutions/exchange/databases/recommended.md index 10884ab4e3..acfc42255c 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/databases/recommended.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/databases/recommended.md @@ -6,7 +6,7 @@ sidebar_position: 10 # Recommended Configurations for the 3. Databases Job Group -Dependencies +**Dependencies** This job group requires the following items to be installed and configured on the Enterprise Auditor Console: @@ -15,7 +15,7 @@ Console: - Enterprise Auditor MAPI CDO installed - **Settings** > **Exchange** node configured -Targeted Hosts +**Targeted Hosts** The **0. Collection** > **1. Local** job group has been set to run against: @@ -26,11 +26,14 @@ dynamic host list: - Exchange MB Servers -**NOTE:** Default dynamic host lists are populated from hosts in the Host Master Table which meet +:::note +Default dynamic host lists are populated from hosts in the Host Master Table which meet the host inventory criteria for the list. Ensure the appropriate host lists have been populated through host inventory results. +::: -Connection Profile + +**Connection Profile** A Connection Profile must be set directly on the EX_DBInfo Job and the EX_PFInfo Job. See the [Exchange PowerShell Permissions](/docs/accessanalyzer/11.6/requirements/exchange/support/powershell.md) @@ -42,14 +45,17 @@ See the [Connection](/docs/accessanalyzer/11.6/admin/settings/connection/overview.md) topic for additional information. -Schedule Frequency +**Schedule Frequency** This job group has been designed to run daily to collect information about the size of databases in the environment. -**_RECOMMENDED:_** Run this Job Group at 3:00 AM. +:::info +Run this Job Group at 3:00 AM. +::: + -History Retention +**History Retention** History retention should not be enabled on this job group. History is kept through analysis tasks. Modify the following analysis tasks to customize the amount of history which is kept: @@ -58,7 +64,7 @@ Modify the following analysis tasks to customize the amount of history which is | ----------- | --------------------- | --------------- | | EX_DBSizing | SET HISTORY RETENTION | 6 Months | -Query Configuration +**Query Configuration** The 3. Databases Job Group is designed to be run with the default query configurations. However, the following query can be modified: @@ -67,18 +73,21 @@ following query can be modified: No other queries should be modified. -Analysis Configuration +**Analysis Configuration** The 3. Databases Job Group should be run with the default analysis configurations. -**CAUTION:** Most of the analysis tasks are preconfigured and should never be modified or +:::warning +Most of the analysis tasks are preconfigured and should never be modified or deselected. There are some that are deselected by default, as they are for troubleshooting purposes. +::: + The following analysis task should not be deselected, but the parameters can be modified: - **EX_DBSizing** Job – **SET HISTORY RETENTION** Analysis Task -Workflow +**Workflow** **Step 1 –** Set a Connection Profile on the jobs that run data collection. diff --git a/docs/accessanalyzer/11.6/solutions/exchange/distributionlists/ex_dlcleanup.md b/docs/accessanalyzer/11.6/solutions/exchange/distributionlists/ex_dlcleanup.md index 1f5c131ac8..b1781649cb 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/distributionlists/ex_dlcleanup.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/distributionlists/ex_dlcleanup.md @@ -15,19 +15,23 @@ should be reviewed and cleaned up. View the analysis task by navigating to the **Exchange** > **6. Distribution Lists** > **EX_DLCleanup** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the EX_DLCleanup Job](/img/product_docs/accessanalyzer/11.6/solutions/exchange/distributionlists/dlcleanupanalysis.webp) The following analysis task is selected by default: -- 1. DL Cleanup – Creates the SA_EX_GroupCleanup_GroupSummary table, accessible under the job’s +- **1. DL Cleanup** – Creates the SA_EX_GroupCleanup_GroupSummary table, accessible under the job’s Results node In addition to the tables and views created by the analysis task, the EX_DLCleanup job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ------------------------------------------------------ | ----------------------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------- | -| Distribution List Cleanup (Distribution List Overview) | This report identifies common issues which may affect distribution list group membership. | None | This report is comprised of one element: - Table – Provides a distribution list overview | +| Report | Description | Default Tags | Report Elements | +| ------------------------------------------------------ | ----------------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------- | +| Distribution List Cleanup (Distribution List Overview) | This report identifies common issues which may affect distribution list group membership. | None | This report is comprised of one element:
  • Table – Provides a distribution list overview
| + diff --git a/docs/accessanalyzer/11.6/solutions/exchange/distributionlists/ex_groupexpansion.md b/docs/accessanalyzer/11.6/solutions/exchange/distributionlists/ex_groupexpansion.md index 115cdb1439..83f3493b45 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/distributionlists/ex_groupexpansion.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/distributionlists/ex_groupexpansion.md @@ -17,8 +17,11 @@ The EX_GroupExpansion job is located in the Effective Membership job group. View the analysis tasks by navigating to the **Exchange** > **6. Distribution Lists** > **Effective Membership** > **EX_GroupExpansion** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the EX_GroupExpansion Job](/img/product_docs/accessanalyzer/11.6/solutions/exchange/distributionlists/groupexpansionanalysis.webp) @@ -26,5 +29,5 @@ The following analysis tasks are selected by default: - Drop Tables – Drops all previously-created tables and creates the group expansion function - 1a. Expand Distribution Groups – Expands the distribution group’s direct members -- 2. Create Group Membership View – Creates an interim processing table in the database for use by +- **2. Create Group Membership View** – Creates an interim processing table in the database for use by downstream analysis and report generation diff --git a/docs/accessanalyzer/11.6/solutions/exchange/distributionlists/membershipanalysis/ex_circularnesting.md b/docs/accessanalyzer/11.6/solutions/exchange/distributionlists/membershipanalysis/ex_circularnesting.md index 968a89cde8..a33a04aea2 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/distributionlists/membershipanalysis/ex_circularnesting.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/distributionlists/membershipanalysis/ex_circularnesting.md @@ -13,14 +13,17 @@ The EX_CircularNesting job identifies where circular nesting exists within distr View the analysis tasks by navigating to the **Exchange** > **6. Distribution Lists** > **Membership Analysis** > **EX_CircularNesting** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the EX_CircularNesting Job](/img/product_docs/accessanalyzer/11.6/solutions/exchange/distributionlists/membershipanalysis/circularnestinganalysis.webp) The following analysis tasks are selected by default: -- 1. Circular Nesting Details – Creates the SA_EX_CircularNesting_Details table, accessible under +- **1. Circular Nesting Details** – Creates the SA_EX_CircularNesting_Details table, accessible under the job’s Results node -- 2. Domain Summary – Creates the SA_EX_CircularNesting_DomainSummary table, accessible under the +- **2. Domain Summary** – Creates the SA_EX_CircularNesting_DomainSummary table, accessible under the job’s Results node diff --git a/docs/accessanalyzer/11.6/solutions/exchange/distributionlists/membershipanalysis/ex_emptygroups.md b/docs/accessanalyzer/11.6/solutions/exchange/distributionlists/membershipanalysis/ex_emptygroups.md index 622c3bd82d..19a548283d 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/distributionlists/membershipanalysis/ex_emptygroups.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/distributionlists/membershipanalysis/ex_emptygroups.md @@ -13,19 +13,22 @@ The EX_EmptyGroups job identifies empty distribution groups that are candidates View the analysis tasks by navigating to the **Exchange** > **6. Distribution Lists** > **Membership Analysis** > **EX_EmptyGroups** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the EX_EmptyGroups Job](/img/product_docs/accessanalyzer/11.6/solutions/exchange/distributionlists/membershipanalysis/emptygroupsanalysis.webp) The following analysis tasks are selected by default: -- 0. Drop tables – Drops tables from previous runs -- 1. Empty Groups – Creates the SA_EX_EmptyGroups_Empty table, accessible under the job’s Results +- **0. Drop tables** – Drops tables from previous runs +- **1. Empty Groups** – Creates the SA_EX_EmptyGroups_Empty table, accessible under the job’s Results node -- 2. Single User Groups – Creates the SA_EX_EmptyGroups_SingleUser table, accessible under the +- **2. Single User Groups** – Creates the SA_EX_EmptyGroups_SingleUser table, accessible under the job’s Results node -- 3. Summarize Empty Groups – Creates the SA_EX_EmptyGroups_EmptySummary table, accessible under +- **3. Summarize Empty Groups** – Creates the SA_EX_EmptyGroups_EmptySummary table, accessible under the job’s Results node -- 4. Summarize Single User Groups – Creates the SA_EX_EmptyGroups_SingleUserSummary table, +- **4. Summarize Single User Groups** – Creates the SA_EX_EmptyGroups_SingleUserSummary table, accessible under the job’s Results node diff --git a/docs/accessanalyzer/11.6/solutions/exchange/distributionlists/membershipanalysis/ex_largestgroups.md b/docs/accessanalyzer/11.6/solutions/exchange/distributionlists/membershipanalysis/ex_largestgroups.md index 4c1fe7f042..5b01f5d09e 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/distributionlists/membershipanalysis/ex_largestgroups.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/distributionlists/membershipanalysis/ex_largestgroups.md @@ -13,12 +13,15 @@ The EX_LargestGroups job identifies distribution groups with a high member count View the analysis task by navigating to the **Exchange** > **6. Distribution Lists** > **Membership Analysis** > **EX_LargestGroups** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the EX_LargestGroups Job](/img/product_docs/accessanalyzer/11.6/solutions/exchange/distributionlists/membershipanalysis/largestgroupsanalysis.webp) The following analysis task is selected by default: -- 1. Group Details – Creates the SA_EX_LargestGroups_Details table, accessible under the job’s +- **1. Group Details** – Creates the SA_EX_LargestGroups_Details table, accessible under the job’s Results node diff --git a/docs/accessanalyzer/11.6/solutions/exchange/distributionlists/membershipanalysis/ex_nestedgroups.md b/docs/accessanalyzer/11.6/solutions/exchange/distributionlists/membershipanalysis/ex_nestedgroups.md index 0c7b058021..74f42413f1 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/distributionlists/membershipanalysis/ex_nestedgroups.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/distributionlists/membershipanalysis/ex_nestedgroups.md @@ -13,14 +13,17 @@ The EX_NestedGroups job identifies where nesting exists within distribution grou View the analysis tasks by navigating to the **Exchange** > **6. Distribution Lists** > **Membership Analysis** > **EX_NestedGroups** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the EX_NestedGroups Job](/img/product_docs/accessanalyzer/11.6/solutions/exchange/distributionlists/membershipanalysis/nestedgroupsanalysis.webp) The following analysis tasks are selected by default: -- 1. Details – Creates the SA_EX_NestedGroups_Details table, accessible under the job’s Results +- **1. Details** – Creates the SA_EX_NestedGroups_Details table, accessible under the job’s Results node -- 2. Summarize by Domain – Creates the SA_EX_NestedGroups_DomainSummary table, accessible under +- **2. Summarize by Domain** – Creates the SA_EX_NestedGroups_DomainSummary table, accessible under the job’s Results node diff --git a/docs/accessanalyzer/11.6/solutions/exchange/distributionlists/membershipanalysis/ex_stalegroups.md b/docs/accessanalyzer/11.6/solutions/exchange/distributionlists/membershipanalysis/ex_stalegroups.md index 5399368972..dcc80405f4 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/distributionlists/membershipanalysis/ex_stalegroups.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/distributionlists/membershipanalysis/ex_stalegroups.md @@ -14,16 +14,19 @@ logon of the members. These groups should be reviewed and cleaned up. View the analysis tasks by navigating to the **Exchange** > **6. Distribution Lists** > **Membership Analysis** > **EX_StaleGroups** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the EX_StaleGroups Job](/img/product_docs/accessanalyzer/11.6/solutions/exchange/distributionlists/membershipanalysis/stalegroupsanalysis.webp) The following analysis tasks are selected by default: -- 1. Stale User Details – Creates the SA_EX_StaleGroups_Details table, accessible under the job’s +- **1. Stale User Details** – Creates the SA_EX_StaleGroups_Details table, accessible under the job’s Results node -- 2. Group Summary – Creates the SA_EX_StaleGroups_GroupSummary table, accessible under the job’s +- **2. Group Summary** – Creates the SA_EX_StaleGroups_GroupSummary table, accessible under the job’s Results node -- 3. Stale Groups – Creates an interim processing table in the database, for use by downstream +- **3. Stale Groups** – Creates an interim processing table in the database, for use by downstream analysis and report generations diff --git a/docs/accessanalyzer/11.6/solutions/exchange/distributionlists/overview.md b/docs/accessanalyzer/11.6/solutions/exchange/distributionlists/overview.md index b335ad88ef..cba1e43629 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/distributionlists/overview.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/distributionlists/overview.md @@ -13,7 +13,10 @@ in addition to providing context around potentially stale distribution lists. The following comprise the 6. Distribution Lists job group: -**NOTE:** These jobs are compatible with the Office 365 environment. +:::note +These jobs are compatible with the Office 365 environment. +::: + - [Effective Membership > EX_GroupExpansion Job](/docs/accessanalyzer/11.6/solutions/exchange/distributionlists/ex_groupexpansion.md) – Expands the direct membership of distribution groups in the environment diff --git a/docs/accessanalyzer/11.6/solutions/exchange/distributionlists/recommended.md b/docs/accessanalyzer/11.6/solutions/exchange/distributionlists/recommended.md index 178bbdf995..899adaf8bf 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/distributionlists/recommended.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/distributionlists/recommended.md @@ -6,7 +6,7 @@ sidebar_position: 10 # Recommended Configurations for the 6. Distribution Lists Job Group -Dependencies +**Dependencies** The following job groups need to be successfully run: @@ -22,15 +22,18 @@ The following job groups need to be successfully run: - Provides data on distribution list metrics for Exchange Online environments and the last time a distribution list received mail -Schedule Frequency +**Schedule Frequency** This job group has been designed to run daily after the .Active Directory Inventory Job Group has been run, to analyze distribution list membership. This job group does not collect data. It uses the data collection from the .Active Directory Inventory Job Group. -**_RECOMMENDED:_** Run this job group at 5:00 AM. +:::info +Run this job group at 5:00 AM. +::: -Workflow + +**Workflow** **Step 1 –** Schedule the 6. Distribution Lists job group to run daily after the .Active Directory Inventory job group has successfully run. diff --git a/docs/accessanalyzer/11.6/solutions/exchange/ex_useroverview.md b/docs/accessanalyzer/11.6/solutions/exchange/ex_useroverview.md index d3f25240a2..70feefcc6f 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/ex_useroverview.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/ex_useroverview.md @@ -13,7 +13,7 @@ environment. ![EX_UserOverview Job in the Jobs Tree](/img/product_docs/accessanalyzer/11.6/solutions/exchange/mailflowuseroverviewjobstree.webp) -Dependencies +**Dependencies** The following job groups need to be successfully run prior to this job: @@ -25,7 +25,7 @@ The following job groups need to be successfully run prior to this job: - **Exchange** > **4.Mailboxes** > **Sizing** Job Group - **Exchange** > **5. Public Folders** Job Group -Schedule Frequency +**Schedule Frequency** It is recommended to run this job daily after running its dependencies, but it can be scheduled to run as desired. @@ -35,43 +35,47 @@ run as desired. View the analysis task by navigating to the **Exchange** > **EX_UserOverview** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the EX_Mailflow_UserOverview Job](/img/product_docs/accessanalyzer/11.6/solutions/exchange/mailflowuseroverviewanalysis.webp) The following analysis tasks are selected by default: -- 1. User Overview – Creates the SA_EX_UserOverview_Permissions table, accessible under the job’s +- **1. User Overview** – Creates the SA_EX_UserOverview_Permissions table, accessible under the job’s Results node -- 2. Add delegate Information to Overview – Adds Delegates to the SA_EX_UserOverview_Permissions +- **2. Add delegate Information to Overview** – Adds Delegates to the SA_EX_UserOverview_Permissions table -- 3. Mailbox Access – Adds Mailbox Rights to the SA_EX_UserOverview_Permissions table -- 4. Send As – Adds Send As Rights to the SA_EX_UserOverview_Permissions table -- 5. Public Folders – Adds Public Folder Permissions to the SA_EX_UserOverview_Permissions table -- 6. DL Membership – Adds DL Membership to the SA_EX_UserOverview_Permissions table -- 7. Mailbox Size – Adds Mailbox Size to the SA_EX_UserOverview_Permissions table -- 8. Permission Listing – Creates a listing of each user and their access rights in the +- **3. Mailbox Access** – Adds Mailbox Rights to the SA_EX_UserOverview_Permissions table +- **4. Send As** – Adds Send As Rights to the SA_EX_UserOverview_Permissions table +- **5. Public Folders** – Adds Public Folder Permissions to the SA_EX_UserOverview_Permissions table +- **6. DL Membership** – Adds DL Membership to the SA_EX_UserOverview_Permissions table +- **7. Mailbox Size** – Adds Mailbox Size to the SA_EX_UserOverview_Permissions table +- **8. Permission Listing** – Creates a listing of each user and their access rights in the environment -- 9. Rank by Total Permissions – Adds Ranks to the SA_EX_UserOverview_Permissions table -- 10. Summarize User Message Traffic – Creates the SA_EX_UserOverview_MessageTraffic table, +- **9. Rank by Total Permissions** – Adds Ranks to the SA_EX_UserOverview_Permissions table +- **10. Summarize User Message Traffic** – Creates the SA_EX_UserOverview_MessageTraffic table, accessible under the job’s Results node -- 11. Active Sync Devices – Updates table with User ActiveSync Devices -- 12. Message Traffic Date Ranges – Creates the SA_EX_MessageTraffic_DateRange table, accessible +- **11. Active Sync Devices** – Updates table with User ActiveSync Devices +- **12. Message Traffic Date Ranges** – Creates the SA_EX_MessageTraffic_DateRange table, accessible under the job’s Results node -- 13. Summarize User Message Volume – Creates the SA_EX_UserOverview_DataVolume table, accessible +- **13. Summarize User Message Volume** – Creates the SA_EX_UserOverview_DataVolume table, accessible under the job’s Results node -- 14. RPC Volume – Updates SA_EX_UserOverview_Datavolume table with RPC volume -- 15. OWA Volume – Updates SA_EX_UserOverview_Datavolume table with OWA volume -- 16. ActiveSync Volume – Updates SA_EX_UserOverview_Datavolume table with ActiveSync volume -- 17. Data Volume Date Ranges – Creates the SA_EX_TrafficOverview_DateRange table, accessible +- **14. RPC Volume** – Updates SA_EX_UserOverview_Datavolume table with RPC volume +- **15. OWA Volume** – Updates SA_EX_UserOverview_Datavolume table with OWA volume +- **16. ActiveSync Volume** – Updates SA_EX_UserOverview_Datavolume table with ActiveSync volume +- **17. Data Volume Date Ranges** – Creates the SA_EX_TrafficOverview_DateRange table, accessible under the job’s Results node In addition to the tables and views created by the analysis tasks, the EX_UserOverview job produces the following pre-configured reports: -| Report | Description | Default Tags | Report Elements | -| ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Top Users by Message Traffic | This report shows the top users of Exchange based on the past 30 days of message count. | None | This report is comprised of two elements: - Bar Chart– Displays top users by 30 day message traffic - Table – Provides details on top users by 30 day message traffic | -| Top Users by Message Volume | This report shows the top users of Exchange based on the past 30 days of message volume. All statistics are in megabytes | None | This report is comprised of two elements: - Bar Chart – Displays top users by message volume - Table – Provides details on top users by message volume | -| Top Users by Permissions (Exchange User Access) | This report identifies users with a broad range of access across the exchange environment. | None | This report is comprised of three elements: - Bar Chart – Displays top users by permission count - Table – Provides details on top users by permission count - Table – Provides details on permission listing by user | +| Report | Description | Default Tags | Report Elements | +| ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Top Users by Message Traffic | This report shows the top users of Exchange based on the past 30 days of message count. | None | This report is comprised of two elements:
  • Bar Chart– Displays top users by 30 day message traffic
  • Table – Provides details on top users by 30 day message traffic
| +| Top Users by Message Volume | This report shows the top users of Exchange based on the past 30 days of message volume. All statistics are in megabytes | None | This report is comprised of two elements:
  • Bar Chart – Displays top users by message volume
  • Table – Provides details on top users by message volume
| +| Top Users by Permissions (Exchange User Access) | This report identifies users with a broad range of access across the exchange environment. | None | This report is comprised of three elements:
  • Bar Chart – Displays top users by permission count
  • Table – Provides details on top users by permission count
  • Table – Provides details on permission listing by user
| + diff --git a/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/collection/appletstatuscheck.md b/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/collection/appletstatuscheck.md index 3cc2e1f431..d90c510d15 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/collection/appletstatuscheck.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/collection/appletstatuscheck.md @@ -13,7 +13,10 @@ Exchange servers. The .AppletStatusCheck Job uses the Script Data Collector. -**CAUTION:** Do not modify the query. The query is preconfigured for this job. +:::warning +Do not modify the query. The query is preconfigured for this job. +::: + ![Queries for the .AppletStatusCheck Job](/img/product_docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/collection/appletstatuscheckquery.webp) diff --git a/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/collection/ex_metricscollection.md b/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/collection/ex_metricscollection.md index 6ad42db013..9202d41a96 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/collection/ex_metricscollection.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/collection/ex_metricscollection.md @@ -14,7 +14,10 @@ to process and collect that previous 7 days of Message Tracking Logs the first t after that it only collects the previous day unless the **Enable Persistent Log State** option has been enabled in the query. -**_RECOMMENDED:_** Run this job with the default configuration settings for all queries. +:::info +Run this job with the default configuration settings for all queries. +::: + See the [ExchangeMetrics Data Collector](/docs/accessanalyzer/11.6/admin/datacollector/exchangemetrics/overview.md) @@ -41,28 +44,31 @@ The following queries are included in the EX_MetricsCollection Job: View the analysis tasks by navigating to the **Exchange** > **1. HUB Metrics** > **0. Collection** > **EX_MetricsCollection** > **Configure** node and selecting **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the EX_MetrixCollection Job](/img/product_docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/collection/metricscollectionanalysis.webp) The following analysis tasks are selected by default: -- 1. Delivery Times History – Creates the SA_ExhangeMetrics_DeliveryTimes table, accessible under +- **1. Delivery Times History** – Creates the SA_ExhangeMetrics_DeliveryTimes table, accessible under the job’s Results node -- 2. DL History – Creates the SA*EX* ExhangeMetrics_DistributionLists table, accessible under the +- **2. DL History** – Creates the SA*EX* ExhangeMetrics_DistributionLists table, accessible under the job’s Results node -- 3. Internet Traffic History – Creates the SA_EX_ExhangeMetrics_InternetTraffic table, accessible +- **3. Internet Traffic History** – Creates the SA_EX_ExhangeMetrics_InternetTraffic table, accessible under the job’s Results node -- 4. Hourly Traffic History – Creates the SA_EX_ExhangeMetrics_HourlyTraffic table, accessible +- **4. Hourly Traffic History** – Creates the SA_EX_ExhangeMetrics_HourlyTraffic table, accessible under the job’s Results node -- 5. User Traffic History – Creates the SA_EX_ExhangeMetrics_UserTraffic table, accessible under +- **5. User Traffic History** – Creates the SA_EX_ExhangeMetrics_UserTraffic table, accessible under the job’s Results node -- 6. Message Size History – Creates the SA_EX_ExhangeMetrics_MessageSize table, accessible under +- **6. Message Size History** – Creates the SA_EX_ExhangeMetrics_MessageSize table, accessible under the job’s Results node -- 7. Server Traffic History – Creates the SA_EX_ExhangeMetrics_ServerTraffic table, accessible +- **7. Server Traffic History** – Creates the SA_EX_ExhangeMetrics_ServerTraffic table, accessible under the job’s Results node -- 8. SET HISTORY RETENTION – Sets retention period in months +- **8. SET HISTORY RETENTION** – Sets retention period in months - By default set to retain **6 months** - This retention period can be modified. See the @@ -71,10 +77,13 @@ The following analysis tasks are selected by default: The following analysis task deletes table data from data collection and analysis jobs. This analysis task should remain deselected unless specifically needed: -**CAUTION:** Do not select the **00. Deletes all Stored Data** option. This analysis task is for +:::warning +Do not select the **00. Deletes all Stored Data** option. This analysis task is for troubleshooting and cleanup only. Data will be deleted from the database. +::: + -- 0. Deletes all Stored Data - LEAVE UNCHECKED – Clears all historical data +- **0. Deletes all Stored Data - LEAVE UNCHECKED** – Clears all historical data - See the [Troubleshooting Data Collection](#troubleshooting-data-collection) topic for additional information @@ -128,7 +137,10 @@ the database or truncating the data within the tables. This option is provided t task that is not selected by default. Only one analysis task within a job should be enabled when the desire is to purge that database. -**CAUTION:** This analysis task deletes information collected or produced by jobs in this solution. +:::warning +This analysis task deletes information collected or produced by jobs in this solution. +::: + Follow these steps to troubleshoot data collection: @@ -139,7 +151,10 @@ Follow these steps to troubleshoot data collection: **Step 2 –** In the Analysis Selection view, clear all default analysis tasks (if any) and select the analysis task which purges data. -_Remember,_ only one task should be selected. +:::tip +Remember, only one task should be selected. +::: + **Step 3 –** In the Navigation pane, right-click the **Analysis** node and select **Execute Analyses**. diff --git a/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/collection/ex_metricsdetails.md b/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/collection/ex_metricsdetails.md index 9346b33e8c..34fc024313 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/collection/ex_metricsdetails.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/collection/ex_metricsdetails.md @@ -42,7 +42,10 @@ Properties**. The Query Properties window opens. **Step 3 –** Select the **Data Source** tab, and click **Configure**. The Exchange Metrics Data Collector Wizard opens. -**CAUTION:** Do not modify other wizard pages. The wizard pages are pre-configured for this job. +:::warning +Do not modify other wizard pages. The wizard pages are pre-configured for this job. +::: + ![Exchange Metrics Data Collector Wizard Message Activity Filter page](/img/product_docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/collection/exchangemetricsmessageactivityfilter.webp) @@ -61,16 +64,19 @@ The EX_MetricsDetails Job returns data for the identified sender and recipient d View the analysis tasks by navigating to the **Exchange** > **1. HUB Metrics** > **0. Collection** > **EX_MetricsDetails** > **Configure** node and selecting **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the EX_MetricsDetails Job](/img/product_docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/collection/metricsdetailsanalysis.webp) The following analysis tasks are selected by default: -- 1. User to User Traffic History – Creates the SA_EX_ExhangeMetrics_MessageTraffic table +- **1. User to User Traffic History** – Creates the SA_EX_ExhangeMetrics_MessageTraffic table accessible under the job’s Results node -- 2. SET HISTORY RETENTION – Sets retention period in months +- **2. SET HISTORY RETENTION** – Sets retention period in months - By default set to retain **6 months** - This retention period can be modified. See the @@ -80,10 +86,13 @@ The following analysis tasks are selected by default: The following analysis task clears table data from data collection and analysis jobs. This analysis task should remain deselected unless specifically needed: -**CAUTION:** Do not select the **00. DROP HISTORY** option. This analysis task is for +:::warning +Do not select the **00. DROP HISTORY** option. This analysis task is for troubleshooting and cleanup only. Data will be deleted from the database. +::: + -- 0. DROP HISTORY - LEAVE UNCHECKED – Clears all historical data +- **0. DROP HISTORY - LEAVE UNCHECKED** – Clears all historical data - See the [Troubleshooting Data Collection](/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/collection/ex_metricscollection.md#troubleshooting-data-collection) diff --git a/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/collection/overview.md b/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/collection/overview.md index c5bbd33947..c661085930 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/collection/overview.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/collection/overview.md @@ -25,7 +25,10 @@ The jobs in the 0.Collection Job Group are: - [EX_MetricsDetails Job](/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/collection/ex_metricsdetails.md) – Collects user to user traffic per day - **NOTE:** This job's query needs to be configured to the internal domains from which to collect + :::note + This job's query needs to be configured to the internal domains from which to collect the sender to recipient traffic. By default, the query is configured to collect the previous 1 day of Message Tracking Logs and has @netwrix.com configured as the domain. If the domains are not configured in the query, then most likely data collection does not return. + + ::: diff --git a/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/ex_deliverytimes.md b/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/ex_deliverytimes.md index 5812bc54d7..7e460fbe87 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/ex_deliverytimes.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/ex_deliverytimes.md @@ -13,27 +13,31 @@ The EX_DeliveryTimes Job provides information around organizational and server-l View the analysis tasks by navigating to the **Exchange** > **1. HUB Metrics** > **EX_DeliveryTimes** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the EX_DeliveryTimes Job](/img/product_docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/deliverytimesanalysis.webp) The following analysis tasks are selected by default: -- 1. Server SLA – Creates the SA_EX_DeliveryTimes_ServerSLA table, accessible under the job’s +- **1. Server SLA** – Creates the SA_EX_DeliveryTimes_ServerSLA table, accessible under the job’s Results node -- 2. Org SLA – Creates the SA_EX_DeliveryTimes_OrgSLA table, accessible under the job’s Results +- **2. Org SLA** – Creates the SA_EX_DeliveryTimes_OrgSLA table, accessible under the job’s Results node -- 3. Org pivot – Creates the SA_EX_DeliveryTimes_OrgDeliveryByCount table, accessible under the +- **3. Org pivot** – Creates the SA_EX_DeliveryTimes_OrgDeliveryByCount table, accessible under the job’s Results node -- 4. Org By Volume – Creates the SA_EX_DeliveryTimes_OrgDeliveryByVolume table, accessible under +- **4. Org By Volume** – Creates the SA_EX_DeliveryTimes_OrgDeliveryByVolume table, accessible under the job’s Results node -- 5. Org Delivery By Count Last 30 Days – Creates the SA_EX_DeliveryTimes_OrgDeliveryByCountLast30 +- **5. Org Delivery By Count Last 30 Days** – Creates the SA_EX_DeliveryTimes_OrgDeliveryByCountLast30 table, accessible under the job’s Results node In addition to the tables and views created by the analysis tasks, the EX_DeliveryTimes Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| -------------- | --------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Delivery Times | This report highlights delivery times overall and by server to identify potential issues with SLAs. | None | This report is comprised of three elements: - Line Chart – Displays percent of mail delivered by time frame (last 30 days) - Table – Provides details on mail delivered by time frame - Table – Provides details on percentage of mail delivered in under 1 minute | +| Report | Description | Default Tags | Report Elements | +| -------------- | --------------------------------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Delivery Times | This report highlights delivery times overall and by server to identify potential issues with SLAs. | None | This report is comprised of three elements:
  • Line Chart – Displays percent of mail delivered by time frame (last 30 days)
  • Table – Provides details on mail delivered by time frame
  • Table – Provides details on percentage of mail delivered in under 1 minute
| + diff --git a/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/ex_dlmetrics.md b/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/ex_dlmetrics.md index 45282ccb01..0c4c5c3d68 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/ex_dlmetrics.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/ex_dlmetrics.md @@ -13,22 +13,26 @@ The EX_DLMetrics Job provides information around distribution list usage. View the analysis tasks by navigating to the **Exchange** > **1. HUB Metrics** > **EX_DLMetrics** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the EX_DLMetrics Job](/img/product_docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/dlmetricsanalysis.webp) The following analysis tasks are selected by default: -- 1. DL Metrics – Creates the SA_EX_DLMetrics_Details table, accessible under the job’s Results +- **1. DL Metrics** – Creates the SA_EX_DLMetrics_Details table, accessible under the job’s Results node -- 2. Historical Metrics – Creates the SA_EX_DLMetrics_HistoricalStatistics table, accessible under +- **2. Historical Metrics** – Creates the SA_EX_DLMetrics_HistoricalStatistics table, accessible under the job’s Results node In addition to the tables and views created by the analysis tasks, the EX_DLMetrics Job produces the following pre-configured reports: -| Report | Description | Default Tags | Report Elements | -| ------------------------------------------------------------------------ | ------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Distribution Lists by Message Count (Most Active DLs by Message Count) | This report identifies the most active distribution lists by count of messages sent. | None | This report is comprised of two elements: - Bar Chart – Displays top distribution lists by message count (last 30 days) - Table – Provides details on top distribution lists by message count (last 30 days) | -| Distribution Lists by Message Volume (Most Active DLs by Message Volume) | This report identifies the most active distribution lists by volume of messages sent. | None | This report is comprised of two elements: - Bar Chart – Displays top distribution lists by message volume (last 30 days) - Table – Provides details on distribution lists by message volume (last 30 days) | +| Report | Description | Default Tags | Report Elements | +| ------------------------------------------------------------------------ | ------------------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Distribution Lists by Message Count (Most Active DLs by Message Count) | This report identifies the most active distribution lists by count of messages sent. | None | This report is comprised of two elements:
  • Bar Chart – Displays top distribution lists by message count (last 30 days)
  • Table – Provides details on top distribution lists by message count (last 30 days)
| +| Distribution Lists by Message Volume (Most Active DLs by Message Volume) | This report identifies the most active distribution lists by volume of messages sent. | None | This report is comprised of two elements:
  • Bar Chart – Displays top distribution lists by message volume (last 30 days)
  • Table – Provides details on distribution lists by message volume (last 30 days)
| + diff --git a/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/ex_domainmetrics.md b/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/ex_domainmetrics.md index 3e624d4c8c..9f95aa806a 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/ex_domainmetrics.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/ex_domainmetrics.md @@ -14,22 +14,26 @@ coming from. View the analysis tasks by navigating to the **Exchange** > **1. HUB Metrics** > **EX_DomainMetrics** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the EX_DomainMetrics Job](/img/product_docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/domainmetricsanalysis.webp) The following analysis tasks are selected by default: -- 1. External Domain Traffic - Count – Creates the SA_EX_DomainMetrics_Count table, accessible +- **1. External Domain Traffic - Count** – Creates the SA_EX_DomainMetrics_Count table, accessible under the job’s Results node -- 2. External Domain Traffic - Volume – Creates the SA_EX_DomainMetrics_Volume table, accessible +- **2. External Domain Traffic - Volume** – Creates the SA_EX_DomainMetrics_Volume table, accessible under the job’s Results node In addition to the tables and views by the analysis tasks, the EX_DomainMetrics Job produces the following pre-configured reports: -| Report | Description | Default Tags | Report Elements | -| ------------------------------------------------------------- | -------------------------------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Top External Domains by Message Count (Top External Domains) | This report identifies which external domains have the largest traffic flow between organizations. | None | This report is comprised of three elements: - Stacked Bar Chart – Displays access by team - Table – Provides a database access summary - Table – Provides database access details | -| Top External Domains by Message Volume (Top External Domains) | This report identifies which external domains have the largest traffic flow between orgs. | None | This report is comprised of two elements: - Stacked Bar Chart – Displays top domain by message count (30 days) - Table – Provides details on top domain by message count (30 days) | +| Report | Description | Default Tags | Report Elements | +| ------------------------------------------------------------- | -------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Top External Domains by Message Count (Top External Domains) | This report identifies which external domains have the largest traffic flow between organizations. | None | This report is comprised of three elements:
  • Stacked Bar Chart – Displays access by team
  • Table – Provides a database access summary
  • Table – Provides database access details
| +| Top External Domains by Message Volume (Top External Domains) | This report identifies which external domains have the largest traffic flow between orgs. | None | This report is comprised of two elements:
  • Stacked Bar Chart – Displays top domain by message count (30 days)
  • Table – Provides details on top domain by message count (30 days)
| + diff --git a/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/ex_hourlymetrics.md b/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/ex_hourlymetrics.md index b16c9c0908..dde919c2b4 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/ex_hourlymetrics.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/ex_hourlymetrics.md @@ -14,25 +14,32 @@ receives each hour. View the analysis tasks by navigating to the **Exchange** > **1. HUB Metrics** > **EX_HourlyMetrics** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are + +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the EX_HourlyMetrics Job](/img/product_docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/hourlymetricsanalysis.webp) The following analysis tasks are selected by default: -- 1. Server Averages – Creates the SA_EX_HourlyMetrics_ServerAverages table, accessible under the +- **1. Server Averages** – Creates the SA_EX_HourlyMetrics_ServerAverages table, accessible under the job’s Results node -- 2. Org Averages – Creates the SA_EX_HourlyMetrics_OrgAverages table, accessible under the job’s +- **2. Org Averages** – Creates the SA_EX_HourlyMetrics_OrgAverages table, accessible under the job’s Results node In addition to the tables and views created by the analysis tasks, the EX_HourlyMetrics Job produces the following pre-configured reports: -| Report | Description | Default Tags | Report Elements | -| --------------------------------------- | ---------------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Hourly Traffic (Average Hourly Traffic) | This report identifies which hours during the day have the most traffic by count of messages. | None | This report is comprised of two elements: - Column Chart – Displays average hourly traffic by enterprise - Table – Provides details on average hourly traffic by server | -| Hourly Volume (Average Hourly Volume) | This report identifies which hours during the day have the most traffic by volume of messages. | None | This report is comprised of two elements: - Column Chart – Displays average hourly volume (MB) - Table – Provides details on server averages | +| Report | Description | Default Tags | Report Elements | +| --------------------------------------- | ---------------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Hourly Traffic (Average Hourly Traffic) | This report identifies which hours during the day have the most traffic by count of messages. | None | This report is comprised of two elements:
  • Column Chart – Displays average hourly traffic by enterprise
  • Table – Provides details on average hourly traffic by server
| +| Hourly Volume (Average Hourly Volume) | This report identifies which hours during the day have the most traffic by volume of messages. | None | This report is comprised of two elements:
  • Column Chart – Displays average hourly volume (MB)
  • Table – Provides details on server averages
| + diff --git a/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/ex_messagesize.md b/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/ex_messagesize.md index e25f469dc3..7193c4d851 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/ex_messagesize.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/ex_messagesize.md @@ -13,19 +13,23 @@ The EX_MessageSize Job provides information around the size of sent and received View the analysis task by navigating to the **Exchange** > **1. HUB Metrics** > **EX_MessageSize** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the EX_MessageSize Job](/img/product_docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/messagesizeanalysis.webp) The following analysis task is selected by default: -- 1. Message Size by Server – Creates the SA_EX_MessageSize_HostSummary table accessible under the +- **1. Message Size by Server** – Creates the SA_EX_MessageSize_HostSummary table accessible under the job’s Results node In addition to the tables and views created by the analysis task, the EX_MessageSize Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ------------ | ------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Message Size | This report identifies servers which handle the largest mail. | None | This report is comprised of two elements: - Bar Chart – Displays top servers by average message size (KB) - Table – Provides details on average message size by server (KB) | +| Report | Description | Default Tags | Report Elements | +| ------------ | ------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Message Size | This report identifies servers which handle the largest mail. | None | This report is comprised of two elements:
  • Bar Chart – Displays top servers by average message size (KB)
  • Table – Provides details on average message size by server (KB)
| + diff --git a/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/ex_servermetrics.md b/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/ex_servermetrics.md index 835bbec803..ff24e2da28 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/ex_servermetrics.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/ex_servermetrics.md @@ -14,33 +14,37 @@ received, journaling, transport, and NDR counts and sizes. View the analysis tasks by navigating to the **Exchange** > **1. HUB Metrics** > **EX_ServerMetrics** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the EX_ServerMetrics Job](/img/product_docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/servermetricsanalysis.webp) The following analysis tasks are selected by default: -- 1. Transport – Creates the SA_EX_ServerMetrics_Transport table, accessible under the job’s +- **1. Transport** – Creates the SA_EX_ServerMetrics_Transport table, accessible under the job’s Results node -- 2. NDRs – Creates the SA_EX_ServerMetrics_NDRs table, accessible under the job’s Results node -- 3. Journaling – Creates the SA_EX_ServerMetrics_Journaling table, accessible under the job’s +- **2. NDRs** – Creates the SA_EX_ServerMetrics_NDRs table, accessible under the job’s Results node +- **3. Journaling** – Creates the SA_EX_ServerMetrics_Journaling table, accessible under the job’s Results node -- 4. Yesterday – Creates the SA_EX_ServerMetrics_Yesterday table, accessible under the job’s +- **4. Yesterday** – Creates the SA_EX_ServerMetrics_Yesterday table, accessible under the job’s Results node -- 5. Last 7 Days – Creates the SA_EX_ServerMetrics_Last7Days table, accessible under the job’s +- **5. Last 7 Days** – Creates the SA_EX_ServerMetrics_Last7Days table, accessible under the job’s Results node -- 6. Last 30 Days – Creates the SA_EX_ServerMetrics_Last30Days table, accessible under the job’s +- **6. Last 30 Days** – Creates the SA_EX_ServerMetrics_Last30Days table, accessible under the job’s Results node -- 7. Historical Statistics – Creates the SA_EX_ServerMetrics_HistoricalStatistics table, +- **7. Historical Statistics** – Creates the SA_EX_ServerMetrics_HistoricalStatistics table, accessible under the job’s Results node In addition to the tables and views created by the analysis tasks, the EX_ServerMetrics Job produces the following pre-configured reports: -| Report | Description | Default Tags | Report Elements | -| --------------------------------------- | ----------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Journaling (Journaling Traffic) | This report summarizes journaling message traffic across the organization. | None | This report is comprised of two elements: - Bar Chart – Displays top servers by journaling messages (last 30 days) - Table – Provides details on top servers by journaling messages (last 30 days) | -| NDRs (Exchange NDRs) | This report shows NDR counts broken down by server. | None | This report is comprised of two elements: - Bar Chart – Displays top servers by NDRs (last 30 days) - Table – Provides details on top servers by NDRs (last 30 days) | -| Server Traffic (Top Servers by Traffic) | This report summarizes server traffic across the organization for the Last 30 Days. | None | This report is comprised of two elements: - Stacked Bar Chart – Displays top servers by total traffic - Table – Provides details top servers by total traffic | -| Transport (Transport Messages) | This report summarizes transport messages across the exchange organization. | None | This report is comprised of two elements: - Bar Chart – Displays top servers by transport messages (last 30 days) - Table – Provides details on top servers by transport messages (last 30 days) | +| Report | Description | Default Tags | Report Elements | +| --------------------------------------- | ----------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Journaling (Journaling Traffic) | This report summarizes journaling message traffic across the organization. | None | This report is comprised of two elements:
  • Bar Chart – Displays top servers by journaling messages (last 30 days)
  • Table – Provides details on top servers by journaling messages (last 30 days)
| +| NDRs (Exchange NDRs) | This report shows NDR counts broken down by server. | None | This report is comprised of two elements:
  • Bar Chart – Displays top servers by NDRs (last 30 days)
  • Table – Provides details on top servers by NDRs (last 30 days)
| +| Server Traffic (Top Servers by Traffic) | This report summarizes server traffic across the organization for the Last 30 Days. | None | This report is comprised of two elements:
  • Stacked Bar Chart – Displays top servers by total traffic
  • Table – Provides details top servers by total traffic
| +| Transport (Transport Messages) | This report summarizes transport messages across the exchange organization. | None | This report is comprised of two elements:
  • Bar Chart – Displays top servers by transport messages (last 30 days)
  • Table – Provides details on top servers by transport messages (last 30 days)
| + diff --git a/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/ex_usermetrics.md b/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/ex_usermetrics.md index 542a1c44db..a4a634c6c3 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/ex_usermetrics.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/ex_usermetrics.md @@ -13,24 +13,28 @@ The EX_UserMetrics Job provides information around each users mail-flow in the o View the analysis tasks by navigating to the **Exchange** > **1. HUB Metrics** > **EX_UserMetrics** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the EX_UserMetrics Job](/img/product_docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/usermetricsanalysis.webp) The following analysis tasks are selected by default: -- 1. User Metrics - Volume – Creates the SA_EX_UserMetrics_Volume table, accessible under the +- **1. User Metrics - Volume** – Creates the SA_EX_UserMetrics_Volume table, accessible under the job’s Results node -- 2. User Metrics - Count – Creates the SA_EX_UserMetrics_Count table, accessible under the job’s +- **2. User Metrics - Count** – Creates the SA_EX_UserMetrics_Count table, accessible under the job’s Results node In addition to the tables and views created by the analysis tasks, the EX_UserMetrics Job produces the following pre-configured reports: -| Report | Description | Default Tags | Report Elements | -| ------------------------------- | ----------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Top Receivers by Message Count | This report identifies users who have received the most messages. | None | This report is comprised of two elements: - Bar Chart – Displays top receivers by message count (last 30 days) - Table – Provides details on top receivers by message count (last 30 days) | -| Top Receivers by Message Volume | This report identifies users who have received the most mail by total volume. | None | This report is comprised of two elements: - Bar Chart – Displays top receivers by message volume (last 30 days) - Table – Provides details on top receivers by message volume (last 30 days) | -| Top Senders by Message Count | This report identifies users who have sent the most mail. | None | This report is comprised of two elements: - Bar Chart – Displays top senders by message count (last 30 days) - Table – Provides details on top senders by message count (last 30 days) | -| Top Senders by Message Volume | This report identifies users who have sent the most mail by total volume. | None | This report is comprised of two elements: - Bar Chart – Displays top senders by message volume (last 30 days) - Table – Provides details on top senders by message volume (last 30 days) | +| Report | Description | Default Tags | Report Elements | +| ------------------------------- | ----------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Top Receivers by Message Count | This report identifies users who have received the most messages. | None | This report is comprised of two elements:
  • Bar Chart – Displays top receivers by message count (last 30 days)
  • Table – Provides details on top receivers by message count (last 30 days)
| +| Top Receivers by Message Volume | This report identifies users who have received the most mail by total volume. | None | This report is comprised of two elements:
  • Bar Chart – Displays top receivers by message volume (last 30 days)
  • Table – Provides details on top receivers by message volume (last 30 days)
| +| Top Senders by Message Count | This report identifies users who have sent the most mail. | None | This report is comprised of two elements:
  • Bar Chart – Displays top senders by message count (last 30 days)
  • Table – Provides details on top senders by message count (last 30 days)
| +| Top Senders by Message Volume | This report identifies users who have sent the most mail by total volume. | None | This report is comprised of two elements:
  • Bar Chart – Displays top senders by message volume (last 30 days)
  • Table – Provides details on top senders by message volume (last 30 days)
| + diff --git a/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/recommended.md b/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/recommended.md index 0ddd0cf6f0..e67dbdfb35 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/recommended.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/recommended.md @@ -6,13 +6,13 @@ sidebar_position: 10 # Recommended Configurations for the 1. HUB Metrics Job Group -Dependencies +**Dependencies** The following Job Groups need to be successfully run: - Active Directory Inventory Job Group -Targeted Hosts +**Targeted Hosts** The 0. Collection Job Group has been set to run against the following default dynamic host lists: @@ -20,13 +20,19 @@ The 0. Collection Job Group has been set to run against the following default dy - Exchange 2013 MB Servers - Exchange HUB Servers -**NOTE:** Default dynamic host lists are populated from hosts in the Host Master Table which meet +:::note +Default dynamic host lists are populated from hosts in the Host Master Table which meet the host inventory criteria for the list. Ensure the appropriate host lists have been populated through host inventory results. +::: -**_RECOMMENDED:_** Only modify host lists in the 0. Collection Job Group. -Connection Profile +:::info +Only modify host lists in the 0. Collection Job Group. +::: + + +**Connection Profile** A Connection Profile must be set directly on the EX_MetricsCollection Job and the EX_MetricsDetails Job. See the @@ -37,15 +43,18 @@ See the [Connection](/docs/accessanalyzer/11.6/admin/settings/connection/overview.md) topic for additional information. -Schedule Frequency +**Schedule Frequency** This job group has been designed to run daily to process and collect the previous day’s message tracking logs. Run this job after 12:01 AM when the logs on the Exchange servers have rolled over to the next day. -**_RECOMMENDED:_** Run this job group at 1:00 AM. +:::info +Run this job group at 1:00 AM. +::: + -History Retention +**History Retention** History retention should not be enabled on this job group. History is kept through analysis tasks. Modify the following analysis tasks to customize the amount of history which is kept: @@ -59,7 +68,7 @@ See the [Exchange History Retention](/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/collection/ex_metricscollection.md#exchange-history-retention) topic for additional information. -Query Configuration +**Query Configuration** The 1. HUB Metrics Job Group is designed to be run with the default query configurations with the following exceptions: @@ -72,25 +81,31 @@ following exceptions: [ExchangeMetrics: Options](/docs/accessanalyzer/11.6/admin/datacollector/exchangemetrics/options.md) topic for additional information. -Analysis Configuration +**Analysis Configuration** The 1. HUB Metrics Job Group should be run with the default analysis configurations. -**CAUTION:** Most of these analysis tasks are preconfigured and should not be modified or +:::warning +Most of these analysis tasks are preconfigured and should not be modified or deselected. There are a few which are deselected by default, as they are for troubleshooting purposes. +::: + The following analysis tasks should not be deselected, but their parameters can be modified: - **0. Collection** > **EX_MetricsCollection** Job – **08. SET HISTORY RETENTION** Analysis Task - **0. Collection** > **EX_MetricsDetails** Job – **02. SET HISTORY RETENTION** Analysis Task -Workflow +**Workflow** **Step 1 –** Set a Connection Profile on the jobs that run data collection. **Step 2 –** Schedule the **1. HUB Metrics** Job Group to run daily. -**_RECOMMENDED:_** Run at 1:00 AM. +:::info +Run at 1:00 AM. +::: + **Step 3 –** Review the reports generated by the jobs. diff --git a/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/ex_features.md b/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/ex_features.md index b09887c457..d009b38eca 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/ex_features.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/ex_features.md @@ -9,7 +9,10 @@ sidebar_position: 20 The EX_Features job is comprised of data collection and a report that provides information around which features have been enabled or disabled on Mailboxes, such as ActiveSync, IMAP, POP and more. -**_RECOMMENDED:_** Schedule the Features Job Group to run weekly on any desired recurrence. +:::info +Schedule the Features Job Group to run weekly on any desired recurrence. +::: + ![Features > EX_Features Job in the Jobs Tree](/img/product_docs/accessanalyzer/11.6/solutions/exchange/mailboxes/featuresjobstree.webp) @@ -30,14 +33,18 @@ The following query is included with the EX_Features Job: [Scope the ExchangePS Data Collector](/docs/accessanalyzer/11.6/solutions/exchange/casmetrics/ex_aspolicies.md#scope-the-exchangeps-data-collector) topic for additional information - **NOTE:** The ExchangePS Data Collector is capable of targeting Exchange Online as well as + :::note + The ExchangePS Data Collector is capable of targeting Exchange Online as well as Exchange on-premises environments. See the [Exchange PowerShell Permissions](/docs/accessanalyzer/11.6/requirements/exchange/support/powershell.md) topic for credential requirements. + ::: + In addition to the table created by the query, the EX_Features Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ---------------- | ------------------------------------------------------------------------ | ------------ | --------------------------------------------------------------------------------------- | -| Mailbox Features | This report identifies features introduced in Exchange for each mailbox. | None | This report is comprised of one element: - Table – Provides details on mailbox features | +| Report | Description | Default Tags | Report Elements | +| ---------------- | ------------------------------------------------------------------------ | ------------ | ------------------------------------------------------------------------------------------------------- | +| Mailbox Features | This report identifies features introduced in Exchange for each mailbox. | None | This report is comprised of one element:
  • Table – Provides details on mailbox features
| + diff --git a/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/logons/ex_mailboxactivity.md b/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/logons/ex_mailboxactivity.md index 46aa3696f6..271705fdf5 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/logons/ex_mailboxactivity.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/logons/ex_mailboxactivity.md @@ -13,7 +13,10 @@ reporting around mailbox logon activity. The EX_MailboxActivity job is located in the 0.Collection job group. -**NOTE:** This job requires that Exchange Access Auditing is enabled in the Exchange environment. +:::note +This job requires that Exchange Access Auditing is enabled in the Exchange environment. +::: + ## Queries for the EX_MailboxActivity Job @@ -30,7 +33,10 @@ The following query is included with the EX_MailboxActivity job: [Scope the ExchangePS Data Collector](/docs/accessanalyzer/11.6/solutions/exchange/casmetrics/ex_aspolicies.md#scope-the-exchangeps-data-collector) topic for additional information - **NOTE:** The ExchangePS Data Collector is capable of targeting Exchange Online as well as + :::note + The ExchangePS Data Collector is capable of targeting Exchange Online as well as Exchange on-premises environments. See the [Exchange PowerShell Permissions](/docs/accessanalyzer/11.6/requirements/exchange/support/powershell.md) topic for credential requirements. + + ::: diff --git a/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/logons/ex_mailboxlogons.md b/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/logons/ex_mailboxlogons.md index 82aaf95bb2..4c2a6b5b4e 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/logons/ex_mailboxlogons.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/logons/ex_mailboxlogons.md @@ -14,14 +14,17 @@ Exchange environment. View the analysis tasks by navigating to the **Exchange** > **4. Mailboxes** > **Logons** > **EX_MailboxLogons** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the EX_MailboxLogons Job](/img/product_docs/accessanalyzer/11.6/solutions/exchange/mailboxes/logons/mailboxlogonsanalysis.webp) The following analysis tasks are selected by default: -- 1. Create History Table – Creates the SA_EX_MailboxLogons_Details table, accessible under the +- **1. Create History Table** – Creates the SA_EX_MailboxLogons_Details table, accessible under the job’s Results node - 02.Hourly Activity – Creates the SA_EX_MailboxLogons_HourlyActivity table, accessible under the job’s Results node @@ -41,8 +44,11 @@ The following analysis tasks are selected by default: The following analysis task deletes table data from data collection and analysis jobs. This analysis task should remain cleared unless specifically needed: -**CAUTION:** Do not select the **00. Delete All Historical Data** option. This analysis task is for +:::warning +Do not select the **00. Delete All Historical Data** option. This analysis task is for troubleshooting and cleanup only. Data will be deleted from the database. +::: + - 00.Delete All Historical Data @@ -53,8 +59,9 @@ troubleshooting and cleanup only. Data will be deleted from the database. In addition to the tables and views created by the analysis tasks, the EX_MailboxLogons Job produces the following pre-configured reports: -| Report | Description | Default Tags | Report Elements | -| ----------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Non Owner Mailbox Logons – Last Week (Top Users Logging into Other Mailboxes) | Lists the number of distinct non-owner mailboxes accessed by each user and counts of non-owner logons in the last seven days. | None | This report is comprised of two elements: - Bar Chart – Displays top users for non-owner activity – last week - Table – Provides details on all mailbox logons | -| Top Hourly Activity (By IP) (Top Hourly Activity) | This report shows periods where there was large amounts of traffic coming from a single machine. | None | This report is comprised of two elements: - Bar Chart – Displays top machines by user account activity - Table – Provides details on top machines by user account activity | -| Top Hourly Activity (By User) (Top Hourly Activity) | This report shows periods when users are most active. | None | This report is comprised of two elements: - Bar Chart – Displays top machines by non-owner logons - Table – Provides details on top users by non-owner logons | +| Report | Description | Default Tags | Report Elements | +| ----------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Non Owner Mailbox Logons – Last Week (Top Users Logging into Other Mailboxes) | Lists the number of distinct non-owner mailboxes accessed by each user and counts of non-owner logons in the last seven days. | None | This report is comprised of two elements:
  • Bar Chart – Displays top users for non-owner activity – last week
  • Table – Provides details on all mailbox logons
| +| Top Hourly Activity (By IP) (Top Hourly Activity) | This report shows periods where there was large amounts of traffic coming from a single machine. | None | This report is comprised of two elements:
  • Bar Chart – Displays top machines by user account activity
  • Table – Provides details on top machines by user account activity
| +| Top Hourly Activity (By User) (Top Hourly Activity) | This report shows periods when users are most active. | None | This report is comprised of two elements:
  • Bar Chart – Displays top machines by non-owner logons
  • Table – Provides details on top users by non-owner logons
| + diff --git a/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/logons/overview.md b/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/logons/overview.md index 24b1953bdf..54fcdf1e9e 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/logons/overview.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/logons/overview.md @@ -9,7 +9,10 @@ sidebar_position: 30 The Logons Job Group provides collection of Native Mailbox Access Auditing logs from Exchange to provide reporting around mailbox logon activity. -**_RECOMMENDED:_** Schedule the Logons Job Group to run daily at 7 PM. +:::info +Schedule the Logons Job Group to run daily at 7 PM. +::: + The data collection job requires that Exchange Access Auditing is enabled in the Exchange environment. diff --git a/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/overview.md b/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/overview.md index 31f62be7cf..e8e33279dd 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/overview.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/overview.md @@ -13,7 +13,10 @@ features, logons, permissions, and sizing. The following comprise the 4. Mailboxes job group: -**NOTE:** These jobs are compatible with the Office 365 environment. +:::note +These jobs are compatible with the Office 365 environment. +::: + - [Features > EX_Features Job](/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/ex_features.md) – Comprised of data collection and a report that provides information around which features have diff --git a/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/permissions/collection/ex_delegates.md b/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/permissions/collection/ex_delegates.md index e18d165ae2..e62196ac16 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/permissions/collection/ex_delegates.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/permissions/collection/ex_delegates.md @@ -24,7 +24,10 @@ The following query is included with the EX_Delegates job: [Scope the ExchangePS Data Collector](/docs/accessanalyzer/11.6/solutions/exchange/casmetrics/ex_aspolicies.md#scope-the-exchangeps-data-collector) topic for additional information - **NOTE:** The ExchangePS Data Collector is capable of targeting Exchange Online as well as + :::note + The ExchangePS Data Collector is capable of targeting Exchange Online as well as Exchange on-premises environments. See the [Exchange PowerShell Permissions](/docs/accessanalyzer/11.6/requirements/exchange/support/powershell.md) topic for credential requirements. + + ::: diff --git a/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/permissions/collection/ex_mbrights.md b/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/permissions/collection/ex_mbrights.md index 362ceaa775..c4daaa4057 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/permissions/collection/ex_mbrights.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/permissions/collection/ex_mbrights.md @@ -24,7 +24,10 @@ The following query is included in the EX_MBRights Job: [Scope the ExchangePS Data Collector](/docs/accessanalyzer/11.6/solutions/exchange/casmetrics/ex_aspolicies.md#scope-the-exchangeps-data-collector) topic for additional information - **NOTE:** The ExchangePS Data Collector is capable of targeting Exchange Online as well as + :::note + The ExchangePS Data Collector is capable of targeting Exchange Online as well as Exchange on-premises environments. See the [Exchange PowerShell Permissions](/docs/accessanalyzer/11.6/requirements/exchange/support/powershell.md) topic for credential requirements. + + ::: diff --git a/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/permissions/collection/ex_sendas.md b/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/permissions/collection/ex_sendas.md index 90c9301986..c75c65452e 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/permissions/collection/ex_sendas.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/permissions/collection/ex_sendas.md @@ -24,18 +24,24 @@ The following query is included in the EX_SendAs Job: [Scope the ExchangePS Data Collector](/docs/accessanalyzer/11.6/solutions/exchange/casmetrics/ex_aspolicies.md#scope-the-exchangeps-data-collector) topic for additional information - **NOTE:** The ExchangePS Data Collector is capable of targeting Exchange Online as well as + :::note + The ExchangePS Data Collector is capable of targeting Exchange Online as well as Exchange on-premises environments. See the [Exchange PowerShell Permissions](/docs/accessanalyzer/11.6/requirements/exchange/support/powershell.md) topic for credential requirements. + ::: + ## Analysis Tasks for the EX_SendAs Job View the analysis task by navigating to the **Exchange** > **4. Mailboxes** > **Permissions** > **0.Collection** > **EX_SendAs** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the EX_SendAs Job](/img/product_docs/accessanalyzer/11.6/solutions/exchange/mailboxes/permissions/collection/sendasanalysis.webp) diff --git a/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/permissions/ex_admingroups.md b/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/permissions/ex_admingroups.md index 9e7d3daaa9..7dae4a9e03 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/permissions/ex_admingroups.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/permissions/ex_admingroups.md @@ -14,8 +14,11 @@ Administrative groups. View the analysis tasks by navigating to the **Exchange** > **4. Mailboxes** > **Permissions** > **EX_AdminGroups** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the EX_AdminGroups Job](/img/product_docs/accessanalyzer/11.6/solutions/exchange/mailboxes/permissions/admingroupsanalysis.webp) @@ -29,6 +32,7 @@ The following analysis tasks are selected by default: In addition to the tables and views created by the analysis tasks, the EX_AdminGroups Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ------------------------------ | -------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------- | -| Exchange Administration Groups | This report shows effective membership for the default Exchange Administration groups. | None | This report is comprised of two elements: - Bar Chart – Displays largest admin groups - Table – Provides membership details | +| Report | Description | Default Tags | Report Elements | +| ------------------------------ | -------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------- | +| Exchange Administration Groups | This report shows effective membership for the default Exchange Administration groups. | None | This report is comprised of two elements:
  • Bar Chart – Displays largest admin groups
  • Table – Provides membership details
| + diff --git a/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/permissions/ex_mailboxaccess.md b/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/permissions/ex_mailboxaccess.md index 12a587b3f0..0619cd8cbe 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/permissions/ex_mailboxaccess.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/permissions/ex_mailboxaccess.md @@ -15,8 +15,11 @@ Permissions. View the analysis tasks by navigating to the **Exchange** > **4. Mailboxes** > **Permissions** > **EX_MailboxAccess** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the EX_Mailbox Access Job](/img/product_docs/accessanalyzer/11.6/solutions/exchange/mailboxes/permissions/mailboxaccessanalysis.webp) @@ -54,18 +57,22 @@ The following analysis tasks is selected to export data to the AIC: - 13.AIC Import - Export Exchange Permissions – Exports delegates, Send AS rights, mailbox permissions, and Active Directory rights to the Access Information Center - **NOTE:** This task sends data to the Access Information Center during future job executions. + :::note + This task sends data to the Access Information Center during future job executions. See the User Reports and the Group Reports topics in the [Netwrix Access Information Center Documentation](https://helpcenter.netwrix.com/category/accessinformationcenter) for additional information. + ::: + In addition to the tables and views created by the analysis tasks, the EX_MailboxAccess Job produces the following pre-configured reports: -| Report | Description | Default Tags | Report Elements | -| ------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Delegation (Delegates) | This report identifies users where Delegate/Send on Behalf Of rights have been assigned and which objects the users have been given rights to. | None | This report is comprised of two elements: - Bar Chart – Displays top users by number of delegates - Table – Provides details on top users by number of delegates | -| Full Control Access (Mailboxes with Full Control) | This report identifies users with the largest amount of Full Control rights assigned to other individuals. | None | This report is comprised of two elements: - Bar Chart – Displays top users with full control granted - Table – Provides details on top users with full control granted | -| Incorrect Default And Anon Permissions | This report identifies where Default or Anonymous have any role assignment other than **None** or **Free/Busy time**. | None | This report is comprised of three elements: - Bar Chart – Displays top users with incorrect default/anon permissions - Table – Provides details on top users with incorrect default/anon permissions - Table – Provides role details | -| Missing Anonymous Permissions | This report identifies folders where Anonymous permissions are not assigned. | None | This report is comprised of one element: - Table – Provides details on missing anonymous permissions | -| Send As (Send-As Rights) | This report identifies which users have the highest number of users with Send-As rights to their mailbox. | None | This report is comprised of three elements: - Stacked Bar Chart – Displays top users by send as rights granted - Table – Provides details on top users by send as right granted - Table – Provides additional details | +| Report | Description | Default Tags | Report Elements | +| ------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Delegation (Delegates) | This report identifies users where Delegate/Send on Behalf Of rights have been assigned and which objects the users have been given rights to. | None | This report is comprised of two elements:
  • Bar Chart – Displays top users by number of delegates
  • Table – Provides details on top users by number of delegates
| +| Full Control Access (Mailboxes with Full Control) | This report identifies users with the largest amount of Full Control rights assigned to other individuals. | None | This report is comprised of two elements:
  • Bar Chart – Displays top users with full control granted
  • Table – Provides details on top users with full control granted
| +| Incorrect Default And Anon Permissions | This report identifies where Default or Anonymous have any role assignment other than **None** or **Free/Busy time**. | None | This report is comprised of three elements:
  • Bar Chart – Displays top users with incorrect default/anon permissions
  • Table – Provides details on top users with incorrect default/anon permissions
  • Table – Provides role details
| +| Missing Anonymous Permissions | This report identifies folders where Anonymous permissions are not assigned. | None | This report is comprised of one element:
  • Table – Provides details on missing anonymous permissions
| +| Send As (Send-As Rights) | This report identifies which users have the highest number of users with Send-As rights to their mailbox. | None | This report is comprised of three elements:
  • Stacked Bar Chart – Displays top users by send as rights granted
  • Table – Provides details on top users by send as right granted
  • Table – Provides additional details
| + diff --git a/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/permissions/overview.md b/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/permissions/overview.md index d7d52b4f16..b4df1ac42d 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/permissions/overview.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/permissions/overview.md @@ -10,7 +10,10 @@ The Permissions job group is comprised of data collection, analysis and reports granted to each mailbox in the environment including, Mailbox Rights, Active Directory Permissions, Delegation, and Folder Permissions. -**_RECOMMENDED:_** Schedule the Permissions job group to run weekly on Fridays at 6 PM. +:::info +Schedule the Permissions job group to run weekly on Fridays at 6 PM. +::: + ![Permissions Job Group in the Jobs Tree](/img/product_docs/accessanalyzer/11.6/solutions/exchange/mailboxes/permissions/jobstree.webp) diff --git a/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/recommended.md b/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/recommended.md index 0e438c25d3..f7276f9a08 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/recommended.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/recommended.md @@ -6,7 +6,7 @@ sidebar_position: 10 # Recommended Configurations for the 4. Mailboxes Job Group -Dependencies +**Dependencies** This job group requires the following items to be enabled: @@ -29,7 +29,7 @@ The following job groups need to be successfully run: - Provides data on distribution list metrics for Exchange Online environments and the last time a distribution list received mail -Targeted Hosts +**Targeted Hosts** The **Features** > **EX_Features** job, **Logons** > **0.Collection** job group, **Permissions** > **0.Collection** job group, and **Sizing** > **0.Collection** job group have been set for Exchange @@ -40,7 +40,7 @@ on-premises to run against: This Job Group can target a custom host list for Exchange Online instead of targeting Exchange on-premises. However, do not try to target both types of environments. -Connection Profile +**Connection Profile** A Connection Profile must be set directly on the collection jobs within each sub-job group: @@ -61,7 +61,7 @@ topic for the required permissions. See the [Exchange Custom Connection Profile & Host List](/docs/accessanalyzer/11.6/admin/datacollector/exchangeps/configurejob.md) topic for additional information. -Schedule Frequency +**Schedule Frequency** It is not recommended to run these jobs at the 4. Mailboxes job group level. The Logons sub-job group and Sizing job group have been designed to run daily. The Features sub-job group and @@ -74,7 +74,7 @@ Permissions job group have been designed to run weekly. See the table for recomm | Features | Weekly | No recommendation, run when desired | | Permissions | Weekly | Fridays at 6 PM | -History Retention +**History Retention** History retention should not be enabled on this job group. History is kept through analysis tasks. Modify the following analysis tasks to customize the amount of history which is kept: @@ -84,7 +84,7 @@ Modify the following analysis tasks to customize the amount of history which is | EX_DMailboxLogons | SET HISTORY RETENTION | 6 Months | | EX_MailboxSizes | SET HISTORY RETENTION | 6 Months | -Query Configuration +**Query Configuration** The 4. Mailboxes job group is designed to be run with the default query configurations. However, the following queries can be modified: @@ -99,13 +99,16 @@ following queries can be modified: No other queries should be modified. -Analysis Configuration +**Analysis Configuration** The 4. Mailboxes job group should be run with the default analysis configurations. -**CAUTION:** Most of these analysis tasks are preconfigured and should not be modified or +:::warning +Most of these analysis tasks are preconfigured and should not be modified or deselected. There are some tasks that are deselected by default, as they are for troubleshooting purposes. +::: + The following analysis tasks should not be deselected, but their parameters can be modified: @@ -118,7 +121,7 @@ Netwrix Access Information Center: - **Permissions** > **EX_MailboxAccess** Job – **13.AIC Import - Export Exchange Permissions** Analysis Task -Workflow +**Workflow** **Step 1 –** Set a Connection Profile on the jobs that run data collection. diff --git a/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/sizing/ex_mailboxsizes.md b/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/sizing/ex_mailboxsizes.md index 0d4e0f8985..4baa90f678 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/sizing/ex_mailboxsizes.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/sizing/ex_mailboxsizes.md @@ -13,8 +13,11 @@ The EX_MailboxSizes job provides analysis and reporting around mailbox sizing an View the analysis tasks by navigating to the **Exchange** > **4. Mailboxes** > **Sizing** > **EX_MailboxSizes** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the EX_Mailbox Sizes Job](/img/product_docs/accessanalyzer/11.6/solutions/exchange/mailboxes/sizing/mailboxsizesanalysis.webp) @@ -43,8 +46,11 @@ The following analysis tasks are selected by default: The following analysis task deletes table data from data collection and analysis jobs. This analysis task should remain cleared unless specifically needed: -**CAUTION:** Do not select the **00.Delete All Data** option. This analysis task is for +:::warning +Do not select the **00.Delete All Data** option. This analysis task is for troubleshooting and cleanup only. Data will be deleted from the database: +::: + - 00.Delete All Data @@ -55,7 +61,8 @@ troubleshooting and cleanup only. Data will be deleted from the database: In addition to the tables and views created by the analysis tasks, the EX_MailboxAccess Job produces the following pre-configured reports: -| Report | Description | Default Tags | Report Elements | -| -------------------------------------------------------------------- | ---------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Largest Recoverable Items Folder (Dumpster) (Dumpster Sizes by User) | This report identifies users with the largest Recoverable Items folder (dumpster). | None | This report is comprised of two elements: - Bar Chart – Displays users with largest Recoverable Items folders - Table – Provides details on user Recoverable Items folders | -| Largest Mailboxes (Top Users by Mailbox Size) | This report identifies users with the largest mailboxes. | None | This report is comprised of two elements: - Bar Chart – Displays users with the largest mailboxes - Table – Provides details on users with largest mailboxes | +| Report | Description | Default Tags | Report Elements | +| -------------------------------------------------------------------- | ---------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Largest Recoverable Items Folder (Dumpster) (Dumpster Sizes by User) | This report identifies users with the largest Recoverable Items folder (dumpster). | None | This report is comprised of two elements:
  • Bar Chart – Displays users with largest Recoverable Items folders
  • Table – Provides details on user Recoverable Items folders
| +| Largest Mailboxes (Top Users by Mailbox Size) | This report identifies users with the largest mailboxes. | None | This report is comprised of two elements:
  • Bar Chart – Displays users with the largest mailboxes
  • Table – Provides details on users with largest mailboxes
| + diff --git a/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/sizing/ex_mbsize.md b/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/sizing/ex_mbsize.md index 41ea72abeb..2450468afd 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/sizing/ex_mbsize.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/sizing/ex_mbsize.md @@ -28,7 +28,10 @@ The following query is included in the EX_MBSize Job: [Scope the ExchangePS Data Collector](/docs/accessanalyzer/11.6/solutions/exchange/casmetrics/ex_aspolicies.md#scope-the-exchangeps-data-collector) topic for additional information - **NOTE:** The ExchangePS Data Collector is capable of targeting Exchange Online as well as + :::note + The ExchangePS Data Collector is capable of targeting Exchange Online as well as Exchange on-premises environments. See the [Exchange PowerShell Permissions](/docs/accessanalyzer/11.6/requirements/exchange/support/powershell.md) topic for credential requirements. + + ::: diff --git a/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/sizing/ex_stalemailboxes.md b/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/sizing/ex_stalemailboxes.md index 9d80fd7b3d..bb7d1b0888 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/sizing/ex_stalemailboxes.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/sizing/ex_stalemailboxes.md @@ -13,24 +13,28 @@ The EX_StaleMailboxes job provides analysis and reporting around orphaned and st View the analysis tasks by navigating to the **Exchange** > **4. Mailboxes** > **Sizing** > **EX_StaleMailboxes** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the EX_StaleMailboxes Job](/img/product_docs/accessanalyzer/11.6/solutions/exchange/mailboxes/sizing/stalemailboxesanalysis.webp) The following analysis tasks are selected by default: -- 1. Mailbox Orphans – Creates the SA_EX_StaleMailboxes_Orphans table, accessible under the job’s +- **1. Mailbox Orphans** – Creates the SA_EX_StaleMailboxes_Orphans table, accessible under the job’s Results node -- 2. Stale User Mailboxes – Creates the SA_EX_StaleMailboxes_Details table, accessible under the +- **2. Stale User Mailboxes** – Creates the SA_EX_StaleMailboxes_Details table, accessible under the job’s Results node -- 3. Organization Summary – Creates the SA_EX_StaleMailboxes_OrgSummary table, accessible under +- **3. Organization Summary** – Creates the SA_EX_StaleMailboxes_OrgSummary table, accessible under the job’s Results node In addition to the tables and views created by the analysis tasks, the EX_StaleMailboxes Job produces the following pre-configured reports: -| Report | Description | Default Tags | Report Elements | -| --------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Orphaned Mailboxes | Orphaned Mailboxes do not have an Active Directory account associated with them, and generally can be safely deleted. | None | This report is comprised of three elements: - Bar Chart – Displays orphan mailbox storage - Table – Provides details on all orphaned mailboxes - Table – Provides details on orphan mailbox storage | -| Stale Users (Mailboxes associated with Stale AD Accounts) | This report shows mailboxes which are tied to stale user accounts. | None | This report is comprised of three elements: - Bar Chart – Displays stale user mailboxes - Table – Provides details stale user mailboxes - Table – Provides additional details on stale user mailboxes | +| Report | Description | Default Tags | Report Elements | +| --------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Orphaned Mailboxes | Orphaned Mailboxes do not have an Active Directory account associated with them, and generally can be safely deleted. | None | This report is comprised of three elements:
  • Bar Chart – Displays orphan mailbox storage
  • Table – Provides details on all orphaned mailboxes
  • Table – Provides details on orphan mailbox storage
| +| Stale Users (Mailboxes associated with Stale AD Accounts) | This report shows mailboxes which are tied to stale user accounts. | None | This report is comprised of three elements:
  • Bar Chart – Displays stale user mailboxes
  • Table – Provides details stale user mailboxes
  • Table – Provides additional details on stale user mailboxes
| + diff --git a/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/sizing/ex_storesizes.md b/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/sizing/ex_storesizes.md index ca736154fb..a45f96d01b 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/sizing/ex_storesizes.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/sizing/ex_storesizes.md @@ -13,8 +13,11 @@ The EX_StoreSizes job provides analysis and reporting around database sizing bas View the analysis tasks by navigating to the **Exchange** > **4. Mailboxes** > **Sizing** > **EX_StoreSizes** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the EX_StoreSizes Job](/img/product_docs/accessanalyzer/11.6/solutions/exchange/mailboxes/sizing/storesizesanalysis.webp) @@ -29,7 +32,8 @@ The following analysis tasks are selected by default: In addition to the tables and views created by the analysis tasks, the EX_StoreSizes Job produces the following pre-configured reports: -| Report | Description | Default Tags | Report Elements | -| ------------------------------------ | --------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Store Sizes and Growth (Store Sizes) | This report identifies 30 day growth for every mail store within the environment. | None | This report is comprised of two elements: - Bar Chart – Displays fastest-growing mail stores - Table – Provides details on mail stores – percent change | -| Top Users by Store | This report identifies the top users for every mail store. | None | This report is comprised of one element: - Table – Provides details on top users by store | +| Report | Description | Default Tags | Report Elements | +| ------------------------------------ | --------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Store Sizes and Growth (Store Sizes) | This report identifies 30 day growth for every mail store within the environment. | None | This report is comprised of two elements:
  • Bar Chart – Displays fastest-growing mail stores
  • Table – Provides details on mail stores – percent change
| +| Top Users by Store | This report identifies the top users for every mail store. | None | This report is comprised of one element:
  • Table – Provides details on top users by store
| + diff --git a/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/sizing/overview.md b/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/sizing/overview.md index 191f682ae5..4cf5f453e0 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/sizing/overview.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/sizing/overview.md @@ -9,7 +9,10 @@ sidebar_position: 50 The Sizing job group provides data collection, analyses, and reports which focus on mailbox sizing, growth, and trends. -**_RECOMMENDED:_** Schedule the Sizing job group to run daily at 4 AM. +:::info +Schedule the Sizing job group to run daily at 4 AM. +::: + ![Sizing Job Group in the Jobs Tree](/img/product_docs/accessanalyzer/11.6/solutions/exchange/mailboxes/sizing/jobstree.webp) diff --git a/docs/accessanalyzer/11.6/solutions/exchange/online/mailflow/ex_mailflow.md b/docs/accessanalyzer/11.6/solutions/exchange/online/mailflow/ex_mailflow.md index 2a4d2e541e..66e7cc5afc 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/online/mailflow/ex_mailflow.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/online/mailflow/ex_mailflow.md @@ -43,7 +43,10 @@ The following queries are included in the EX_Mailflow job: - LocalDomains – Collects domains local to the Office 365 environment - **CAUTION:** Do not modify this query. The query is preconfigured for this job. + :::warning + Do not modify this query. The query is preconfigured for this job. + ::: + - See the [ExchangePS Data Collector](/docs/accessanalyzer/11.6/admin/datacollector/exchangeps/overview.md) @@ -65,7 +68,10 @@ Properties window opens. **Step 3 –** Select the **Data Source** tab, and click **Configure**. The ExchangePS Data Collector Wizard opens. -**CAUTION:** Do not modify other wizard pages. The wizard pages are pre-configured for this job. +:::warning +Do not modify other wizard pages. The wizard pages are pre-configured for this job. +::: + ![ExchangePS Data Collector Wizard Mail Flow page](/img/product_docs/accessanalyzer/11.6/solutions/exchange/online/mailflow/mailflowmetricsdcwizard.webp) @@ -74,7 +80,10 @@ as desired. See the [ExchangePS Data Collector](/docs/accessanalyzer/11.6/admin/datacollector/exchangeps/overview.md) topic for additional information. -_Remember,_ the date range must be 7 days or less. +:::tip +Remember, the date range must be 7 days or less. +::: + **Step 5 –** Navigate to the Summary page. Click **Finish**. @@ -85,8 +94,11 @@ The job applies the modification to future job executions. View the analysis tasks by navigating to the **Exchange** > **8. Exchange Online** > **0. Collection** > **EX_Mailflow** > **Configure** node and selecting **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the EX_Mailflow Job](/img/product_docs/accessanalyzer/11.6/solutions/exchange/online/mailflow/mailflowanalysis.webp) @@ -97,7 +109,7 @@ The following analysis tasks are selected by default: - 02.Update History Table – Updates the SA_EX_Mailflow_History table, with data from the .Active Directory Inventory and .Entra ID Inventory solutions to determine local users and distribution lists -- 3. SET HISTORY RETENTION – Sets retention period in months +- **3. SET HISTORY RETENTION** – Sets retention period in months - By default, retention is set to 6 months. This period can be modified. See the [Parameter Configuration](#parameter-configuration) topic for additional information. @@ -108,10 +120,13 @@ The following analysis tasks are selected by default: The following analysis task deletes table data from data collection and analysis jobs. This analysis task should remain cleared unless specifically needed: -**CAUTION:** Do not select the **00. Deletes all Stored Data** option. This analysis task is for +:::warning +Do not select the **00. Deletes all Stored Data** option. This analysis task is for troubleshooting and cleanup only. Data will be deleted from the database. +::: + -- 0. Deletes all Stored Data - LEAVE UNCHECKED – Deletes all historical data +- **0. Deletes all Stored Data - LEAVE UNCHECKED** – Deletes all historical data - See the [Troubleshooting Data Collection](/docs/accessanalyzer/11.6/solutions/exchange/hubmetrics/collection/ex_metricscollection.md#troubleshooting-data-collection) diff --git a/docs/accessanalyzer/11.6/solutions/exchange/online/mailflow/ex_mailflow_dl.md b/docs/accessanalyzer/11.6/solutions/exchange/online/mailflow/ex_mailflow_dl.md index 7abbe377c5..f24956c3c8 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/online/mailflow/ex_mailflow_dl.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/online/mailflow/ex_mailflow_dl.md @@ -13,8 +13,11 @@ The EX_Mailflow_DL job provides information around distribution list usage. View the analysis tasks by navigating to the **Exchange** > **8. Exchange Online** > **EX_Mailflow_DL** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the EX_Mailflow_DL Job](/img/product_docs/accessanalyzer/11.6/solutions/exchange/online/mailflow/mailflowdlanalysis.webp) @@ -29,6 +32,7 @@ The following analysis tasks are selected by default: In addition to the tables and views created by the analysis tasks, the EX_Mailflow_DL Jjb produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ------------------------- | ------------------------------------------------------ | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Top DLs by Received Count | The top distribution lists by total messages received. | None | This report is comprised of two elements: - Bar Chart – Displays top five distribution lists by received count - Table – Provides details on the top five distribution lists by received count | +| Report | Description | Default Tags | Report Elements | +| ------------------------- | ------------------------------------------------------ | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Top DLs by Received Count | The top distribution lists by total messages received. | None | This report is comprised of two elements:
  • Bar Chart – Displays top five distribution lists by received count
  • Table – Provides details on the top five distribution lists by received count
| + diff --git a/docs/accessanalyzer/11.6/solutions/exchange/online/mailflow/ex_mailflow_domain.md b/docs/accessanalyzer/11.6/solutions/exchange/online/mailflow/ex_mailflow_domain.md index 6499d85366..5d3e3f5fbe 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/online/mailflow/ex_mailflow_domain.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/online/mailflow/ex_mailflow_domain.md @@ -29,8 +29,11 @@ topic for additional information. View the analysis task by navigating to the **Exchange** > **8. Exchange Online** > **EX_Mailflow_Domain** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the EX_Mailflow_Domain Job](/img/product_docs/accessanalyzer/11.6/solutions/exchange/online/mailflow/mailflowdomainanalysis.webp) @@ -49,6 +52,7 @@ The following analysis task is selected by default: In addition to the tables and views created by the analysis task, the EX_Mailflow_Domain job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| -------------------- | ---------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------- | -| Top Domains By Count | Displays top domains by recipient count. | None | This report is comprised of two elements: - Bar Chart – Displays top domains - Table – Provides details on top domains | +| Report | Description | Default Tags | Report Elements | +| -------------------- | ---------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------- | +| Top Domains By Count | Displays top domains by recipient count. | None | This report is comprised of two elements:
  • Bar Chart – Displays top domains
  • Table – Provides details on top domains
| + diff --git a/docs/accessanalyzer/11.6/solutions/exchange/online/mailflow/ex_mailflow_mailbox.md b/docs/accessanalyzer/11.6/solutions/exchange/online/mailflow/ex_mailflow_mailbox.md index 2ccb0a8d1f..17f7511290 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/online/mailflow/ex_mailflow_mailbox.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/online/mailflow/ex_mailflow_mailbox.md @@ -30,8 +30,11 @@ topic for additional information. View the analysis tasks by navigating to the **Exchange** > **8. Exchange Online** > **EX_Mailflow_Mailbox** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the EX_Mailflow_Mailbox Job](/img/product_docs/accessanalyzer/11.6/solutions/exchange/online/mailflow/mailflowmailboxanalysis.webp) @@ -60,9 +63,10 @@ The following analysis tasks are selected by default: In addition to the tables and views created by the analysis tasks, the EX_Mailflow_Mailbox job produces the following pre-configured reports. -| Report | Description | Default Tags | Report Elements | -| --------------------------------------------------------------------------- | ------------------------------------------------ | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Top Users Message Count by Message ID (Top User Traffic By Message ID) | Displays message counts for users by Message ID. | None | This report is comprised of two elements: - Bar Chart – Displays top 5 users traffic by message ID - Table – Provides details on the last 30 days user traffic by message ID | -| Top Users Message Count By Recipient (Top Users Traffic By Recipient) | Displays message counts for users by recipient. | None | This report is comprised of two elements: - Bar Chart – Displays top 5 users traffic by recipient - Table – Provides details on the last 30 days user traffic by recipient | -| Top Users Message Size By Message ID (Top Users Traffic Size By Message ID) | Displays message sizes for users by Message ID. | None | This report is comprised of two elements: - Bar Chart – Displays top 5 users traffic size by message ID - Table –Details on the last 30 days user traffic size by recipient | -| Top Users Message Size By Recipient (Top Users Traffic Size By Recipient) | Displays message sizes for users by recipient. | None | This report is comprised of two elements: - Bar Chart – Displays top 5 users traffic size by recipient - Table – Provides details on the last 30 days user traffic size by recipient | +| Report | Description | Default Tags | Report Elements | +| --------------------------------------------------------------------------- | ------------------------------------------------ | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Top Users Message Count by Message ID (Top User Traffic By Message ID) | Displays message counts for users by Message ID. | None | This report is comprised of two elements:
  • Bar Chart – Displays top 5 users traffic by message ID
  • Table – Provides details on the last 30 days user traffic by message ID
| +| Top Users Message Count By Recipient (Top Users Traffic By Recipient) | Displays message counts for users by recipient. | None | This report is comprised of two elements:
  • Bar Chart – Displays top 5 users traffic by recipient
  • Table – Provides details on the last 30 days user traffic by recipient
| +| Top Users Message Size By Message ID (Top Users Traffic Size By Message ID) | Displays message sizes for users by Message ID. | None | This report is comprised of two elements:
  • Bar Chart – Displays top 5 users traffic size by message ID
  • Table –Details on the last 30 days user traffic size by recipient
| +| Top Users Message Size By Recipient (Top Users Traffic Size By Recipient) | Displays message sizes for users by recipient. | None | This report is comprised of two elements:
  • Bar Chart – Displays top 5 users traffic size by recipient
  • Table – Provides details on the last 30 days user traffic size by recipient
| + diff --git a/docs/accessanalyzer/11.6/solutions/exchange/online/mailflow/ex_mailflow_orgoverview.md b/docs/accessanalyzer/11.6/solutions/exchange/online/mailflow/ex_mailflow_orgoverview.md index e10b71587d..2fad9cd56e 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/online/mailflow/ex_mailflow_orgoverview.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/online/mailflow/ex_mailflow_orgoverview.md @@ -45,7 +45,8 @@ The following analysis task is selected by default: In addition to the tables and views created by the analysis task, the EX_Mailflow_OrgOverview job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ------------------------------------------ | ----------------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Trend By MessageID (Organization Overview) | This report shows an overview of sent and received message statuses for the organization. | None | This report is comprised of two elements: - Line Chart – Displays the last 7 days trend by message ID - Table – Provides details on the last 30 days total traffic by message ID | -| Trend By Recipient | This report shows the trend of sent/received and total traffic by recipient. | None | This report is comprised of two elements: - Line Chart – Displays the last 7 days trend by recipient - Table – Provides details on the last 30 days traffic by recipient | +| Report | Description | Default Tags | Report Elements | +| ------------------------------------------ | ----------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Trend By MessageID (Organization Overview) | This report shows an overview of sent and received message statuses for the organization. | None | This report is comprised of two elements:
  • Line Chart – Displays the last 7 days trend by message ID
  • Table – Provides details on the last 30 days total traffic by message ID
| +| Trend By Recipient | This report shows the trend of sent/received and total traffic by recipient. | None | This report is comprised of two elements:
  • Line Chart – Displays the last 7 days trend by recipient
  • Table – Provides details on the last 30 days traffic by recipient
| + diff --git a/docs/accessanalyzer/11.6/solutions/exchange/online/recommended.md b/docs/accessanalyzer/11.6/solutions/exchange/online/recommended.md index 5a8f01eca7..fabaa8dfc1 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/online/recommended.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/online/recommended.md @@ -6,14 +6,14 @@ sidebar_position: 10 # Recommended Configurations for the 8. Exchange Online Job Group -Dependencies +**Dependencies** The following Enterprise Auditor job groups need to be successfully run: - .Active Directory Inventory - .Entra ID Inventory -Targeted Hosts +**Targeted Hosts** The Mailflow job group uses Remote PowerShell through the ExchangePS Data Collector and the PowerShell Data Collector. The host list needs to be set to one of the following: @@ -26,7 +26,7 @@ PowerShell Data Collector. The host list needs to be set to one of the following [Exchange Online Host List](/docs/accessanalyzer/11.6/admin/datacollector/exchangeps/configurejob.md#exchange-online-host-list) topic for additional information. -Connection Profile +**Connection Profile** See the [Exchange PowerShell Permissions](/docs/accessanalyzer/11.6/requirements/exchange/support/powershell.md) @@ -43,13 +43,16 @@ See the [Exchange Custom Connection Profile & Host List](/docs/accessanalyzer/11.6/admin/datacollector/exchangeps/configurejob.md) topic for additional information. -Schedule Frequency +**Schedule Frequency** This job group has been designed to run daily. -**_RECOMMENDED:_** Run this job group at 1:00 AM. +:::info +Run this job group at 1:00 AM. +::: -Query Configuration + +**Query Configuration** The 8. Exchange Online job group is designed to be run with the default query configurations. However, the following queries can be modified: @@ -59,7 +62,7 @@ However, the following queries can be modified: No other queries should be modified. -Analysis Configuration +**Analysis Configuration** The 8. Exchange Online job group should be run with the default analysis configurations. Most of these analysis tasks are preconfigured and should never be modified or deselected. There are some @@ -74,7 +77,7 @@ The following analysis tasks should not be deselected, but their parameters can - **Mailflow** > **EX_Mailflow_Mailbox** Job – **User Mailboxes by Message Size** Analysis Task - **Mailflow** > **EX_Mailflow_OrgOverview** Job – **Organization Overview** Analysis Task -Workflow +**Workflow** **Step 1 –** Set the host on the EX_Mailflow job. diff --git a/docs/accessanalyzer/11.6/solutions/exchange/overview.md b/docs/accessanalyzer/11.6/solutions/exchange/overview.md index f2929e8805..ef13b1ff21 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/overview.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/overview.md @@ -13,7 +13,7 @@ Health, Public Folders and Configuration Baseline. Sensitive Data Discovery sear public folders to discover where sensitive information of any type exists. This requires the Sensitive Data Discovery Add-on. -Supported Platforms +**Supported Platforms** - Exchange Online (Limited) @@ -26,15 +26,15 @@ See the [Exchange Support and Permissions Explained](/docs/accessanalyzer/11.6/requirements/exchange/support/support.md) topic for additional information. -Requirements, Permissions, and Ports +**Requirements, Permissions, and Ports** See the -[Target Exchange Servers Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/exchange/exchange_1.md) +[Target Exchange Servers Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/exchange/target.md) and [Target Exchange Online Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/exchange/exchangeonline/exchangeonline.md) topics for additional information. -Sensitive Data Discovery Considerations +**Sensitive Data Discovery Considerations** The Sensitive Data Discovery Add-On must be installed on the Enterprise Auditor Console server, which enables Sensitive Data criteria for scans.If running Sensitive Data Discovery (SDD) scans, it @@ -42,13 +42,16 @@ will be necessary to increase the minimum amount of RAM. Each thread requires a additional GB of RAM per host.For example, if the job is configured to scan 8 hosts at a time , then an extra 16 GB of RAM are required (8x2=16). -**NOTE:** The Sensitive Data Discovery Add-on installation package installs the appropriate JDK +:::note +The Sensitive Data Discovery Add-on installation package installs the appropriate JDK (Java) version on the server. The JDK deployed is prepackaged and does not require any configuration; it has been preconfigured to work with Enterprise Auditor and should never be customized through Java. It will not conflict with other JDKs or Java Runtimes in the same environment. +::: -Location + +**Location** The Exchange Solution requires a special Enterprise Auditor license. It can be installed from the Enterprise Auditor Instant Job Wizard. Once it has been installed into the Jobs tree, navigate to @@ -83,7 +86,10 @@ The following job groups comprise the Exchange Solution: – Comprised of data collection, analyses, and reports around mailbox features, logons, permissions, and sizing - **CAUTION:** It is not recommended to run this job group at this job group level. + :::warning + It is not recommended to run this job group at this job group level. + ::: + - See the [Recommended Configurations for the 4. Mailboxes Job Group](/docs/accessanalyzer/11.6/solutions/exchange/mailboxes/recommended.md) diff --git a/docs/accessanalyzer/11.6/solutions/exchange/publicfolders/content/pf_content.md b/docs/accessanalyzer/11.6/solutions/exchange/publicfolders/content/pf_content.md index a3ce9980af..c367e620be 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/publicfolders/content/pf_content.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/publicfolders/content/pf_content.md @@ -14,8 +14,11 @@ content aging. View the analysis tasks by navigating to the **Exchange** > **5. Public Folders** > **Content** > **PF_Content** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the PF_Content Job](/img/product_docs/accessanalyzer/11.6/solutions/exchange/publicfolders/content/contentanalysis.webp) @@ -33,7 +36,8 @@ The following analysis tasks are selected by default: In addition to the tables and views created by the analysis tasks, the PF_Content job produces the following pre-configured reports: -| Report | Description | Default Tags | Report Elements | -| ------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Aging by File Count (Public Folder Aging by File Count) | This report highlights content aging within the targeted Public Folder environment, with a focus on the number of files. | None | This report is comprised of three elements: - Bar Chart – Displays public folder environment aging - Table – Provides details on public folder environment aging by file count - Table – Provides details on aging by sub tree | -| Aging by File Size (Public Folder Aging by File Size) | This report highlights content aging within the targeted Public Folder environment, with a focus on the size of files. | None | This report is comprised of three elements: - Column Chart – Displays public folder environment aging by file size - Table – Provides details on public folder environment by file size - Table – Provides details on aging by sub tree | +| Report | Description | Default Tags | Report Elements | +| ------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Aging by File Count (Public Folder Aging by File Count) | This report highlights content aging within the targeted Public Folder environment, with a focus on the number of files. | None | This report is comprised of three elements:
  • Bar Chart – Displays public folder environment aging
  • Table – Provides details on public folder environment aging by file count
  • Table – Provides details on aging by sub tree
| +| Aging by File Size (Public Folder Aging by File Size) | This report highlights content aging within the targeted Public Folder environment, with a focus on the size of files. | None | This report is comprised of three elements:
  • Column Chart – Displays public folder environment aging by file size
  • Table – Provides details on public folder environment by file size
  • Table – Provides details on aging by sub tree
| + diff --git a/docs/accessanalyzer/11.6/solutions/exchange/publicfolders/content/pf_contentscans.md b/docs/accessanalyzer/11.6/solutions/exchange/publicfolders/content/pf_contentscans.md index 6b9de6be8c..aaab0dd690 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/publicfolders/content/pf_contentscans.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/publicfolders/content/pf_contentscans.md @@ -33,8 +33,11 @@ The following query is included in the PF_ContentScans job: View the analysis task by navigating to the **Exchange** > **5. Public Folders** > **Content** > **Collection** > **PF_ContentScans** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the PF_ContentScans Job](/img/product_docs/accessanalyzer/11.6/solutions/exchange/publicfolders/content/contentscansanalysis.webp) diff --git a/docs/accessanalyzer/11.6/solutions/exchange/publicfolders/growthsize/pf_folderscans.md b/docs/accessanalyzer/11.6/solutions/exchange/publicfolders/growthsize/pf_folderscans.md index 8595b83fc4..00e3317b34 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/publicfolders/growthsize/pf_folderscans.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/publicfolders/growthsize/pf_folderscans.md @@ -33,8 +33,11 @@ The following query is included in the PF_FolderScans Job: View the analysis task by navigating to the **Exchange** > **5. Public Folders** > **Growth and Size** > **Collection** > **PF_FolderScans** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the PF_FolderScans Job](/img/product_docs/accessanalyzer/11.6/solutions/exchange/publicfolders/growthsize/folderscansanalysis.webp) diff --git a/docs/accessanalyzer/11.6/solutions/exchange/publicfolders/growthsize/pf_foldersize.md b/docs/accessanalyzer/11.6/solutions/exchange/publicfolders/growthsize/pf_foldersize.md index 4617d64b60..0855d0173f 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/publicfolders/growthsize/pf_foldersize.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/publicfolders/growthsize/pf_foldersize.md @@ -13,8 +13,11 @@ The PF_FolderSize job provides details related to public folder sizing and growt View the analysis tasks by navigating to the **Exchange** > **5. Public Folders** > **Growth and Size** > **PF_FolderSize** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the PF_FolderSize Job](/img/product_docs/accessanalyzer/11.6/solutions/exchange/publicfolders/growthsize/foldersizeanalysis.webp) @@ -37,8 +40,11 @@ The following analysis tasks are selected by default: The following analysis task clears table data from data collection and analysis jobs. This analysis task should remain cleared unless specifically needed: -**CAUTION:** Do not select the **00. Delete all Historical Data** option. This analysis task is for +:::warning +Do not select the **00. Delete all Historical Data** option. This analysis task is for troubleshooting and cleanup only. Data will be deleted from the database. +::: + - 00.Delete all Historical Data - See the @@ -48,6 +54,7 @@ troubleshooting and cleanup only. Data will be deleted from the database. In addition to the tables and views created by the analysis tasks, the PF_FolderSize job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ----------------------------- | ----------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------- | -| Public Folder Size and Growth | This report shows the largest public folders and percent change over 30 days. | None | This report is comprised of two elements: - Bar Chart – Displays largest public folders - Table – Provides details on largest public folders | +| Report | Description | Default Tags | Report Elements | +| ----------------------------- | ----------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Public Folder Size and Growth | This report shows the largest public folders and percent change over 30 days. | None | This report is comprised of two elements:
  • Bar Chart – Displays largest public folders
  • Table – Provides details on largest public folders
| + diff --git a/docs/accessanalyzer/11.6/solutions/exchange/publicfolders/ownership/pf_folderownership.md b/docs/accessanalyzer/11.6/solutions/exchange/publicfolders/ownership/pf_folderownership.md index 37fca76daa..0dc3247c09 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/publicfolders/ownership/pf_folderownership.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/publicfolders/ownership/pf_folderownership.md @@ -44,9 +44,12 @@ The following queries are included in the PF_FolderOwnership job: The ExchangePublicFolder Data Collector can be scoped if desired. Follow the steps to modify the query configuration. -**NOTE:** These instructions include information on modifying the calculation used to determine +:::note +These instructions include information on modifying the calculation used to determine probable ownership. Step 5 is only applicable to the Probable Ownership Query in the PF_FolderOwnership Job. +::: + **Step 1 –** Navigate to job’s **Configure** node and select **Queries**. @@ -56,7 +59,10 @@ Properties window opens. **Step 3 –** Select the **Data Source** tab, and click **Configure**. The Exchange Public Folder Data Collector Wizard opens. -**CAUTION:** Do not modify other wizard pages. The wizard pages are pre-configured for this job. +:::warning +Do not modify other wizard pages. The wizard pages are pre-configured for this job. +::: + ![Exchange Public Folder Data Collector Wizard Scope page](/img/product_docs/activitymonitor/7.1/config/activedirectory/scope.webp) @@ -84,7 +90,10 @@ using the following settings: - Selected Table – Select this option to return only those public folders within the table and field name specified on the Scope page of the query - _Remember,_ the scoping options available vary based on the pre-defined query configurations. + :::tip + Remember, the scoping options available vary based on the pre-defined query configurations. + ::: + See the [ExchangePublicFolder: Scope](/docs/accessanalyzer/11.6/admin/datacollector/exchangepublicfolder/scope.md) @@ -113,8 +122,11 @@ The job applies the modification to future job executions. View the analysis task by navigating to the **Exchange** > **5. Public Folders** > **Ownership** > **Collection** > **PF_FolderOwnership** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the PF_FolderOwnership Job](/img/product_docs/accessanalyzer/11.6/solutions/exchange/publicfolders/ownership/folderownershipanalysis.webp) diff --git a/docs/accessanalyzer/11.6/solutions/exchange/publicfolders/ownership/pf_owners.md b/docs/accessanalyzer/11.6/solutions/exchange/publicfolders/ownership/pf_owners.md index d11c459f0a..1457f4392c 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/publicfolders/ownership/pf_owners.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/publicfolders/ownership/pf_owners.md @@ -16,8 +16,11 @@ based on folder ownership, content posted, and size of content posted. View the analysis tasks by navigating to the **Exchange** > **5. Public Folders** > **Ownership** > **PF_Owners** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the PF_Owners Job](/img/product_docs/accessanalyzer/11.6/solutions/exchange/publicfolders/ownership/ownersanalysis.webp) @@ -31,7 +34,8 @@ The following analysis tasks are selected by default: In addition to the tables and views created by the analysis tasks, the PF_Owners job produces the following pre-configured reports: -| Report | Description | Default Tags | Report Elements | -| ----------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------ | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Identification Success (Probable Owner Identification Rate) | This report identifies folder trees with a high success rate of probable owners identified. This may help scope initial cleanup campaigns. | None | This report is comprised of two elements: - Stacked Bar Chart – Displays probable owner identification success - Table – Provides details probable owner identification success | -| Probable Owners | This report identifies probable owners for all scanned folders. | None | This report is comprised of one element: - Table – Provides details on probable owners | +| Report | Description | Default Tags | Report Elements | +| ----------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------ | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Identification Success (Probable Owner Identification Rate) | This report identifies folder trees with a high success rate of probable owners identified. This may help scope initial cleanup campaigns. | None | This report is comprised of two elements:
  • Stacked Bar Chart – Displays probable owner identification success
  • Table – Provides details probable owner identification success
| +| Probable Owners | This report identifies probable owners for all scanned folders. | None | This report is comprised of one element:
  • Table – Provides details on probable owners
| + diff --git a/docs/accessanalyzer/11.6/solutions/exchange/publicfolders/permissions/pf_entitlements.md b/docs/accessanalyzer/11.6/solutions/exchange/publicfolders/permissions/pf_entitlements.md index 5bd2669f72..6ffe7e8d87 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/publicfolders/permissions/pf_entitlements.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/publicfolders/permissions/pf_entitlements.md @@ -14,8 +14,11 @@ permissions applied to each public folder within the Exchange environment. View the analysis tasks by navigating to the **Exchange** > **5. Public Folders** > **Permissions** > **PF_Entitlements** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the PF_EntitlementScans Job](/img/product_docs/accessanalyzer/11.6/solutions/exchange/publicfolders/permissions/entitlementsanalysis.webp) @@ -36,8 +39,9 @@ The following analysis tasks are selected by default: In addition to the tables and views created by the analysis tasks, the PF_Entitlements job produces the following pre-configured reports: -| Report | Description | Default Tags | Report Elements | -| ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Default and Anonymous Entitlement | Indicates entitlements that are explicitly assigned to the default or anonymous accounts across all public folders. | None | This report is comprised of two elements: - Stacked Bar Chart – Displays folder trees by default and anonymous entitlements - Table – Provides details on folder trees by default and anonymous entitlements | -| No Explicit Permissions (Leaf Folders with No Explicit Perms) | Provides all leaf Public Folders that only have Default, Anonymous, or unresolved SIDs as the explicit permissions, and have no child folders. These can potentially be deleted since they may not be accessed by active users. | None | This report is comprised of three elements: - Bar Chart – Displays percent of enterprises with issues - Table – Provides details on percent of enterprises with issues - Table – Provides details on folders with no explicit permissions | -| Unresolved SIDs (Unresolved SID Entitlements) | This report identifies any places where unresolved SIDs have been given entitlements. | None | This report is comprised of two elements: - Bar Chart – Displays top level trees by unresolved entitlements - Table – Provides details on top level trees by unresolved entitlements | +| Report | Description | Default Tags | Report Elements | +| ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Default and Anonymous Entitlement | Indicates entitlements that are explicitly assigned to the default or anonymous accounts across all public folders. | None | This report is comprised of two elements:
  • Stacked Bar Chart – Displays folder trees by default and anonymous entitlements
  • Table – Provides details on folder trees by default and anonymous entitlements
| +| No Explicit Permissions (Leaf Folders with No Explicit Perms) | Provides all leaf Public Folders that only have Default, Anonymous, or unresolved SIDs as the explicit permissions, and have no child folders. These can potentially be deleted since they may not be accessed by active users. | None | This report is comprised of three elements:
  • Bar Chart – Displays percent of enterprises with issues
  • Table – Provides details on percent of enterprises with issues
  • Table – Provides details on folders with no explicit permissions
| +| Unresolved SIDs (Unresolved SID Entitlements) | This report identifies any places where unresolved SIDs have been given entitlements. | None | This report is comprised of two elements:
  • Bar Chart – Displays top level trees by unresolved entitlements
  • Table – Provides details on top level trees by unresolved entitlements
| + diff --git a/docs/accessanalyzer/11.6/solutions/exchange/publicfolders/permissions/pf_entitlementscans.md b/docs/accessanalyzer/11.6/solutions/exchange/publicfolders/permissions/pf_entitlementscans.md index 4b0cc2cc22..136fc7a8eb 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/publicfolders/permissions/pf_entitlementscans.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/publicfolders/permissions/pf_entitlementscans.md @@ -34,8 +34,11 @@ View the analysis tasks by navigating to the **Exchange** > **5. Public Folders* **Permissions** > **Collection** > **PF_EntitlementScans** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the PF_EntitlementScans Job](/img/product_docs/accessanalyzer/11.6/solutions/exchange/publicfolders/permissions/entitlementscansanalysis.webp) diff --git a/docs/accessanalyzer/11.6/solutions/exchange/publicfolders/pf_overview.md b/docs/accessanalyzer/11.6/solutions/exchange/publicfolders/pf_overview.md index 0013ad727f..9b4b8a59f4 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/publicfolders/pf_overview.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/publicfolders/pf_overview.md @@ -15,8 +15,11 @@ time a public folder received mail. View the analysis tasks by navigating to the **Exchange** > **5. Public Folders** > **PF_Overview** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the PF_Overview Job](/img/product_docs/accessanalyzer/11.6/solutions/exchange/publicfolders/overviewanalysis.webp) @@ -30,7 +33,8 @@ The following analysis tasks are selected by default: In addition to the tables and views created by the analysis tasks, the PF_Overview job produces the following pre-configured reports: -| Report | Description | Default Tags | Report Elements | -| -------------------------- | --------------------------------------------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Public Folder Mail Traffic | This report shows which mail-enabled public folders have mail traffic. | None | This report is comprised of two elements: - Bar Chart – Displays oldest public folders - Table – Provides details on oldest public folders | -| Public Folder Summary | This report shows where data is concentrated within the public folder environment, sorted by the largest top-level folders. | None | This report is comprised of three elements: - Bar Chart – Displays public folder environment - Table – Provides details largest public folder trees - Table – Provides details on the public folder environment | +| Report | Description | Default Tags | Report Elements | +| -------------------------- | --------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Public Folder Mail Traffic | This report shows which mail-enabled public folders have mail traffic. | None | This report is comprised of two elements:
  • Bar Chart – Displays oldest public folders
  • Table – Provides details on oldest public folders
| +| Public Folder Summary | This report shows where data is concentrated within the public folder environment, sorted by the largest top-level folders. | None | This report is comprised of three elements:
  • Bar Chart – Displays public folder environment
  • Table – Provides details largest public folder trees
  • Table – Provides details on the public folder environment
| + diff --git a/docs/accessanalyzer/11.6/solutions/exchange/publicfolders/recommended.md b/docs/accessanalyzer/11.6/solutions/exchange/publicfolders/recommended.md index 6948503411..84d3b71fc2 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/publicfolders/recommended.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/publicfolders/recommended.md @@ -6,7 +6,7 @@ sidebar_position: 10 # Recommended Configurations for the 5. Public Folders Job Group -Dependencies +**Dependencies** This job group requires the following items to be installed and configured on the Enterprise Auditor Console: @@ -24,7 +24,7 @@ The following job groups need to be successfully run: - Provides data on public folder metrics for on-premises Exchange environments and the last time a distribution list received mail -Targeted Hosts +**Targeted Hosts** The Content, Growth and Size, and Permissions job groups use Remote PowerShell through the ExchangePS Data Collector and the host list should be set to the following: @@ -41,10 +41,13 @@ list: - This can be assigned at the **Collection** > **PF_FolderOwnership** job level by adding the individual host at the **Configure** > **Hosts** node - **NOTE:** The target host should be set to an on-premises Exchange server. Exchange Online is + :::note + The target host should be set to an on-premises Exchange server. Exchange Online is not support. + ::: -Connection Profile + +**Connection Profile** A Connection Profile must be set directly on the collection jobs. See the [Exchange PowerShell Permissions](/docs/accessanalyzer/11.6/requirements/exchange/support/powershell.md) @@ -64,15 +67,18 @@ See the [Connection](/docs/accessanalyzer/11.6/admin/settings/connection/overview.md) topic for additional information. -Schedule Frequency +**Schedule Frequency** This job group has been designed to run weekly or bi-weekly to collect information about public folders in the environment. This job group may be run more frequently depending on the size of the public folders database and public folder count. -**_RECOMMENDED:_** Run this job group on Fridays at 8:00 PM. +:::info +Run this job group on Fridays at 8:00 PM. +::: + -History Retention +**History Retention** History retention should not be enabled on this job group. History is kept through analysis tasks. Modify the following analysis task to customize the amount of history which is kept: @@ -81,7 +87,7 @@ Modify the following analysis task to customize the amount of history which is k | ------------- | --------------------- | --------------- | | PF_FolderSize | SET HISTORY RETENTION | 3 Months | -Query Configuration +**Query Configuration** The 5. Public Folders job group is designed to be run with the default query configurations. However, the following queries can be modified: @@ -95,18 +101,21 @@ However, the following queries can be modified: No other queries should be modified. -Analysis Configuration +**Analysis Configuration** The 5. Public Folders job group should be run with the default analysis configurations. -**CAUTION:** Most of these analysis tasks are preconfigured and should never be modified or +:::warning +Most of these analysis tasks are preconfigured and should never be modified or deselected. There are some that are deselected by default, as they are for troubleshooting purposes. +::: + The following analysis tasks should not be deselected, but their parameters can be modified: - **Growth and Size** > **PF_FolderSize** Job – **02.SET HISTORY RETENTION** Analysis Task -Workflow +**Workflow** **Step 1 –** Set the host on the **Ownership** > **Collection** job group. diff --git a/docs/accessanalyzer/11.6/solutions/exchange/recommended.md b/docs/accessanalyzer/11.6/solutions/exchange/recommended.md index ecbf1e6ec1..e7d097db5c 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/recommended.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/recommended.md @@ -44,8 +44,11 @@ opens. **Step 3 –** Select the **Data Source** tab, and click **Configure**. The ExchangePS Data Collector Wizard opens. -**CAUTION:** Unless otherwise indicated within the job group section, do not make changes to other +:::warning +Unless otherwise indicated within the job group section, do not make changes to other wizard pages as they have been pre-configured for the purpose of the job. +::: + ![CAS name on ExchangePS Data Collector Wizard Category page](/img/product_docs/accessanalyzer/11.6/solutions/exchange/exchangepscas.webp) diff --git a/docs/accessanalyzer/11.6/solutions/exchange/sensitivedata/collection/ex_mailbox_sdd.md b/docs/accessanalyzer/11.6/solutions/exchange/sensitivedata/collection/ex_mailbox_sdd.md index 0c52c50f4e..d2421f064c 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/sensitivedata/collection/ex_mailbox_sdd.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/sensitivedata/collection/ex_mailbox_sdd.md @@ -8,7 +8,7 @@ sidebar_position: 10 The EX_Mailbox_SDD job locates sensitive data found in mailboxes in the Exchange environment. -Special Dependency +**Special Dependency** - Sensitive Data Discovery Add-On installed on the Enterprise Auditor Console server @@ -16,8 +16,11 @@ Special Dependency [Sensitive Data Discovery Add-On Installation](/docs/accessanalyzer/11.6/install/sensitivedatadiscovery/overview.md) topic for additional information - **NOTE:** Though the job is visible within the console, it requires an additional installer + :::note + Though the job is visible within the console, it requires an additional installer package before data collection occurs. + ::: + ## Queries for the EX_Mailbox_SDD Job @@ -58,8 +61,11 @@ click**Query Properties**. The Query Properties window opens. **Step 3 –** Select the **Data Source** tab, and click **Configure**. The EWS Mailbox Data Collector Wizard opens. -**CAUTION:** Do not make changes to other wizard pages as they have been pre-configured for the +:::warning +Do not make changes to other wizard pages as they have been pre-configured for the purpose of this job. +::: + ![EWS Mailbox Data Collector Wizard Mailbox scope settings page](/img/product_docs/accessanalyzer/11.6/solutions/exchange/sensitivedata/collection/mailboxscopesettings.webp) @@ -83,8 +89,11 @@ Sensitive data matches can be limited to reduce storage space. See the [EWSMailbox: SDD Options](/docs/accessanalyzer/11.6/admin/datacollector/ewsmailbox/sddoptions.md) topic for additional information. -**NOTE:** By default, discovered sensitive data strings are not stored in the Enterprise Auditor +:::note +By default, discovered sensitive data strings are not stored in the Enterprise Auditor database. +::: + ![EWS Mailbox Data Collector Wizard Criteria page](/img/product_docs/accessanalyzer/11.6/admin/datacollector/ewsmailbox/criteria.webp) @@ -116,7 +125,10 @@ See the [EWSMailbox: Results](/docs/accessanalyzer/11.6/admin/datacollector/ewsmailbox/results.md) topic for additional information. -**NOTE:** By default, all categories are selected under sensitive data. +:::note +By default, all categories are selected under sensitive data. +::: + **Step 10 –** Navigate to the Summary page, click **Finish** to save any setting modifications or click **Cancel** if no changes were made. Then click **OK** to close the Query Properties window @@ -128,8 +140,11 @@ The job now applies the modification to future job executions. View the analysis task by navigating to the **Exchange** > **7.Sensitive Data** > **EX_Mailbox_SDD** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the EX_Mailbox_SDD Job](/img/product_docs/accessanalyzer/11.6/solutions/exchange/sensitivedata/collection/mailboxsddanalysis.webp) diff --git a/docs/accessanalyzer/11.6/solutions/exchange/sensitivedata/collection/ex_publicfolder_sdd.md b/docs/accessanalyzer/11.6/solutions/exchange/sensitivedata/collection/ex_publicfolder_sdd.md index b013b38c6e..9fe71c7fec 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/sensitivedata/collection/ex_publicfolder_sdd.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/sensitivedata/collection/ex_publicfolder_sdd.md @@ -9,7 +9,7 @@ sidebar_position: 20 The EX_PublicFolder_SDD job locates sensitive data found in public folders in the Exchange environment. -Special Dependency +**Special Dependency** - Sensitive Data Discovery Add-On installed on the Enterprise Auditor Console server @@ -17,8 +17,11 @@ Special Dependency [Sensitive Data Discovery Add-On Installation](/docs/accessanalyzer/11.6/install/sensitivedatadiscovery/overview.md) topic for additional information - **NOTE:** Though the job is visible within the console, it requires an additional installer + :::note + Though the job is visible within the console, it requires an additional installer package before data collection occurs. + ::: + ## Queries for the EX_PublicFolder_SDD Job @@ -56,7 +59,10 @@ Data Collector to scan for sensitive data. **Step 3 –** Select the **Data Source** tab, and click **Configure**. The EWS Public Folder Data Collector Wizard opens. -**CAUTION:** Do not modify other wizard pages. The wizard pages are pre-configured for this job. +:::warning +Do not modify other wizard pages. The wizard pages are pre-configured for this job. +::: + ![EWS Public Folder Data Collector Wizard SDD Options page](/img/product_docs/accessanalyzer/11.6/admin/datacollector/ewsmailbox/sddoptions.webp) @@ -65,8 +71,11 @@ Sensitive data matches can be limited to reduce storage space. See the [EWSPublicFolder: SDD Options](/docs/accessanalyzer/11.6/admin/datacollector/ewspublicfolder/sddoptions.md) topic for additional information. -**NOTE:** By default, discovered sensitive data strings are not stored in the Enterprise Auditor +:::note +By default, discovered sensitive data strings are not stored in the Enterprise Auditor database. +::: + ![EWS Public Folder Data Collector Wizard Criteria page](/img/product_docs/accessanalyzer/11.6/admin/datacollector/ewsmailbox/criteria.webp) @@ -98,7 +107,10 @@ page.  See the [EWSPublicFolder: Results](/docs/accessanalyzer/11.6/admin/datacollector/ewspublicfolder/results.md) topic for additional information. -**NOTE:** By default, all categories are selected under sensitive data. +:::note +By default, all categories are selected under sensitive data. +::: + **Step 8 –** Navigate to the Summary page, click **Finish** to save any setting modifications or click **Cancel** if no changes were made. Then click **OK** to close the Query Properties window diff --git a/docs/accessanalyzer/11.6/solutions/exchange/sensitivedata/ex_sddresults.md b/docs/accessanalyzer/11.6/solutions/exchange/sensitivedata/ex_sddresults.md index c0d496bd68..499753939b 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/sensitivedata/ex_sddresults.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/sensitivedata/ex_sddresults.md @@ -14,8 +14,11 @@ data that is located within Exchange mailboxes and public folders within the env View the analysis tasks by navigating to the **Exchange** > **7. Sensitive Data** > **EX_SDDResults** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the EX_SDDResults Job](/img/product_docs/accessanalyzer/11.6/solutions/exchange/sensitivedata/sddresultsanalysis.webp) @@ -37,8 +40,11 @@ The following analysis tasks are selected by default: The following analysis task deletes table data from data collection and analysis jobs. This analysis task should remain cleared unless specifically needed: -**CAUTION:** Do not select the **Deletes all Stored Data** option. This analysis task is for +:::warning +Do not select the **Deletes all Stored Data** option. This analysis task is for troubleshooting and cleanup only. Data will be deleted from the database. +::: + - Deletes all Stored Data - LEAVE UNCHECKED – Clears all historical SDD data @@ -49,8 +55,9 @@ troubleshooting and cleanup only. Data will be deleted from the database. In addition to the tables and views created by the analysis tasks, the EX_SDDResults Job produces the following pre-configured reports. -| Report | Description | Default Tags | Report Elements | -| ------------------------------------------------------------- | ------------------------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Enterprise Summary (Sensitive Content) | This report identifies the type and amount of sensitive content found in scanned mailboxes. | None | This report is comprised of two elements: - Bar Chart – Displays exceptions by item count - Table – Provides a criteria summary | -| Mailbox Details (Mailboxes with Sensitive Content) | This report identifies the mailboxes containing sensitive data. | None | This report is comprised of three elements: - Bar Chart – Displays top mailboxes by sensitive item count - Table – Provides mailbox details - Table – Provides details on top mailboxes by sensitive item count | -| Public Folder Details (Public Folders with Sensitive Content) | This report identifies the public folders containing sensitive data. | None | This report is comprised of three elements: - Bar Chart – Displays top folders by sensitive data item count - Table – Provides public folder details - Table – Provides details on top folders by sensitive item count | +| Report | Description | Default Tags | Report Elements | +| ------------------------------------------------------------- | ------------------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Enterprise Summary (Sensitive Content) | This report identifies the type and amount of sensitive content found in scanned mailboxes. | None | This report is comprised of two elements:
  • Bar Chart – Displays exceptions by item count
  • Table – Provides a criteria summary
| +| Mailbox Details (Mailboxes with Sensitive Content) | This report identifies the mailboxes containing sensitive data. | None | This report is comprised of three elements:
  • Bar Chart – Displays top mailboxes by sensitive item count
  • Table – Provides mailbox details
  • Table – Provides details on top mailboxes by sensitive item count
| +| Public Folder Details (Public Folders with Sensitive Content) | This report identifies the public folders containing sensitive data. | None | This report is comprised of three elements:
  • Bar Chart – Displays top folders by sensitive data item count
  • Table – Provides public folder details
  • Table – Provides details on top folders by sensitive item count
| + diff --git a/docs/accessanalyzer/11.6/solutions/exchange/sensitivedata/overview.md b/docs/accessanalyzer/11.6/solutions/exchange/sensitivedata/overview.md index 31d6348a1d..8daddeff39 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/sensitivedata/overview.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/sensitivedata/overview.md @@ -13,7 +13,10 @@ and public folders in the Exchange environment. The following comprise the 7. Sensitive Data job group: -**NOTE:** These jobs are compatible with the Office 365 environment. +:::note +These jobs are compatible with the Office 365 environment. +::: + - [0.Collection Job Group](/docs/accessanalyzer/11.6/solutions/exchange/sensitivedata/collection/overview.md) – Locates sensitive data found in mailboxes and public folders in the Exchange environment diff --git a/docs/accessanalyzer/11.6/solutions/exchange/sensitivedata/recommended.md b/docs/accessanalyzer/11.6/solutions/exchange/sensitivedata/recommended.md index 4c5b0e5fdd..aac5d5af2d 100644 --- a/docs/accessanalyzer/11.6/solutions/exchange/sensitivedata/recommended.md +++ b/docs/accessanalyzer/11.6/solutions/exchange/sensitivedata/recommended.md @@ -6,7 +6,7 @@ sidebar_position: 10 # Recommended Configurations for the 7. Sensitive Data Job Group -Dependencies +**Dependencies** This job group requires the following item to be installed and configured on the Enterprise Auditor Console: @@ -17,7 +17,7 @@ The following job groups need to be successfully run: - .Active Directory Inventory Job Group -Targeted Hosts +**Targeted Hosts** The 0.Collection Job Group needs to be set to run against: @@ -31,11 +31,14 @@ to be set to run against the version-appropriate default dynamic host list: - Exchange 2016 MB Servers - Exchange 2019 MB Servers -**NOTE:** Default dynamic host lists are populated from hosts in the Host Master Table which meet +:::note +Default dynamic host lists are populated from hosts in the Host Master Table which meet the host inventory criteria for the list. Ensure the appropriate host lists have been populated through host inventory results. +::: -Connection Profile + +**Connection Profile** A Connection Profile must be set directly on jobs within the 0.Collection job group. See the [Exchange Web Services API Permissions](/docs/accessanalyzer/11.6/requirements/exchange/support/webservicesapi.md) @@ -45,11 +48,11 @@ See the [Connection](/docs/accessanalyzer/11.6/admin/settings/connection/overview.md) topic for additional information. -Schedule Frequency +**Schedule Frequency** This job group has been designed to run as desired. -Query Configuration +**Query Configuration** The 7. Sensitive Data Job Group is designed to be run with the default query configurations. However, the following queries can be modified: @@ -59,7 +62,7 @@ However, the following queries can be modified: No other queries should be modified. -Workflow +**Workflow** **Step 1 –** Set the host on the EX_Mailbox_SDD or EX_PublicFolder_SDD job. diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/activity/forensics/fs_deletions.md b/docs/accessanalyzer/11.6/solutions/filesystem/activity/forensics/fs_deletions.md index a841812750..1bed9d91a7 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/activity/forensics/fs_deletions.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/activity/forensics/fs_deletions.md @@ -14,28 +14,31 @@ servers. View the analysis tasks by navigating to the **FileSystem** > **5.Activity** > **Forensics** > **FS_Deletions** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the FS_Deletions Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/activity/forensics/deletionsanalysis.webp) The following analysis tasks are selected by default: -- 1. Create deletions view – Creates the SA_FSAC_DeletesView view accessible under the job’s +- **1. Create deletions view** – Creates the SA_FSAC_DeletesView view accessible under the job’s Results node -- 2. Last 30 Days – Creates the SA_FS_Deletions_Last30Days table accessible under the job’s +- **2. Last 30 Days** – Creates the SA_FS_Deletions_Last30Days table accessible under the job’s Results node -- 3. Trend – Creates the SA_FS_Deletions_TrendOverTime table accessible under the job’s Results +- **3. Trend** – Creates the SA_FS_Deletions_TrendOverTime table accessible under the job’s Results node -- 4. Create view to alert - Past 24 hours – Creates the SA_FS_Deletions_Notification_NOTIFICATION +- **4. Create view to alert - Past 24 hours** – Creates the SA_FS_Deletions_Notification_NOTIFICATION table accessible under the job’s Results node -- 6. Raw Details – Creates the SA_FS_Deletions_Details view accessible under the job’s Results +- **6. Raw Details** – Creates the SA_FS_Deletions_Details view accessible under the job’s Results node The Notification analysis task is an optional analysis task which requires configuration before enabling it. The following analysis task is deselected by default: -- 5. Notify on large number of deletes – Alerts when large number of deletions have occurred +- **5. Notify on large number of deletes** – Alerts when large number of deletions have occurred - Add recipients, notification subject, and email content - See the [Configure the Notification Analysis Task](#configure-the-notification-analysis-task) @@ -44,9 +47,10 @@ enabling it. The following analysis task is deselected by default: In addition to the tables and views created by the analysis tasks, the FS_Deletions job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------- | -| File and Folder Deletions (Deletion Events) | This report identifies deletion events for the past 30 days. The detailed report shows all resources that were successfully deleted as well as which users performed those events. | None | This report is comprised of two elements: - Line Chart– Displays the last 30 Days - Table – Provides details on deletions | +| Report | Description | Default Tags | Report Elements | +| ------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------- | +| File and Folder Deletions (Deletion Events) | This report identifies deletion events for the past 30 days. The detailed report shows all resources that were successfully deleted as well as which users performed those events. | None | This report is comprised of two elements:
  • Line Chart– Displays the last 30 Days
  • Table – Provides details on deletions
| + ### Configure the Notification Analysis Task @@ -60,8 +64,11 @@ Follow the steps to configure a notification analysis task. **Step 2 –** In the Analysis Selection view, select the Notification analysis task and click **Analysis Configuration** . The Notification Data Analysis Module wizard opens. -**CAUTION:** Do not make changes to other wizard pages as they have been pre-configured for the +:::warning +Do not make changes to other wizard pages as they have been pre-configured for the purpose of this job. +::: + ![Notification Data Analysis Module wizard SMTP page](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/activity/forensics/notificationsmtp.webp) @@ -78,7 +85,10 @@ provided. You can use the following options: - Combine multiple messages into single message – Sends one email for all objects in the record set instead of one email per object to all recipients - **_RECOMMENDED:_** Leave the **Combine multiple messages into single message** option selected. + :::info + Leave the **Combine multiple messages into single message** option selected. + ::: + ![Message section](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/activity/forensics/notificationsmtpmessage.webp) @@ -93,8 +103,11 @@ click **Cancel** if no changes were made. The Notification Data Analysis Module recipient list. In the Analysis Selection view, select this task so that notifications can be sent automatically during the execution of the job. -_Remember,_ all of the analysis tasks should remain in the default order indicated by the numbering. +:::tip +Remember, all of the analysis tasks should remain in the default order indicated by the numbering. Do not deselect any of the SQLscripting analysis tasks. +::: + Once the Notification analysis task is configured and enabled alerts are sent when the trigger has been identified by this job. diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/activity/forensics/fs_permissionchanges.md b/docs/accessanalyzer/11.6/solutions/filesystem/activity/forensics/fs_permissionchanges.md index 8c0f861508..e160380d06 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/activity/forensics/fs_permissionchanges.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/activity/forensics/fs_permissionchanges.md @@ -14,35 +14,38 @@ from targeted file servers. View the analysis tasks by navigating to the **FileSystem** > **5.Activity** > **Forensics** > **FS_PermissionChanges** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the FS_PermissionChanges Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/activity/forensics/permissionchangesanalysis.webp) The following analysis tasks are selected by default: -- 0. Create Permission Change Events Table – Creates an interim processing table in the database +- **0. Create Permission Change Events Table** – Creates an interim processing table in the database for use by downstream analysis and report generation -- 1. Create Permission Changes Table and View – Creates the SA_ENG_PermissionChangesView view +- **1. Create Permission Changes Table and View** – Creates the SA_ENG_PermissionChangesView view accessible under the job’s Results node -- 2. Last 30 Days – Creates the SA_FS_PermissionChanges_Last30Days table accessible under the +- **2. Last 30 Days** – Creates the SA_FS_PermissionChanges_Last30Days table accessible under the job’s Results node -- 3. Trend – Creates the SA_FS_PermissionChanges_TrendOverTime table accessible under the job’s +- **3. Trend** – Creates the SA_FS_PermissionChanges_TrendOverTime table accessible under the job’s Results node -- 4. Create view to notify on - By user, per share, for the past 24 hours – Creates the +- **4. Create view to notify on - By user, per share, for the past 24 hours** – Creates the SA_FS_PermissionChanges_Notification_NOTIFICATION table accessible under the job’s Results node -- 6. Raw Details – Creates the SA_FS_PermissionChanges_Details view accessible under the job’s +- **6. Raw Details** – Creates the SA_FS_PermissionChanges_Details view accessible under the job’s Results node -- 7. High risk permission changes – Creates the SA_FS_PermissionChanges_HighRisk table accessible +- **7. High risk permission changes** – Creates the SA_FS_PermissionChanges_HighRisk table accessible under the job’s Results node -- 8. High risk permission changes summary – Creates the SA_FS_PermissionChanges_HighRiskSummary +- **8. High risk permission changes summary** – Creates the SA_FS_PermissionChanges_HighRiskSummary table accessible under the job’s Results node The Notification analysis task is an optional analysis task which requires configuration before enabling it. The following analysis task is deselected by default: -- 5. Alert on Permission Changes – Alerts when permission changes have occurred +- **5. Alert on Permission Changes** – Alerts when permission changes have occurred - Add recipients, notification subject, and email content - See the @@ -52,7 +55,8 @@ enabling it. The following analysis task is deselected by default: In addition to the tables and views created by the analysis tasks, the FS_PermissionChanges job produces the following pre-configured reports: -| Report | Description | Default Tags | Report Elements | -| ------------------ | -------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- | -| High Risk Changes | This report highlights successful permission changes performed on a high risk trustee. The line chart shows data for the past 30 days only. | GDPR SOX HIPAA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of two elements: - Line Chart– Displays last 30 days of high risk changes - Table – Provides details on high risk changes | -| Permission Changes | This report identifies all resources where successful permission changes have occurred. The line chart shows data for the past 30 days only. | None | This report is comprised of two elements: - Line Chart– Displays last 30 days of permission changes - Table – Provides details on permission changes | +| Report | Description | Default Tags | Report Elements | +| ------------------ | -------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| High Risk Changes | This report highlights successful permission changes performed on a high risk trustee. The line chart shows data for the past 30 days only. | GDPR SOX HIPAA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of two elements:
  • Line Chart– Displays last 30 days of high risk changes
  • Table – Provides details on high risk changes
| +| Permission Changes | This report identifies all resources where successful permission changes have occurred. The line chart shows data for the past 30 days only. | None | This report is comprised of two elements:
  • Line Chart– Displays last 30 days of permission changes
  • Table – Provides details on permission changes
| + diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/activity/fs_leastprivilegedaccess.md b/docs/accessanalyzer/11.6/solutions/filesystem/activity/fs_leastprivilegedaccess.md index 16cfe79216..44c3834fc5 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/activity/fs_leastprivilegedaccess.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/activity/fs_leastprivilegedaccess.md @@ -20,36 +20,40 @@ The FS_LeastPrivilegedAccess job is located in the Least Privileged Access job g View the analysis tasks by navigating to the **FileSystem** > **5.Activity** > **Least Privileged Access** > **FS_LeastPrivilegedAccess** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the FS_LeastPrivilegedAccess Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/activity/leastprivilegedaccessanalysis.webp) The following analysis tasks are selected by default: -- 1. Join Activity Data to Share – Creates the SA_FS_LeastPrivilegedAccess_ActivityByShare table +- **1. Join Activity Data to Share** – Creates the SA_FS_LeastPrivilegedAccess_ActivityByShare table accessible under the job’s Results node -- 2. Get Effective Share Access for all Shares with Activity – Creates the +- **2. Get Effective Share Access for all Shares with Activity** – Creates the SA_FS_LeastPrivilegedAccess_EffectiveShareAccess table accessible under the job’s Results node -- 3. Compare Users activity to access – Creates the SA_FS_LeastPrivilegedAccess_Comparision table +- **3. Compare Users activity to access** – Creates the SA_FS_LeastPrivilegedAccess_Comparision table accessible under the job’s Results node -- 4. Summarize Comparison by Share – Creates an interim processing table in the database for use +- **4. Summarize Comparison by Share** – Creates an interim processing table in the database for use by downstream analysis and report generation -- 5. Rollup by Share - Pie Chart – Creates an interim processing table in the database for use by +- **5. Rollup by Share - Pie Chart** – Creates an interim processing table in the database for use by downstream analysis and report generation -- 6. Summarize Entitlement Usage - Enterprise Wide – Creates interim processing tables in the +- **6. Summarize Entitlement Usage - Enterprise Wide** – Creates interim processing tables in the database for use by downstream analysis and report generation -- 7. Recommend Changes to Group ACLs – Creates the SA_FS_LeastPrivilegedAccess_RecommendedChanges +- **7. Recommend Changes to Group ACLs** – Creates the SA_FS_LeastPrivilegedAccess_RecommendedChanges table accessible under the job’s Results node -- 8. Resource Based Groups – Creates the SA_FS_LeastPrivilegedAccess_ResourceGroups table +- **8. Resource Based Groups** – Creates the SA_FS_LeastPrivilegedAccess_ResourceGroups table accessible under the job’s Results node In addition to the tables and views created by the analysis tasks, the FS_LeastPrivilegedAccess job produces the following pre-configured reports: -| Report | Description | Default Tags | Report Elements | -| ------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Overprovisioning Risk by Share | This report identifies shares with the largest amount of unutilized entitlements and assigns a risk rating to each one. | GDPR SOX HIPAA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of two elements: - Pie Chart – Displays shares by overprovisioning risk - Table – Provides details on shares by overprovisioning risk | -| Overprovisioning Summary | This report shows the percentage of all entitlements which are being used. An entitlement refers to one user's access to one folder. | GDPR SOX HIPAA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of two elements: - Pie Chart – entitlements by level of usage - Table – Provides details on entitlements | -| Remediation | If all members of a group are not using their full access, then modification to group permissions on the share will be suggested here. | None | This report is comprised of one element: - Table – Provides details on recommended changes to permissions | +| Report | Description | Default Tags | Report Elements | +| ------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Overprovisioning Risk by Share | This report identifies shares with the largest amount of unutilized entitlements and assigns a risk rating to each one. | GDPR SOX HIPAA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of two elements:
  • Pie Chart – Displays shares by overprovisioning risk
  • Table – Provides details on shares by overprovisioning risk
| +| Overprovisioning Summary | This report shows the percentage of all entitlements which are being used. An entitlement refers to one user's access to one folder. | GDPR SOX HIPAA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of two elements:
  • Pie Chart – entitlements by level of usage
  • Table – Provides details on entitlements
| +| Remediation | If all members of a group are not using their full access, then modification to group permissions on the share will be suggested here. | None | This report is comprised of one element:
  • Table – Provides details on recommended changes to permissions
| + diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/activity/security/fs_adminactvity.md b/docs/accessanalyzer/11.6/solutions/filesystem/activity/security/fs_adminactvity.md index 51661ae585..dcf6863cb2 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/activity/security/fs_adminactvity.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/activity/security/fs_adminactvity.md @@ -14,32 +14,36 @@ from targeted file servers. View the analysis tasks by navigating to the **FileSystem** > **5.Activity** > **Security** > **FS_AdminActivity** > **Configure** node and select Analysis. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the FS_AdminActivity Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/activity/security/adminactivityanalysis.webp) The following analysis tasks are selected by default: -- 1. Create Admin Activity View – Creates an interim processing view in the database for use by +- **1. Create Admin Activity View** – Creates an interim processing view in the database for use by downstream analysis and report generation -- 2. Effective Access to Locations with Admin Activity – Creates an interim processing table in +- **2. Effective Access to Locations with Admin Activity** – Creates an interim processing table in the database for use by downstream analysis and report generation -- 3. Suspicious Admin Activity – Creates the SA_FS_AdminActivity_SuspiciousActivity table +- **3. Suspicious Admin Activity** – Creates the SA_FS_AdminActivity_SuspiciousActivity table accessible under the job’s Results node -- 4. Operations Overview – Creates an interim processing table in the database for use by +- **4. Operations Overview** – Creates an interim processing table in the database for use by downstream analysis and report generation -- 5. Rank admins by activity – Creates an interim processing table in the database for use by +- **5. Rank admins by activity** – Creates an interim processing table in the database for use by downstream analysis and report generation -- 6. Pivot Admin Activity for Details Report – Creates an interim processing table in the database +- **6. Pivot Admin Activity for Details Report** – Creates an interim processing table in the database for use by downstream analysis and report generation In addition to the tables and views created by the analysis tasks, the FS_AdminActivity job produces the following pre-configured reports: -| Report | Description | Default Tags | Report Elements | -| ------------------------------- | ---------------------------------------------------------------------------------------------- | ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Administrator Activity Details | This report shows the details of administrator activity on file shares. | None | This report is comprised of one element: - Table – Provides details on last 30 days of administrator activity | -| Administrator Activity Overview | This report identifies the types of actions administrators are performing across your network. | None | This report is comprised of two elements: - Pie Chart – Displays last 30 days of administrator activity - Table – Provides details on types of actions | -| Most Active Administrators | This report ranks administrators by number of shares they have activity in. | None | This report is comprised of two elements: - Bar Chart – Displays last 30 days of administrator activity - Table – Provides details on administrator activity | -| Suspicious Admin Activity | This report highlights all administrator reads in shares where they do not have access. | GDPR SOX HIPAA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of one element: - Table – Provides details on last 30 days of administrator activity | +| Report | Description | Default Tags | Report Elements | +| ------------------------------- | ---------------------------------------------------------------------------------------------- | ----------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Administrator Activity Details | This report shows the details of administrator activity on file shares. | None | This report is comprised of one element:
  • Table – Provides details on last 30 days of administrator activity
| +| Administrator Activity Overview | This report identifies the types of actions administrators are performing across your network. | None | This report is comprised of two elements:
  • Pie Chart – Displays last 30 days of administrator activity
  • Table – Provides details on types of actions
| +| Most Active Administrators | This report ranks administrators by number of shares they have activity in. | None | This report is comprised of two elements:
  • Bar Chart – Displays last 30 days of administrator activity
  • Table – Provides details on administrator activity
| +| Suspicious Admin Activity | This report highlights all administrator reads in shares where they do not have access. | GDPR SOX HIPAA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of one element:
  • Table – Provides details on last 30 days of administrator activity
| + diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/activity/security/fs_highriskactivity.md b/docs/accessanalyzer/11.6/solutions/filesystem/activity/security/fs_highriskactivity.md index dd23e57165..a146365db2 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/activity/security/fs_highriskactivity.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/activity/security/fs_highriskactivity.md @@ -14,24 +14,28 @@ targeted file servers. View the analysis tasks by navigating to the **FileSystem** > **5.Activity** > **Security** > **FS_HighRiskActivity** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the FS_HighRiskActivity Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/activity/security/highriskactivityanalysis.webp) -- 0. Drop Tables – Drops tables from previous runs -- 1. Analyze for High Risk Activity – Creates the SA_FS_HighRiskActivity_HighRiskUserActivity +- **0. Drop Tables** – Drops tables from previous runs +- **1. Analyze for High Risk Activity** – Creates the SA_FS_HighRiskActivity_HighRiskUserActivity table accessible under the job’s Results node -- 2. Pivot High Risk Activity – Creates the SA_FS_HighRiskActivity_HighRiskDetails table +- **2. Pivot High Risk Activity** – Creates the SA_FS_HighRiskActivity_HighRiskDetails table accessible under the job’s Results node -- 3. Summarize Share Activity – Creates the SA_FS_HighRiskActivity_ShareSummary table accessible +- **3. Summarize Share Activity** – Creates the SA_FS_HighRiskActivity_ShareSummary table accessible under the job’s Results node -- 4. Global User Activity – Creates an interim processing table in the database for use by +- **4. Global User Activity** – Creates an interim processing table in the database for use by downstream analysis and report generation In addition to the tables and views created by the analysis tasks, the FS_HighRiskActivity job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| High Risk Activity | High Risk Activity is any action performed by a user who has access to a particular resource only through a High Risk Trustee (for example, Everyone, Authenticated Users, or Domain Users). Unless action is taken, these users will lose access once the open access is remediated. | GDPR SOX HIPAA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of three elements: - Pie Chart – Displays last 30 days of activity - Table – Provides details on activity by user - Table – Provides details on activity by share | +| Report | Description | Default Tags | Report Elements | +| ------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| High Risk Activity | High Risk Activity is any action performed by a user who has access to a particular resource only through a High Risk Trustee (for example, Everyone, Authenticated Users, or Domain Users). Unless action is taken, these users will lose access once the open access is remediated. | GDPR SOX HIPAA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of three elements:
  • Pie Chart – Displays last 30 days of activity
  • Table – Provides details on activity by user
  • Table – Provides details on activity by share
| + diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/activity/security/fs_localuseractivity.md b/docs/accessanalyzer/11.6/solutions/filesystem/activity/security/fs_localuseractivity.md index 1ac03fb7fd..7aee6eaf08 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/activity/security/fs_localuseractivity.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/activity/security/fs_localuseractivity.md @@ -14,19 +14,23 @@ targeted file servers. View the analysis tasks by navigating to the **FileSystem** > **5.Activity** > **Security** > **FS_LocalUserActivity** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the LocalUserActivity Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/activity/security/localuseractivityanalysis.webp) -- 1. Local User Activity Details – Creates the SA_FS_LocalUserActivity_Details table accessible +- **1. Local User Activity Details** – Creates the SA_FS_LocalUserActivity_Details table accessible under the job’s Results node -- 2. Top Local User Accounts – Creates the SA_FS_LocalUserActivity_TopUsers table accessible under +- **2. Top Local User Accounts** – Creates the SA_FS_LocalUserActivity_TopUsers table accessible under the job’s Results node In addition to the tables and views created by the analysis tasks, the FS_LocalUserActivity job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ------------------- | ---------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Local User Activity | This report identifies local accounts with file system activity. | None | This report is comprised of two elements: - Bar Chart – Displays top local user account activity (last 30 days) - Table – Provides details on local user activity | +| Report | Description | Default Tags | Report Elements | +| ------------------- | ---------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Local User Activity | This report identifies local accounts with file system activity. | None | This report is comprised of two elements:
  • Bar Chart – Displays top local user account activity (last 30 days)
  • Table – Provides details on local user activity
| + diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/activity/suspiciousactivity/fs_deniedactivity.md b/docs/accessanalyzer/11.6/solutions/filesystem/activity/suspiciousactivity/fs_deniedactivity.md index 5db25241d3..afa9952ff5 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/activity/suspiciousactivity/fs_deniedactivity.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/activity/suspiciousactivity/fs_deniedactivity.md @@ -14,8 +14,11 @@ file servers. View the analysis tasks by navigating to the **FileSystem** > **5.Activity** > **Suspicious Activity** > **FS_DeniedActivity** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the FS_DeniedActivity Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/activity/suspiciousactivity/deniedactivityanalysis.webp) @@ -27,6 +30,7 @@ The following analysis tasks are selected by default: In addition to the tables and views created by the analysis task, the FS_DeniedActivity job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| --------------- | ------------------------------------------------------------------------------------ | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Denied Activity | This report highlights high periods of denied user activity during the past 30 days. | None | This report is comprised of two elements: - Bar Chart – Displays top denied periods for the last 30 days - Table – Provides details on denied activity | +| Report | Description | Default Tags | Report Elements | +| --------------- | ------------------------------------------------------------------------------------ | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Denied Activity | This report highlights high periods of denied user activity during the past 30 days. | None | This report is comprised of two elements:
  • Bar Chart – Displays top denied periods for the last 30 days
  • Table – Provides details on denied activity
| + diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/activity/suspiciousactivity/fs_highesthourlyactivity.md b/docs/accessanalyzer/11.6/solutions/filesystem/activity/suspiciousactivity/fs_highesthourlyactivity.md index 56529af26c..959d072d0e 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/activity/suspiciousactivity/fs_highesthourlyactivity.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/activity/suspiciousactivity/fs_highesthourlyactivity.md @@ -14,8 +14,11 @@ information from targeted file servers broken down by user. View the analysis tasks by navigating to the **FileSystem** > **5.Activity** > **Suspicious Activity** > **FS_HighestHourlyActivity** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the FS_HighestHourlyActivity Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/activity/suspiciousactivity/highesthourlyactivityanalysis.webp) @@ -43,6 +46,7 @@ enabling it. The following analysis task is deselected by default: In addition to the tables and views created by the analysis tasks, the FS_HighestHourlyActivity job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| --------------------- | -------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------ | -| Unusual User Activity | This report identifies user accounts and time ranges where there was the largest and widest amount of activity across the file system. | None | This report is comprised of two elements: - Bar Chart – Displays abnormal user activity - Table – Provides details on hourly user activity | +| Report | Description | Default Tags | Report Elements | +| --------------------- | -------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Unusual User Activity | This report identifies user accounts and time ranges where there was the largest and widest amount of activity across the file system. | None | This report is comprised of two elements:
  • Bar Chart – Displays abnormal user activity
  • Table – Provides details on hourly user activity
| + diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/activity/suspiciousactivity/fs_hourlyshareactivity.md b/docs/accessanalyzer/11.6/solutions/filesystem/activity/suspiciousactivity/fs_hourlyshareactivity.md index 529b033e06..3c3d8ae700 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/activity/suspiciousactivity/fs_hourlyshareactivity.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/activity/suspiciousactivity/fs_hourlyshareactivity.md @@ -14,8 +14,11 @@ information from targeted file servers broken down by share. View the analysis tasks by navigating to the **FileSystem** > **5.Activity** > **Suspicious Activity** > **FS_HourlyShareActivity** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the FS_HourlyShareActivity Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/activity/suspiciousactivity/hourlyshareactivityanalysis.webp) @@ -27,6 +30,7 @@ The following analysis task is selected by default: In addition to the tables and views created by the analysis task, the FS_HourlyShareActivity job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ---------------------- | ------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------- | -| Unusual Share Activity | This report will show any outliers in hourly share activity, broken down by day of week and hour. | None | This report is comprised of two elements: - Bar Chart – Displays abnormal share activity - Table – Provides details on share activity | +| Report | Description | Default Tags | Report Elements | +| ---------------------- | ------------------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Unusual Share Activity | This report will show any outliers in hourly share activity, broken down by day of week and hour. | None | This report is comprised of two elements:
  • Bar Chart – Displays abnormal share activity
  • Table – Provides details on share activity
| + diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/activity/suspiciousactivity/fs_modifiedbinaries.md b/docs/accessanalyzer/11.6/solutions/filesystem/activity/suspiciousactivity/fs_modifiedbinaries.md index 0e7707d1b2..9447a80ea1 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/activity/suspiciousactivity/fs_modifiedbinaries.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/activity/suspiciousactivity/fs_modifiedbinaries.md @@ -14,8 +14,11 @@ modified from targeted file servers. View the analysis tasks by navigating to the **FileSystem** > **5.Activity** > **Suspicious Activity** > **FS_ModifiedBinaries** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the FS_ModifiedBinaries Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/activity/suspiciousactivity/modifiedbinariesanalysis.webp) @@ -30,6 +33,7 @@ The following analysis task is selected by default: In addition to the tables and views created by the analysis task, the FS_ModifiedBinaries job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ------------------------------- | ---------------------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------- | -| First Time Binary Modifications | This report highlights recent instances where users have modified binaries for the first time. | None | This report is comprised of two elements: - Bar Chart – Displays first time binary modifications by host - Table – Provides details on modified binaries | +| Report | Description | Default Tags | Report Elements | +| ------------------------------- | ---------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| First Time Binary Modifications | This report highlights recent instances where users have modified binaries for the first time. | None | This report is comprised of two elements:
  • Bar Chart – Displays first time binary modifications by host
  • Table – Provides details on modified binaries
| + diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/activity/suspiciousactivity/fs_peergroupactivity.md b/docs/accessanalyzer/11.6/solutions/filesystem/activity/suspiciousactivity/fs_peergroupactivity.md index afc4fede54..f1a9d361a2 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/activity/suspiciousactivity/fs_peergroupactivity.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/activity/suspiciousactivity/fs_peergroupactivity.md @@ -14,8 +14,11 @@ peer group analysis from targeted file servers. View the analysis tasks by navigating to the **FileSystem** > **5.Activity** > **Suspicious Activity** > **FS_PeerGroupActivity** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the FS_PeerGroupActivity Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/activity/suspiciousactivity/peergroupactivityanalysis.webp) @@ -25,6 +28,7 @@ preconfigured for this job. In addition to the tables and views created by the analysis tasks, the FS_PeerGroupActivity job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| --------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------ | --------------------------------------------------------------------------------------------------- | -| Unusual Peer Group Activity | This report highlights unusual periods of activity based on peer group analysis. When a user accesses an abnormal amount of data from outside of their own department, the failure of separation of duties can indicate a security threat. | None | This report is comprised of one element: - Table – Provides details on abnormal peer group activity | +| Report | Description | Default Tags | Report Elements | +| --------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------ | ------------------------------------------------------------------------------------------------------------------- | +| Unusual Peer Group Activity | This report highlights unusual periods of activity based on peer group analysis. When a user accesses an abnormal amount of data from outside of their own department, the failure of separation of duties can indicate a security threat. | None | This report is comprised of one element:
  • Table – Provides details on abnormal peer group activity
| + diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/activity/suspiciousactivity/fs_ransomware.md b/docs/accessanalyzer/11.6/solutions/filesystem/activity/suspiciousactivity/fs_ransomware.md index 84ee89e2b2..57e71da5c7 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/activity/suspiciousactivity/fs_ransomware.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/activity/suspiciousactivity/fs_ransomware.md @@ -16,8 +16,11 @@ activity involving files which are known as ransomware artifacts is highlighted. View the analysis tasks by navigating to the **FileSystem** > **5.Activity** > **Suspicious Activity** > **FS_Ransomware** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the FS_Ransomeware Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/activity/suspiciousactivity/ransomewareanalysis.webp) @@ -34,7 +37,8 @@ The following analysis tasks are selected by default: In addition to the tables and views created by the analysis tasks, the FS_Ransomware job produces the following pre-configured reports: -| Report | Description | Default Tags | Report Elements | -| ----------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Ransomware Activity | This report summarizes Add or Rename activity involving known ransomware artifacts. | None | This report is comprised of three elements: - Bar Chart – Displays top ransomware patterns - Table – Provides details on ransomware activity - Table – Provides summary of ransomware by pattern | -| Unusual Write Activity (Ransomware) | This report highlights periods of abnormally high update activity involving shared resources. This can be indicative of ransomware attacks. | None | This report is comprised of two elements: - Bar Chart – Displays abnormal update activity - Table – Provides details on abnormal update activity | +| Report | Description | Default Tags | Report Elements | +| ----------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Ransomware Activity | This report summarizes Add or Rename activity involving known ransomware artifacts. | None | This report is comprised of three elements:
  • Bar Chart – Displays top ransomware patterns
  • Table – Provides details on ransomware activity
  • Table – Provides summary of ransomware by pattern
| +| Unusual Write Activity (Ransomware) | This report highlights periods of abnormally high update activity involving shared resources. This can be indicative of ransomware attacks. | None | This report is comprised of two elements:
  • Bar Chart – Displays abnormal update activity
  • Table – Provides details on abnormal update activity
| + diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/activity/suspiciousactivity/fs_sensitivedataactivity.md b/docs/accessanalyzer/11.6/solutions/filesystem/activity/suspiciousactivity/fs_sensitivedataactivity.md index e64a53fdae..c77a0379a0 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/activity/suspiciousactivity/fs_sensitivedataactivity.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/activity/suspiciousactivity/fs_sensitivedataactivity.md @@ -14,8 +14,11 @@ identified to contain sensitive information from targeted file servers. View the analysis tasks by navigating to the **FileSystem** > **5.Activity** > **Suspicious Activity** > **FS_SensitiveDataActivity** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the FS_SensitiveDataActivity Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/activity/suspiciousactivity/sensitivedataactivityanalysis.webp) @@ -27,6 +30,7 @@ The following analysis tasks are selected by default: In addition to the tables and views created by the analysis task, the FS_SensitiveDataActivity job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ---------------------------- | ------------------------------------------------------------------------------------ | ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------- | -| User Sensitive Data Activity | This report highlights periods of abnormally high activity involving sensitive data. | GDPR SOX HIPAA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of two elements: - Bar Chart – Displays abnormal sensitive data activity - Table – Provides details on sensitive data activity | +| Report | Description | Default Tags | Report Elements | +| ---------------------------- | ------------------------------------------------------------------------------------ | ----------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| User Sensitive Data Activity | This report highlights periods of abnormally high activity involving sensitive data. | GDPR SOX HIPAA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of two elements:
  • Bar Chart – Displays abnormal sensitive data activity
  • Table – Provides details on sensitive data activity
| + diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/activity/suspiciousactivity/fs_stalefileactivity.md b/docs/accessanalyzer/11.6/solutions/filesystem/activity/suspiciousactivity/fs_stalefileactivity.md index e012a0f387..7a64090a10 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/activity/suspiciousactivity/fs_stalefileactivity.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/activity/suspiciousactivity/fs_stalefileactivity.md @@ -14,8 +14,11 @@ stale files from targeted file servers. View the analysis tasks by navigating to the **FileSystem** > **5.Activity** > **Suspicious Activity** > **FS_StaleFileActivity** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the FS_StaleFileActivity Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/activity/suspiciousactivity/stalefileactivityanalysis.webp) @@ -25,6 +28,7 @@ preconfigured for this job. In addition to the tables and views created by the analysis task, the FS_StaleFileActivity job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ------------------------ | -------------------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------- | -| User Stale File Activity | This report highlights periods of abnormally high activity involving stale shared resources. | None | This report is comprised of two elements: - Bar Chart – Displays abnormal stale file activity - Table – Provides details on abnormal stale file activity | +| Report | Description | Default Tags | Report Elements | +| ------------------------ | -------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| User Stale File Activity | This report highlights periods of abnormally high activity involving stale shared resources. | None | This report is comprised of two elements:
  • Bar Chart – Displays abnormal stale file activity
  • Table – Provides details on abnormal stale file activity
| + diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/activity/suspiciousactivity/fs_usershareactivity.md b/docs/accessanalyzer/11.6/solutions/filesystem/activity/suspiciousactivity/fs_usershareactivity.md index 8502fe2b83..12887c3078 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/activity/suspiciousactivity/fs_usershareactivity.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/activity/suspiciousactivity/fs_usershareactivity.md @@ -14,8 +14,11 @@ targeted file servers. View the analysis tasks by navigating to the **FileSystem** > **5.Activity** > **Suspicious Activity** > **FS_UserShareActivity** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the FS_UserShareActivity Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/activity/suspiciousactivity/usershareactivityanalysis.webp) @@ -29,7 +32,8 @@ preconfigured for this job. In addition to the tables and views created by the analysis tasks, the FS_UserShareActivity job produces the following pre-configured reports: -| Report | Description | Default Tags | Report Elements | -| --------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| First Time Share Activity by User | This report shows the last date that a user accessed a share, ordered by the oldest activity. This lack of access may indicate unused permissions. | None | This report is comprised of two elements: - Bar Chart – Displays shares with new users accessing data - past 7 days - Table – Provides details on first time share access | -| Longest Inactivity | This report shows which users have returned to a share after the longest periods of inactivity. | None | This report is comprised of one element: - Table – Provides details on user share activity | +| Report | Description | Default Tags | Report Elements | +| --------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| First Time Share Activity by User | This report shows the last date that a user accessed a share, ordered by the oldest activity. This lack of access may indicate unused permissions. | None | This report is comprised of two elements:
  • Bar Chart – Displays shares with new users accessing data
  • past 7 days
  • Table – Provides details on first time share access
| +| Longest Inactivity | This report shows which users have returned to a share after the longest periods of inactivity. | None | This report is comprised of one element:
  • Table – Provides details on user share activity
| + diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/activity/suspiciousactivity/fs_weekendactivity.md b/docs/accessanalyzer/11.6/solutions/filesystem/activity/suspiciousactivity/fs_weekendactivity.md index 10a7188373..ad8524e588 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/activity/suspiciousactivity/fs_weekendactivity.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/activity/suspiciousactivity/fs_weekendactivity.md @@ -16,8 +16,11 @@ activity for potential security concerns. View the analysis tasks by navigating to the **FileSystem** > **5.Activity** > **Suspicious Activity** > **FS_WeekendActivity** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the FS_WeekendActivity Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/activity/suspiciousactivity/weekendactivityanalysis.webp) @@ -31,6 +34,7 @@ The following analysis tasks are selected by default: In addition to the tables and views created by the analysis tasks, the FS_WeekendActivity job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ----------------------------------------------- | ------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Weekend Activity (Most Active Users on Weekend) | This report shows users who are active on the weekend inside file shares. | None | This report is comprised of two elements: - Bar Chart – Displays weekend share activity - top 5 users - Table – Provides details on weekend share activity by user | +| Report | Description | Default Tags | Report Elements | +| ----------------------------------------------- | ------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Weekend Activity (Most Active Users on Weekend) | This report shows users who are active on the weekend inside file shares. | None | This report is comprised of two elements:
  • Bar Chart – Displays weekend share activity
  • top 5 users
  • Table – Provides details on weekend share activity by user
| + diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/activity/usagestatistics/fs_groupusage.md b/docs/accessanalyzer/11.6/solutions/filesystem/activity/usagestatistics/fs_groupusage.md index 40b79d0f33..7b06d3d65d 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/activity/usagestatistics/fs_groupusage.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/activity/usagestatistics/fs_groupusage.md @@ -13,14 +13,17 @@ The FS_GroupUsage job is designed to report on group usage from targeted file se View the analysis tasks by navigating to the **FileSystem** > **5.Activity** > **Usage Statistics** > **FS_GroupUsage** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the FS_GroupUsage Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/activity/usagestatistics/groupusageanalysis.webp) The following analysis task is selected by default: -- 1. Identify Last Time a Group was used for Access +- **1. Identify Last Time a Group was used for Access** - Creates an interim processing table in the database for use by downstream analysis and report generation @@ -29,6 +32,7 @@ The following analysis task is selected by default: In addition to the tables and views created by the analysis task, the FS_GroupUsage job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ------------ | ------------------------------------------------------------------------------------------------ | ------------ | ------------------------------------------------------------------------------------------------------------------------------ | -| Stale Groups | This report identifies the last possible time a group was used for providing file system access. | None | This report is comprised of two elements: - Bar Chart – Displays top unused groups - Table – Provides details on unused groups | +| Report | Description | Default Tags | Report Elements | +| ------------ | ------------------------------------------------------------------------------------------------ | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------- | +| Stale Groups | This report identifies the last possible time a group was used for providing file system access. | None | This report is comprised of two elements:
  • Bar Chart – Displays top unused groups
  • Table – Provides details on unused groups
| + diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/activity/usagestatistics/fs_mostactiveservers.md b/docs/accessanalyzer/11.6/solutions/filesystem/activity/usagestatistics/fs_mostactiveservers.md index d0b944d9fa..81f3c55106 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/activity/usagestatistics/fs_mostactiveservers.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/activity/usagestatistics/fs_mostactiveservers.md @@ -13,8 +13,11 @@ The FS_MostActiveServers job is designed to report on the most active servers wi View the analysis tasks by navigating to the **FileSystem** > **5.Activity** > **Usage Statistics** > **FS_MostActiveServers** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Task for the FS_MostActiveServers Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/activity/usagestatistics/mostactiveserversanalysis.webp) @@ -26,6 +29,7 @@ The following analysis task is selected by default: In addition to the table and views created by the analysis task, the FS_MostActiveServers job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ---------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------ | -------------------------------------------------------------------------------------------------------------------------------------- | -| Most Active Servers – Last 30 Days | This report identifies the top servers for the past 30 days. [Read], [Add], [Update], [Delete], [Permission Change], [Rename] fields reflect the number of unique operations of each type that was performed in that server for this time frame. Unique Folders are the number of distinct folders that have had activity during the time frame. | None | This report is comprised of two elements: - Bar Chart – Displays most active servers - Table – Provides details on most active servers | +| Report | Description | Default Tags | Report Elements | +| ---------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Most Active Servers – Last 30 Days | This report identifies the top servers for the past 30 days. [Read], [Add], [Update], [Delete], [Permission Change], [Rename] fields reflect the number of unique operations of each type that was performed in that server for this time frame. Unique Folders are the number of distinct folders that have had activity during the time frame. | None | This report is comprised of two elements:
  • Bar Chart – Displays most active servers
  • Table – Provides details on most active servers
| + diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/activity/usagestatistics/fs_mostactiveusers.md b/docs/accessanalyzer/11.6/solutions/filesystem/activity/usagestatistics/fs_mostactiveusers.md index 2b27c15dac..7aa4fd9ff4 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/activity/usagestatistics/fs_mostactiveusers.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/activity/usagestatistics/fs_mostactiveusers.md @@ -13,8 +13,11 @@ The FS_MostActiveUsers job is designed to report on the most active users within View the analysis tasks by navigating to the **FileSystem** > **5.Activity** > **Usage Statistics** > **FS_MostActiveUsers** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the FS_MostActiveUsers Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/activity/usagestatistics/mostactiveusersanalysis.webp) @@ -26,6 +29,7 @@ The following analysis task is selected by default: In addition to the tables and views created by the analysis task, the FS_MostActiveUsers job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------- | -| Most Active Users – Last 30 Days | This report identifies the top users for the past 30 days. [Read], [Add], [Update], [Delete], [Permission Change], [Rename] fields reflect the number of unique operations of each type that was performed by the user for this time frame. Unique Folders are the number of distinct folders that have had activity during the time frame. | None | This report is comprised of two elements: - Bar Chart – Displays top users by operation count - Table – Provides details on the most active users | +| Report | Description | Default Tags | Report Elements | +| -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Most Active Users – Last 30 Days | This report identifies the top users for the past 30 days. [Read], [Add], [Update], [Delete], [Permission Change], [Rename] fields reflect the number of unique operations of each type that was performed by the user for this time frame. Unique Folders are the number of distinct folders that have had activity during the time frame. | None | This report is comprised of two elements:
  • Bar Chart – Displays top users by operation count
  • Table – Provides details on the most active users
| + diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/activity/usagestatistics/fs_staleshares.md b/docs/accessanalyzer/11.6/solutions/filesystem/activity/usagestatistics/fs_staleshares.md index c390245b4e..f7bcc89293 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/activity/usagestatistics/fs_staleshares.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/activity/usagestatistics/fs_staleshares.md @@ -13,25 +13,29 @@ The FS_StaleShares job is designed to report on stale shares from targeted file View the analysis tasks by navigating to the **FileSystem** > **5.Activity** > **Usage Statistics** > **FS_StaleShares** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the FS_StaleShares Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/activity/usagestatistics/stalesharesanalysis.webp) The following analysis tasks are selected by default: -- 1. Find Date of last Activity +- **1. Find Date of last Activity** - Creates an interim processing table in the database for use by downstream analysis and report generation - Creates the SA_FS_StaleShares_LastActivityPivot view accessible under the job’s Results node -- 2. Find Shares with no Recorded Activity – Creates the SA_FS_StaleShares_NoRecordedActivity +- **2. Find Shares with no Recorded Activity** – Creates the SA_FS_StaleShares_NoRecordedActivity table accessible under the job’s Results node In addition to the tables and views created by the analysis tasks, the FS_StaleShares job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ------------ | ------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------ | -| Stale Shares | This report identifies the last date there was activity on a share. | None | This report is comprised of two elements: - Bar Chart – Displays top 5 stale shares - Table – Provides details on stale shares | +| Report | Description | Default Tags | Report Elements | +| ------------ | ------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------- | +| Stale Shares | This report identifies the last date there was activity on a share. | None | This report is comprised of two elements:
  • Bar Chart – Displays top 5 stale shares
  • Table – Provides details on stale shares
| + diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/adhocaudits/fs_shareaudit.md b/docs/accessanalyzer/11.6/solutions/filesystem/adhocaudits/fs_shareaudit.md index b4718c6f90..a145b3f4f4 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/adhocaudits/fs_shareaudit.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/adhocaudits/fs_shareaudit.md @@ -14,14 +14,17 @@ input. View the analysis tasks by navigating to the FileSystem > Ad Hoc Audits > FS_ShareAudit > Configure node and select Analysis. -**CAUTION:** Do not modify or deselect the last three selected analysis tasks. The analysis tasks +:::warning +Do not modify or deselect the last three selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/adhocaudits/shareauditanalysis.webp) The following analysis tasks are selected by default: -- 1. Identify Selected Shares – Creates the SA_FS_ShareAudit_ShareSummary table accessible under +- **1. Identify Selected Shares** – Creates the SA_FS_ShareAudit_ShareSummary table accessible under the job’s Results node - Parameter is blank by default. - #UNC parameter must be configured by clicking Analysis Configuration with this task selected @@ -32,11 +35,11 @@ The following analysis tasks are selected by default: [SQLscripting Analysis Module](/docs/accessanalyzer/11.6/admin/analysis/sqlscripting.md) section for additional information. - List one shared folder per row, using the format: \\HOST\SHARE. -- 2. Direct Permissions – Creates the SA_FS_ShareAudit_DirectPermissions table accessible under +- **2. Direct Permissions** – Creates the SA_FS_ShareAudit_DirectPermissions table accessible under the job’s Results node -- 3. Calculate Effective Access – Creates the SA_FS_ShareAudit_ShareAccess table accessible under +- **3. Calculate Effective Access** – Creates the SA_FS_ShareAudit_ShareAccess table accessible under the job’s Results node -- 4. Identify Broken Inheritance +- **4. Identify Broken Inheritance** - Creates a temporary table in the database for use by downstream analysis and report generation. - Creates the SA_FS_ShareAudit_UniqueTrustees table accessible under the job’s Results node. @@ -44,6 +47,7 @@ The following analysis tasks are selected by default: In addition to the tables and views created by the analysis tasks, the FS_ShareAudit Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ----------- | -------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Share Audit | This report displays permission information for the selected shares. | None | This report is comprised of four elements: - Table – Provides details on selected shares - Table – Provides details on permissions - Table – Provides details on effective access - Table – Provides details on broken inheritance | +| Report | Description | Default Tags | Report Elements | +| ----------- | -------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Share Audit | This report displays permission information for the selected shares. | None | This report is comprised of four elements:
  • Table – Provides details on selected shares
  • Table – Provides details on permissions
  • Table – Provides details on effective access
  • Table – Provides details on broken inheritance
| + diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/adhocaudits/fs_trusteepermissions.md b/docs/accessanalyzer/11.6/solutions/filesystem/adhocaudits/fs_trusteepermissions.md index ba3261733b..a113d887fe 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/adhocaudits/fs_trusteepermissions.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/adhocaudits/fs_trusteepermissions.md @@ -14,25 +14,29 @@ user input. View the analysis tasks by navigating to the FileSystem > Ad Hoc Audits > FS_TrusteePermissions > Configure node and select Analysis. -**CAUTION:** Do not modify or deselect the second selected analysis task. The analysis task is +:::warning +Do not modify or deselect the second selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/adhocaudits/trusteepermissionsanalysis.webp) The following analysis tasks are selected by default: -- 1. Find Trustee Information – Creates the SA_FS_TrusteePermissions_TrusteeSummary table +- **1. Find Trustee Information** – Creates the SA_FS_TrusteePermissions_TrusteeSummary table accessible under the job’s Results node. - Parameter is blank by default. - `#Trustees` parameter must be configured using the Edit Table option. - List one trustee per row, using the format: DOMAIN\Name. - See the Customize Analysis Parameters topic for additional information. -- 2. Find Permission Source – Creates the SA_FS_ShareAudit_TrusteePermissions table accessible +- **2. Find Permission Source** – Creates the SA_FS_ShareAudit_TrusteePermissions table accessible under the job’s Results node. In addition to the tables and views created by the analysis tasks, the FS_TrusteePermissions Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ------------------------- | ------------------------------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------- | -| Trustee Permissions Audit | This report provides an overview of the access sprawl across the environment for the select trustee(s). | None | This report is comprised of two elements: - Bar Chart – Displays summary of trustees - Table – Provides details on trustee permissions | +| Report | Description | Default Tags | Report Elements | +| ------------------------- | ------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Trustee Permissions Audit | This report provides an overview of the access sprawl across the environment for the select trustee(s). | None | This report is comprised of two elements:
  • Bar Chart – Displays summary of trustees
  • Table – Provides details on trustee permissions
| + diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/adhocaudits/overview.md b/docs/accessanalyzer/11.6/solutions/filesystem/adhocaudits/overview.md index 5e874a8b98..80e0fb414a 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/adhocaudits/overview.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/adhocaudits/overview.md @@ -12,7 +12,10 @@ by the user from targeted file servers. The Ad Hoc Audits Job Group tables and reports are blank if the CSV file is not modified to contain the required information before job execution. -**_RECOMMENDED:_** Run these jobs independently of the solution. +:::info +Run these jobs independently of the solution. +::: + ![Ad Hoc Audits Job Group](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/adhocaudits/jobstree.webp) diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/delete/fs_deletefiles.md b/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/delete/fs_deletefiles.md index 5986e20d72..f634b60ff2 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/delete/fs_deletefiles.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/delete/fs_deletefiles.md @@ -29,8 +29,11 @@ topic for additional information. Navigate to the **FileSystem** > **Cleanup** > **4. Delete** > **FS_DeleteFiles** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the FS_DeleteFiles Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/cleanup/delete/deletefilesanalysis.webp) @@ -60,8 +63,11 @@ topic for instructions to modify parameters. Navigate to the **FileSystem** > **Cleanup** > **4. Delete** > **FS_DeleteFiles** > **Configure** node and select **Actions** to view the action tasks. -**CAUTION:** Do not enable the action unless it is required. Disable the action after execution to +:::warning +Do not enable the action unless it is required. Disable the action after execution to prevent making unintended and potentially harmful changes to Active Directory. +::: + ![Action Tasks for the FS_DeleteFiles Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/cleanup/delete/deletefilesaction.webp) diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/delete/fs_deletefiles_status.md b/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/delete/fs_deletefiles_status.md index 2e8a75471f..5b69bcd254 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/delete/fs_deletefiles_status.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/delete/fs_deletefiles_status.md @@ -16,8 +16,11 @@ for additional information. Navigate to the **FileSystem** > **Cleanup** > **4. Delete** > **FS_DeleteFiles_Status** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the FS_DeleteFiles_Status Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/cleanup/delete/deletefilesstatusanalysis.webp) @@ -29,6 +32,7 @@ The following analysis task is selected by default: In addition to the tables and views created by the analysis tasks, the FS_DeleteFiles_Status job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| -------------- | ------------------------------------------------------------------------------------ | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------- | -| File Deletions | This report summarizes file deletions which have occurred during the Cleanup process | None | This report is comprised of two elements: - Line Chart – Displays the historical summary of file deletions - Table – provides details on file deletions | +| Report | Description | Default Tags | Report Elements | +| -------------- | ------------------------------------------------------------------------------------ | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| File Deletions | This report summarizes file deletions which have occurred during the Cleanup process | None | This report is comprised of two elements:
  • Line Chart – Displays the historical summary of file deletions
  • Table – provides details on file deletions
| + diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/delete/overview.md b/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/delete/overview.md index 5543f62752..985c65bdd9 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/delete/overview.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/delete/overview.md @@ -20,7 +20,7 @@ This job group includes the following jobs: – Designed to report on deleted resources from targeted file servers that were deleted from the DeleteFiles job -Workflow +**Workflow** The following is the recommended workflow for using the job group: diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/fs_cleanupassessment.md b/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/fs_cleanupassessment.md index 62f21ddb45..038ad9e04b 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/fs_cleanupassessment.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/fs_cleanupassessment.md @@ -19,7 +19,7 @@ for additional information. The FS_CleanupAssessment job is located in the 1. Cleanup Assessment job group. -Workflow +**Workflow** The following is the recommended workflow for using the job group: @@ -57,8 +57,11 @@ topic for additional information. Navigate to the **FileSystem** > **Cleanup** > **1. Cleanup Assessment** > **FS_CleanupAssessment** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the FS_CleanupAssessment Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/cleanup/cleanupassessmentanalysis.webp) @@ -88,11 +91,12 @@ The following analysis tasks are selected by default: In addition to the tables and views created by the analysis tasks, the FS_CleanupAssessment job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ---------------------------- | ------------------------------------------------------ | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------- | -| File System Cleanup - Files | This report highlights file-level cleanup information | None | This report is comprised of two elements: - Pie Chart – Displays enterprise stale file breakdown - Table – Provides details on files | -| File System Cleanup - Hosts | This report highlights host-level cleanup information | None | This report is comprised of two elements: - Stacked Chart – Displays top hosts by stale file percentage - Table – Provides details on hosts | -| File System Cleanup - Shares | This report highlights share-level cleanup information | None | This report is comprised of two elements: - Stacked Chart – Displays top shares by stale file percentage - Table – Provides details on shares | +| Report | Description | Default Tags | Report Elements | +| -------------------------------------------- | ------------------------------------------------------ | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| File System Cleanup
  • Files
| This report highlights file-level cleanup information | None | This report is comprised of two elements:
  • Pie Chart – Displays enterprise stale file breakdown
  • Table – Provides details on files
| +| File System Cleanup
  • Hosts
| This report highlights host-level cleanup information | None | This report is comprised of two elements:
  • Stacked Chart – Displays top hosts by stale file percentage
  • Table – Provides details on hosts
| +| File System Cleanup
  • Shares
| This report highlights share-level cleanup information | None | This report is comprised of two elements:
  • Stacked Chart – Displays top shares by stale file percentage
  • Table – Provides details on shares
| + ### Customizable Analysis Tasks for the FS_CleanupAssessment Job @@ -134,8 +138,11 @@ Data Collector Wizard opens. **Step 5 –** On the File Details tab, select the **Scan file-level details** option, and then select the **Collect tags/keywords from file metadata properties** option. -**CAUTION:** Do not make changes to other wizard pages as they have been pre-configured for the +:::warning +Do not make changes to other wizard pages as they have been pre-configured for the purpose of this job. +::: + **Step 6 –** Navigate to the **Scoping Queries** page of the File System Access Auditor Data Collector Wizard and click Finish to save the changes and close the wizard. diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/fs_cleanupprogress.md b/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/fs_cleanupprogress.md index b9b045822e..aa30688a1e 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/fs_cleanupprogress.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/fs_cleanupprogress.md @@ -14,8 +14,11 @@ of storage reclaimed on each host. Navigate to the **FileSystem** > **Cleanup** > **FS_CleanupProgress** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the FS_CleanupProgress Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/cleanup/cleanupprogressanalysis.webp) @@ -27,6 +30,7 @@ The following analysis tasks are selected by default: In addition to the tables and views created by the analysis tasks, the FS_CleanupProgress job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ---------------- | --------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------- | -| Cleanup Progress | This report gives a high-level overview of an organization's cleanup effort | None | This report is comprised of two elements: - Bar Chart – Displays the host summary of cleanup progress - Table – provides details on cleanup progress | +| Report | Description | Default Tags | Report Elements | +| ---------------- | --------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Cleanup Progress | This report gives a high-level overview of an organization's cleanup effort | None | This report is comprised of two elements:
  • Bar Chart – Displays the host summary of cleanup progress
  • Table – provides details on cleanup progress
| + diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/notify/fs_notifyowners.md b/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/notify/fs_notifyowners.md index 6fb78af499..12df998037 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/notify/fs_notifyowners.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/notify/fs_notifyowners.md @@ -15,8 +15,11 @@ contact owners of shares containing data for which cleanup is pending. Navigate to the **FileSystem** > **Cleanup** > **2. Notify** > **FS_NotifyOwners** > **Configure** node and select **Actions** to view the action tasks. -**CAUTION:** Do not enable the action unless it is required. Disable the action after execution to +:::warning +Do not enable the action unless it is required. Disable the action after execution to prevent making unintended and potentially harmful changes to Active Directory. +::: + ![Action Tasks for the FS_NotifyOwners Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/cleanup/notify/notifyownersaction.webp) @@ -44,8 +47,11 @@ Properties** to view the Action Properties page. **Step 3 –** Click **Configure Action** to open the Send Mail Action Module Wizard. -_Remember,_ the FS_CleanupAssessment job must be run before the Send Mail Action Module Wizard can +:::tip +Remember, the FS_CleanupAssessment job must be run before the Send Mail Action Module Wizard can be opened. +::: + ![Send Mail Action Module Wizard Properties page](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/cleanup/notify/sendmailwizardproperties.webp) @@ -53,8 +59,11 @@ be opened. - Carbon copy (CC) – Add the recipient emails within this field - **NOTE:** Email recipients may also be added within the Notification node under the Global + :::note + Email recipients may also be added within the Notification node under the Global Settings pane. + ::: + ![Send Mail Action Module Wizard Message page](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/cleanup/notify/sendmailwizardmessage.webp) diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/notify/fs_notifyowners_status.md b/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/notify/fs_notifyowners_status.md index 64d74044f5..de6d75dcbf 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/notify/fs_notifyowners_status.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/notify/fs_notifyowners_status.md @@ -16,8 +16,11 @@ for additional information. Navigate to the **FileSystem** > **Cleanup** > **2. Notify** > **FS_NotifyOwners_Status** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the FS_NotifyOwners_Status Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/cleanup/notify/notifyownersstatusanalysis.webp) @@ -29,6 +32,7 @@ The following analysis tasks are selected by default: In addition to the tables and views created by the analysis tasks, the FS_NotifyOwners_Status job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ----------------------------------------------- | ---------------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Owner Notifications (Share Owner Notifications) | This report summarizes share owner notifications which have occurred during the Cleanup effort | None | This report is comprised of two elements: - Line Chart – Displays the historical summary of notify share owners - Table – provides details on notify share owners | +| Report | Description | Default Tags | Report Elements | +| ----------------------------------------------- | ---------------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Owner Notifications (Share Owner Notifications) | This report summarizes share owner notifications which have occurred during the Cleanup effort | None | This report is comprised of two elements:
  • Line Chart – Displays the historical summary of notify share owners
  • Table – provides details on notify share owners
| + diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/notify/overview.md b/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/notify/overview.md index 1db6a40a93..9fc0db7b92 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/notify/overview.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/notify/overview.md @@ -9,10 +9,13 @@ sidebar_position: 20 The 2. Notify job group is designed to report on and notify owners of resources of target file servers that data is pending cleanup. -**NOTE:** The SendMail action module requires configuration of the Notification Settings in the +:::note +The SendMail action module requires configuration of the Notification Settings in the Global Settings. See the [Notification](/docs/accessanalyzer/11.6/admin/settings/notification.md) topic for additional information. +::: + ![2. Notify Job Group in the Jobs Tree](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/cleanup/notify/jobstree.webp) @@ -23,7 +26,7 @@ This job group includes the following jobs: - [FS_NotifyOwners_Status Job](/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/notify/fs_notifyowners_status.md) – Designed to summarize the actions taken by the NotifyOwners job -Workflow +**Workflow** The following is the recommended workflow for using the job group: diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/overview.md b/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/overview.md index 83f9e5fa11..ab4c4c061c 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/overview.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/overview.md @@ -11,8 +11,11 @@ servers that can be cleaned up. Use this job group to assess and remediate stale the data collected by the **0.Collection** job group. The Cleanup job group runs independently from the rest of the File System solution. -**NOTE:** The Cleanup job group requires additional licenses to function. For information, contact +:::note +The Cleanup job group requires additional licenses to function. For information, contact your Netwrix representative. +::: + ![Cleanup Job Group in the Jobs Tree](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/cleanup/jobstree.webp) @@ -44,7 +47,7 @@ topic for additional information. The Cleanup job group has the following recommended configuration settings. -Dependencies +**Dependencies** The Cleanup job group has the following prerequisites: @@ -63,10 +66,10 @@ The Cleanup job group has the following prerequisites: Individual jobs and job groups within the Cleanup job group may have their own prerequisites and dependencies. See the relevant topic for the job or job group for information about these. -Target Host +**Target Host** This job group does not collect data. No target host is required. -Schedule Frequency +**Schedule Frequency** This job group can be scheduled to run as desired. diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/quarantine/fs_quarantinedata.md b/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/quarantine/fs_quarantinedata.md index abc8b0fdc3..7fdbb69798 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/quarantine/fs_quarantinedata.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/quarantine/fs_quarantinedata.md @@ -13,10 +13,16 @@ The FS_QuarantineData job is designed to quarantine files subject to be cleaned Navigate to the **FileSystem** > **Cleanup** > **3. Quarantine** > **FS_QuarantineData** > **Configure** node and select **Actions** to view the action tasks. -**CAUTION:** Do not enable the actions unless they are required. Disable the actions after execution +:::warning +Do not enable the actions unless they are required. Disable the actions after execution to prevent making unintended and potentially harmful changes to Active Directory. +::: + + +:::warning +Do not modify the action tasks. The action tasks are preconfigured for this job. +::: -**CAUTION:** Do not modify the action tasks. The action tasks are preconfigured for this job. ![Action Tasks for the FS_QuarantineData Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/cleanup/quarantine/quarantinedataactions.webp) diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/quarantine/fs_quarantinedata_status.md b/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/quarantine/fs_quarantinedata_status.md index 007299ccc3..407a791cd5 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/quarantine/fs_quarantinedata_status.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/quarantine/fs_quarantinedata_status.md @@ -15,8 +15,11 @@ for additional information. Navigate to the **FileSystem** > **Cleanup** > **3. Quarantine** > **FS_QuarantineData_Status** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the FS_QuarantineData_Status Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/cleanup/quarantine/quarantinedatastatusanalysis.webp) @@ -28,6 +31,7 @@ The following analysis task is selected by default: In addition to the tables and views created by the analysis tasks, the FS_QuarantineData_Status job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ----------------- | -------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| File Quarantining | This report summarizes file quarantining which has occurred during the Cleanup process | None | This report is comprised of two elements: - Line Chart – Displays the historical summary of file quarantining - Table – provides details on file quarantining | +| Report | Description | Default Tags | Report Elements | +| ----------------- | -------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| File Quarantining | This report summarizes file quarantining which has occurred during the Cleanup process | None | This report is comprised of two elements:
  • Line Chart – Displays the historical summary of file quarantining
  • Table – provides details on file quarantining
| + diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/quarantine/fs_restoreinheritance.md b/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/quarantine/fs_restoreinheritance.md index 8a3687ac7f..0888c48121 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/quarantine/fs_restoreinheritance.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/quarantine/fs_restoreinheritance.md @@ -13,8 +13,11 @@ The FS_RestoreInheritance job is designed to restore inheritance to previously q Navigate to the **FileSystem** > **Cleanup** > **3. Quarantine** > **FS_RestoreInheritance** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the FS_RestoreInheritance Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/cleanup/quarantine/restoreinheritanceanalysis.webp) @@ -28,10 +31,16 @@ The following analysis task is selected by default: Navigate to the **FileSystem** > **Cleanup** > **3. Quarantine** > **FS_RestoreInheritance** > **Configure** node and select **Actions** to view the action tasks. -**CAUTION:** Do not enable the action unless it is required. Disable the action after execution to +:::warning +Do not enable the action unless it is required. Disable the action after execution to prevent making unintended and potentially harmful changes to Active Directory. +::: + + +:::warning +Do not modify the action task. The action task is preconfigured for this job. +::: -**CAUTION:** Do not modify the action task. The action task is preconfigured for this job. ![Action Tasks for the FS_RestoreInheritance Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/cleanup/quarantine/restoreinheritanceaction.webp) diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/quarantine/fs_restoreinheritance_status.md b/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/quarantine/fs_restoreinheritance_status.md index ab16b9e9af..6fe6d6d80a 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/quarantine/fs_restoreinheritance_status.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/quarantine/fs_restoreinheritance_status.md @@ -15,8 +15,11 @@ Navigate to the **FileSystem** > **Cleanup** > **3. Quarantine** > **FS_RestoredInheritance_Status** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the FS_RestoreInheritance_Status Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/cleanup/quarantine/restoreinheritancestatusanalysis.webp) @@ -28,6 +31,7 @@ The following analysis tasks are selected by default: In addition to the tables and views created by the analysis tasks, the FS_RestoreInheritance_Status job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| -------------------- | ----------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Restored Inheritance | This report summarizes restored inheritance which has occurred during the Cleanup process | None | This report is comprised of two elements: - Line Chart – Displays the historical summary of restored inheritance - Table – provides details on restored inheritance | +| Report | Description | Default Tags | Report Elements | +| -------------------- | ----------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Restored Inheritance | This report summarizes restored inheritance which has occurred during the Cleanup process | None | This report is comprised of two elements:
  • Line Chart – Displays the historical summary of restored inheritance
  • Table – provides details on restored inheritance
| + diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/quarantine/overview.md b/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/quarantine/overview.md index 171d461c2e..c39c151c12 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/quarantine/overview.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/quarantine/overview.md @@ -21,7 +21,7 @@ This job group includes the following jobs: - [FS_RestoreInheritance_Status Job](/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/quarantine/fs_restoreinheritance_status.md) – Designed to report on inheritance that was restored to previously quarantined files -Workflow +**Workflow** The following is the recommended workflow for using the job group: diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/collection/0-create_schema.md b/docs/accessanalyzer/11.6/solutions/filesystem/collection/0-create_schema.md index 0783c48fcd..339c62070f 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/collection/0-create_schema.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/collection/0-create_schema.md @@ -11,40 +11,46 @@ tables, views, and functions used by the rest of the File System Solution. This prior to the other jobs in the 0.Collection job group for both new installations and upgrades. The job can be scheduled with any of the collections. Do not delete the job from the job tree. -**_RECOMMENDED:_** This job does not need to be moved. Leave it to run as part of the 0.Collection +:::info +This job does not need to be moved. Leave it to run as part of the 0.Collection job group. +::: + ## Analysis Tasks for the 0-Create Schema Job View the analysis task by navigating to the **FileSystem** > **0.Collection** > **0-Create Schema** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection for the 0-Create Schema Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/collection/createschemaanalysis.webp) The following analysis tasks are selected by default: -- 1. Create Tables – Creates all tables prefaced with SA*FSAA* -- 2. Create DFS Tables – Creates all tables prefaced with SA*FSDFS* -- 3. Create DLP Tables – Creates all tables prefaced with SA*FSDLP* -- 4. Create FSAC Tables – Creates all tables prefaced with SA*FSAC* -- 5. Create Rename Targets – Creates the SA_FSAC_Rename Targets tables -- 6. Create Paths View – Creates the SA_FSAA_Paths view -- 7. Update data types – Enterprise Auditor uses custom SQL data types to render data. This +- **1. Create Tables** – Creates all tables prefaced with SA*FSAA* +- **2. Create DFS Tables** – Creates all tables prefaced with SA*FSDFS* +- **3. Create DLP Tables** – Creates all tables prefaced with SA*FSDLP* +- **4. Create FSAC Tables** – Creates all tables prefaced with SA*FSAC* +- **5. Create Rename Targets** – Creates the SA_FSAC_Rename Targets tables +- **6. Create Paths View** – Creates the SA_FSAA_Paths view +- **7. Update data types** – Enterprise Auditor uses custom SQL data types to render data. This analysis creates updates to those data types. -- 8. Import new functions – Creates functions used in the File System Solution that only reference +- **8. Import new functions** – Creates functions used in the File System Solution that only reference the .Active Directory Inventory job group data -- 9. Import new functions – Creates the FSAA functions used in the File System Solution that +- **9. Import new functions** – Creates the FSAA functions used in the File System Solution that reference the 0.Collection job group data -- 10. Create exception types – Creates the SA_FSAA_ExceptionTypes table -- 11. Create views – Creates the SA_FSAA_DirectPermissionsView -- 12. Create Exceptions Schema – Creates the SA_FSAC_Exception table and the +- **10. Create exception types** – Creates the SA_FSAA_ExceptionTypes table +- **11. Create views** – Creates the SA_FSAA_DirectPermissionsView +- **12. Create Exceptions Schema** – Creates the SA_FSAC_Exception table and the SA_FSAC_ExceptionTypes table -- 13. Create FSAC Views – Creates all views prefaced with SA*FSAC* -- 14. Create Functions – Creates the FSAC functions used in the File System Solution that +- **13. Create FSAC Views** – Creates all views prefaced with SA*FSAC* +- **14. Create Functions** – Creates the FSAC functions used in the File System Solution that reference the 0.Collection job group data -- 15. Create FSDLP Views – Creates all views prefaced with SA*FSDLP* -- 16. Create DFS Functions – Creates the FSDFS functions used in the File System Solution that +- **15. Create FSDLP Views** – Creates all views prefaced with SA*FSDLP* +- **16. Create DFS Functions** – Creates the FSDFS functions used in the File System Solution that reference the 0.Collection job group data diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/collection/0-fs_nasuni.md b/docs/accessanalyzer/11.6/solutions/filesystem/collection/0-fs_nasuni.md index f203a03b52..4519cb2dba 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/collection/0-fs_nasuni.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/collection/0-fs_nasuni.md @@ -11,21 +11,30 @@ the Enterprise Auditor Instant Job Library. See the [Instant Job Wizard](/docs/accessanalyzer/11.6/admin/jobs/instantjobs/overview.md) topic to add this instant job to the 0.Collection job group. -**CAUTION:** It is necessary to rename the job after it has been added to the 0.Collection job group +:::warning +It is necessary to rename the job after it has been added to the 0.Collection job group from **FS_Nasuni** to **0-FS_Nasuni**, so that it runs immediately after the 0-Create Schema job. +::: -_Remember,_ the 0-FS_Nasuni job must be assigned a custom host list containing all on-premise Nasuni + +:::tip +Remember, the 0-FS_Nasuni job must be assigned a custom host list containing all on-premise Nasuni Edge Appliances and cloud filers, and a custom Connection Profile containing the API Access Key and Passcode for each on-premise Nasuni Edge Appliance and cloud filer in the target environment. Nasuni API key names are case sensitive. When providing them, ensure they are entered in the exact same case as generated. +::: + ## Queries for the 0-FS_Nasuni Job The queries for the 0-FS_Nasuni job use the PowerShell Data collector to gather system information, volume data, and share data from the Nasuni environment. -**CAUTION:** Do not modify the queries. The queries are preconfigured for this job. +:::warning +Do not modify the queries. The queries are preconfigured for this job. +::: + ![Queries for the 0-FS_Nasuni Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/collection/fsnasuniquery.webp) diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/collection/0-fsdfs_system_scans.md b/docs/accessanalyzer/11.6/solutions/filesystem/collection/0-fsdfs_system_scans.md index 969836aeae..c5d803a84a 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/collection/0-fsdfs_system_scans.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/collection/0-fsdfs_system_scans.md @@ -14,7 +14,10 @@ system and creating a dynamic host list that will be used by the components. The DFS System Scan Query uses the FSAA Data Collector and has been preconfigured to use the DFS Scan Category. -**CAUTION:** Do not modify the query. The query is preconfigured for this job. +:::warning +Do not modify the query. The query is preconfigured for this job. +::: + ![Query for the 0-FSDFS System Scans Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/collection/fsdfssystemscansquery.webp) @@ -25,8 +28,11 @@ Scan Category. View the analysis tasks by navigating to the **FileSystem** > **0.Collection** > **0-FSDFS System Scans** > **Configure** node and selecting **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the 0-FSDFS System Scans Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/collection/fsdfssystemscansanalysis.webp) diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/collection/1-fsaa_system_scans.md b/docs/accessanalyzer/11.6/solutions/filesystem/collection/1-fsaa_system_scans.md index 89b515330b..5407c44119 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/collection/1-fsaa_system_scans.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/collection/1-fsaa_system_scans.md @@ -53,8 +53,11 @@ opens. **Step 3 –** Select the **Data Source** tab, and click **Configure**. The File System Access Auditor Data Collector Wizard opens. -**CAUTION:** Do not make changes to other wizard pages as they have been pre-configured for the +:::warning +Do not make changes to other wizard pages as they have been pre-configured for the purpose of this job. +::: + ![Applet Settings](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/collection/fsaaseekappletsettings.webp) @@ -76,8 +79,11 @@ for additional information. [FSAA: Scan Settings](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/scansettings.md) topic for additional information. -**NOTE:** If streaming is enabled, the **2-FSAA Bulk Import** job is no longer needed as part of the +:::note +If streaming is enabled, the **2-FSAA Bulk Import** job is no longer needed as part of the **0.Collection** job group. +::: + ![Azure Tennant Mapping](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/collection/fsaaseekazuretenantmapping.webp) @@ -141,8 +147,11 @@ topic for additional information. scans. See the [File Details Tab](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/defaultscopingoptions/filedetails.md) -**_RECOMMENDED:_** Carefully consider configuring the following settings. Applying filters when file +:::info +Carefully consider configuring the following settings. Applying filters when file detail scanning has been enabled reduces the impact on the database. +::: + ![File Properties (Folder Summary) tab of the Default Scoping Options page](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/collection/fsaadefaultscopingoptionsfileproperties.webp) @@ -187,11 +196,14 @@ If changes were made, the **1-FSAA System Scans** job is now customized. View the analysis task by navigating to the **FileSystem** > **0.Collection** > **1-FSAA System Scans** > **Configure** node and selecting **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Task for the 1-FSAA System Scans Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/collection/fsaasystemscansanalysis.webp) The following analysis task is selected by default: -- 1. Resolve links – Resolves DFS links in standard tables +- **1. Resolve links** – Resolves DFS links in standard tables diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/collection/1-fsac_system_scans.md b/docs/accessanalyzer/11.6/solutions/filesystem/collection/1-fsac_system_scans.md index 7352cebf7c..9db631caae 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/collection/1-fsac_system_scans.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/collection/1-fsac_system_scans.md @@ -47,8 +47,11 @@ opens. **Step 3 –** Select the **Data Source** tab, and click **Configure**. The File System Access Auditor Data Collector Wizard opens. -**CAUTION:** Do not make changes to other wizard pages as they have been pre-configured for the +:::warning +Do not make changes to other wizard pages as they have been pre-configured for the purpose of this job. +::: + ![Applet Settings](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/collection/fsacappletsettings.webp) diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/collection/1-seek_system_scans.md b/docs/accessanalyzer/11.6/solutions/filesystem/collection/1-seek_system_scans.md index bcd2cf9b81..46a7ddb227 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/collection/1-seek_system_scans.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/collection/1-seek_system_scans.md @@ -68,8 +68,11 @@ opens. **Step 3 –** Select the **Data Source** tab, and click **Configure**. The File System Access Auditor Data Collector Wizard opens. -**CAUTION:** Do not make changes to other wizard pages as they have been pre-configured for the +:::warning +Do not make changes to other wizard pages as they have been pre-configured for the purpose of this job. +::: + ![Applet Settings](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/collection/fsaaseekappletsettings.webp) @@ -92,8 +95,11 @@ for additional information. [FSAA: Scan Settings](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/scansettings.md) topic for additional information. -**NOTE:** If streaming is enabled, the **2-SEEK Bulk Import** job is no longer needed as part of the +:::note +If streaming is enabled, the **2-SEEK Bulk Import** job is no longer needed as part of the **0.Collection** job group. +::: + ![Azure Tenant Mapping](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/collection/fsaaseekazuretenantmapping.webp) @@ -165,7 +171,10 @@ for additional information: - Add share and folder exclusions - Scope to scan only Open shares -**NOTE:** This option only works in conjunction with File System Access Auditing. +:::note +This option only works in conjunction with File System Access Auditing. +::: + See the [FSAA: Scoping Queries](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/scopingqueries.md) @@ -181,15 +190,21 @@ topic for additional information. - Enable differential scanning - Modify the number of SDD scan processes - **_RECOMMENDED:_** For optimal performance, the total number of scan processes on a scan host + :::info + For optimal performance, the total number of scan processes on a scan host should be 1 to 2 times the number of CPU threads available. + ::: + - Enable Optical Character Recognition (OCR) scans - **NOTE:** The OCR option is intended to work for clear scanned physical documents or documents + :::note + The OCR option is intended to work for clear scanned physical documents or documents directly converted to images, with standard fonts. It will not work for scanning photos of documents and may not be able to recognize text on images of credit cards, driver's licenses, or other identity cards. + ::: + See the [FSAA: Sensitive Data Settings](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/sensitivedatasettings.md) @@ -205,8 +220,11 @@ for additional information. [Sensitive Data Criteria Editor](/docs/accessanalyzer/11.6/sensitivedatadiscovery/criteriaeditor/overview.md) topic for additional information -**NOTE:** By default, discovered sensitive data strings are not stored in the Enterprise Auditor +:::note +By default, discovered sensitive data strings are not stored in the Enterprise Auditor database. +::: + **Step 13 –** Click **Finish** to save any setting modifications or click **Cancel** if no changes were made. Then click **OK** to close the Query Properties window. diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/collection/2-fsaa_bulk_import.md b/docs/accessanalyzer/11.6/solutions/filesystem/collection/2-fsaa_bulk_import.md index 694f7d9296..40b196d781 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/collection/2-fsaa_bulk_import.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/collection/2-fsaa_bulk_import.md @@ -27,8 +27,11 @@ access/permission auditing Bulk import category. View the analysis tasks by navigating to the **FileSystem** > **0.Collection** > **2-FSAA Bulk Import** > **Configure** node and selecting **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the 2-FSAA Bulk Import Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/collection/fsaabulkimportanalysis.webp) diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/collection/3-fsaa_exceptions.md b/docs/accessanalyzer/11.6/solutions/filesystem/collection/3-fsaa_exceptions.md index 59d00a4170..0a87506f9c 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/collection/3-fsaa_exceptions.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/collection/3-fsaa_exceptions.md @@ -29,8 +29,11 @@ for additional information. View the analysis tasks by navigating to the **FileSystem** > **0.Collection** > **3-FSAA Exceptions** > **Configure** node and select **Analysis**. -**CAUTION:** Most of these analysis tasks are preconfigured and should not be modified and or +:::warning +Most of these analysis tasks are preconfigured and should not be modified and or deselected. While it is possible to deselect particular tasks as specified, it is not recommended. +::: + ![Analysis Tasks for the 3-FSAA Exceptions Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/collection/fsaaexceptionsanalysis.webp) diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/collection/3-fsac_exceptions.md b/docs/accessanalyzer/11.6/solutions/filesystem/collection/3-fsac_exceptions.md index 28089fb9ed..d421fb98d2 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/collection/3-fsac_exceptions.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/collection/3-fsac_exceptions.md @@ -24,8 +24,11 @@ topic for information on these. View the analysis tasks by navigating to the **FileSystem** > **0.Collection** > **3-FSAC Exceptions** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the 3-FSAC Exceptions Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/collection/fsacexceptionsanalysis.webp) diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/collection/overview.md b/docs/accessanalyzer/11.6/solutions/filesystem/collection/overview.md index 570af2f09c..1e04c58a25 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/collection/overview.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/collection/overview.md @@ -41,8 +41,11 @@ collector. See the [0-Create Schema Job](/docs/accessanalyzer/11.6/solutions/filesystem/collection/0-create_schema.md) topic for additional information. -_Remember,_ the relationship between system scans and bulk import jobs requires the following +:::tip +Remember, the relationship between system scans and bulk import jobs requires the following considerations: +::: + - A system scans job executed from a Enterprise Auditor Console must be followed by the corresponding bulk import job from the same Enterprise Auditor Console with the same version of @@ -106,7 +109,7 @@ disabling the undesired collection jobs. Disabling them allows the solution to r It is not recommended to delete any jobs. The required collection jobs are listed for the following workflow. -Workflow (for Access Auditing only) +**Workflow (for Access Auditing only)** The recommended workflow for Access Auditing only is as follows: @@ -118,15 +121,21 @@ The recommended workflow for Access Auditing only is as follows: job. - If streaming is enabled in the **1-FSAA System Scans** job, do not run **2-FSAA Bulk Import** job. - **_RECOMMENDED:_** It is best practice to disable undesired Bulk Import jobs. + :::info + It is best practice to disable undesired Bulk Import jobs. + ::: + **Step 3 –** Run the **3-FSAA Exceptions** job. **Step 4 –** Run the desired corresponding analysis and reporting sub-job groups. -**NOTE:** Please see the +:::note +Please see the [Recommended Configuration for the File System Solution](/docs/accessanalyzer/11.6/solutions/filesystem/recommended.md) topic before continuing with this workflow. +::: + See the other auditing sections for workflows which include multiple auditing types. @@ -171,11 +180,14 @@ disabling the undesired collection jobs. Disabling them allows the solution to r It is not recommended to delete any jobs. The required collection jobs are listed for each of the following optional workflows. -**CAUTION:** The DFS Auditing component must always be run in conjunction with the Access Auditing +:::warning +The DFS Auditing component must always be run in conjunction with the Access Auditing component. Access audits are necessary to resolve the target shares and folders of DFS link destinations. +::: + -Recommended Workflow 1 (for AccessAuditing with DFS Auditing) +**Recommended Workflow 1 (for AccessAuditing with DFS Auditing)** **Step 1 –** Run the **0-FSDFS System Scans** job. @@ -187,7 +199,10 @@ Recommended Workflow 1 (for AccessAuditing with DFS Auditing) job. - If streaming is enabled in the **1-FSAA System Scans** job, do not run **2-FSAA Bulk Import** job. - **_RECOMMENDED:_** It is best practice to disable undesired Bulk Import jobs. + :::info + It is best practice to disable undesired Bulk Import jobs. + ::: + **Step 4 –** Run the **3-FSAA Exceptions** job (not specifically needed for DFS Auditing, but recommended for **0.Collection** job group). @@ -211,7 +226,10 @@ only). job. - If streaming is enabled in the **1-FSAA System Scans** job, do not run **2-FSAA Bulk Import** job. - **_RECOMMENDED:_** It is best practice to disable undesired Bulk Import jobs. + :::info + It is best practice to disable undesired Bulk Import jobs. + ::: + **Step 6 –** Run the **2-FSAC Bulk Import** job (with the **DFS HOST LIST** assigned). @@ -244,7 +262,10 @@ only). job. - If streaming is enabled in the **1-FSAA System Scans** job, do not run **2-FSAA Bulk Import** job. - **_RECOMMENDED:_** It is best practice to disable undesired Bulk Import jobs. + :::info + It is best practice to disable undesired Bulk Import jobs. + ::: + **Step 8 –** Run the **2-FSAC Bulk Import** job (with the **DFS HOST LIST** assigned). @@ -255,7 +276,10 @@ only). - If streaming is enabled in the **1-SEEK System Scans** job, do not run the **2-SEEK Bulk Import** job. - **_RECOMMENDED:_** It is best practice to disable undesired Bulk Import jobs. + :::info + It is best practice to disable undesired Bulk Import jobs. + ::: + **Step 10 –** Run the **3-FSAA Exceptions** job. @@ -263,9 +287,12 @@ only). **Step 12 –** Run the desired corresponding analysis and reporting sub-job groups. -**NOTE:** Please see the +:::note +Please see the [Recommended Configuration for the File System Solution](/docs/accessanalyzer/11.6/solutions/filesystem/recommended.md) topic before continuing with these workflows. +::: + To scope the 0.Collection job group to only collect DFS information, see Step 9 of the [Configure the (FSAA) File System Scan Query](/docs/accessanalyzer/11.6/solutions/filesystem/collection/1-fsaa_system_scans.md#configure-the-fsaa-file-system-scan-query) @@ -280,10 +307,13 @@ specifically incorporated into this component are prefixed with `FSAC`. See the [Standard Reference Tables & Views for the FSAA Data Collector](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/standardtables.md) topic for additional information on the data collected. -**NOTE:** The Activity Auditing component requires the Activity Monitor be deployed, configured, and +:::note +The Activity Auditing component requires the Activity Monitor be deployed, configured, and have services running on the target hosts. See the [Netwrix Activity Monitor Documentation](https://helpcenter.netwrix.com/category/activitymonitor) for additional information. +::: + Once the Activity Monitor is installed, the monitored host configuration tells it what to monitor and how long to retain the activity log files. The monitoring agent writes one log per day of @@ -300,10 +330,13 @@ on the Activity Settings page of the File System Access Auditor Data Collector W [Configure the Activity Scan Query](/docs/accessanalyzer/11.6/solutions/filesystem/collection/1-fsac_system_scans.md#configure-the-activity-scan-query) topic for additional information. -**NOTE:** Integration between Enterprise Auditor and Threat Prevention for Windows File System +:::note +Integration between Enterprise Auditor and Threat Prevention for Windows File System monitoring purposes requires the use of the SI Agent to generate the required logs. See the [Netwrix Threat Prevention Documentation](https://helpcenter.netwrix.com/category/threatprevention) for information on the Enterprise Auditor Integration. +::: + The **0.Collection** jobs that comprise this auditing component are: @@ -337,7 +370,7 @@ disabling the undesired collection jobs. Disabling them allows the solution to r It is not recommended to delete any jobs. The required collection jobs are listed for each of the following optional workflows. -Recommended Workflow 1 (for Access and Activity Auditing) +**Recommended Workflow 1 (for Access and Activity Auditing)** **Step 1 –** Install and configure monitoring with the Activity Monitor for targeted hosts (once only). @@ -352,7 +385,10 @@ only). job. - If streaming is enabled in the **1-FSAA System Scans** job, do not run **2-FSAA Bulk Import** job. - **_RECOMMENDED:_** It is best practice to disable undesired Bulk Import jobs. + :::info + It is best practice to disable undesired Bulk Import jobs. + ::: + **Step 5 –** Run the **2-FSAC Bulk Import** job. @@ -382,7 +418,10 @@ only). job. - If streaming is enabled in the **1-FSAA System Scans** job, do not run **2-FSAA Bulk Import** job. - **_RECOMMENDED:_** It is best practice to disable undesired Bulk Import jobs. + :::info + It is best practice to disable undesired Bulk Import jobs. + ::: + **Step 7 –** Run the **2-FSAC Bulk Import** job. @@ -393,7 +432,10 @@ only). - If streaming is enabled in the **1-SEEK System Scans** job, do not run the **2-SEEK Bulk Import** job. - **_RECOMMENDED:_** It is best practice to disable undesired Bulk Import jobs. + :::info + It is best practice to disable undesired Bulk Import jobs. + ::: + **Step 9 –** Run the **3-FSAA Exceptions** job. @@ -423,7 +465,10 @@ only). job. - If streaming is enabled in the **1-FSAA System Scans** job, do not run **2-FSAA Bulk Import** job. - **_RECOMMENDED:_** It is best practice to disable undesired Bulk Import jobs. + :::info + It is best practice to disable undesired Bulk Import jobs. + ::: + **Step 8 –** Run the **2-FSAC Bulk Import** job. @@ -434,7 +479,10 @@ only). - If streaming is enabled in the **1-SEEK System Scans** job, do not run the **2-SEEK Bulk Import** job. - **_RECOMMENDED:_** It is best practice to disable undesired Bulk Import jobs. + :::info + It is best practice to disable undesired Bulk Import jobs. + ::: + **Step 10 –** Run the **3-FSAA Exceptions** job. @@ -458,9 +506,12 @@ only). **Step 5 –** Run the desired corresponding analysis and reporting sub-job groups. -**NOTE:** Please see the +:::note +Please see the [Recommended Configuration for the File System Solution](/docs/accessanalyzer/11.6/solutions/filesystem/recommended.md) topic before continuing with these workflows. +::: + ### Identify a Log File @@ -475,8 +526,11 @@ configuration and click **Edit**. **Step 2 –** On the **Log Files** tab, select the **This log file is for Enterprise Auditor** option. -**_RECOMMENDED:_** Select the **Comments** tab and identify this output as being configured for +:::info +Select the **Comments** tab and identify this output as being configured for Enterprise Auditor. +::: + **Step 3 –** Click **OK** to save the setting. @@ -491,23 +545,29 @@ with `SEEK`. The tables and views are prefixed with `FSDLP`. See the [Standard Reference Tables & Views for the FSAA Data Collector](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/standardtables.md) topic for additional information on the data collected. -**NOTE:** The Sensitive Data Discovery Auditing (SEEK) component requires an additional installer +:::note +The Sensitive Data Discovery Auditing (SEEK) component requires an additional installer package. Though the jobs are visible within the console, the Sensitive Data Discovery Add-on must be installed before data collection will occur. See the [Sensitive Data Discovery Add-On Installation](/docs/accessanalyzer/11.6/install/sensitivedatadiscovery/overview.md) topic for additional information. +::: + Customized search criteria can be created with the Criteria Editor accessible through the SDD Criteria Settings page of the File System Access Auditor Data Collector Wizard. See the [Configure the (SEEK) File System Scan Query](/docs/accessanalyzer/11.6/solutions/filesystem/collection/1-seek_system_scans.md#configure-the-seek-file-system-scan-query) topic for additional information. -_Remember,_ changes made in the Criteria Editor are global for Sensitive Data Discovery in +:::tip +Remember, changes made in the Criteria Editor are global for Sensitive Data Discovery in Enterprise Auditor. See the [Sensitive Data Criteria Editor](/docs/accessanalyzer/11.6/sensitivedatadiscovery/criteriaeditor/overview.md) topic for additional information. +::: -Option to Enable Last Access Timestamp + +**Option to Enable Last Access Timestamp** The Last Access Timestamp (LAT) is disabled by default in Windows. This means the LAT does not get updated by any applications reading the file. As soon as the LAT feature is enabled in Windows, any @@ -528,7 +588,7 @@ collection, see the [File System Supported Platforms](/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/filesystems.md) topic. -File System Sensitive Data Discovery Auditing (SEEK) Jobs +**File System Sensitive Data Discovery Auditing (SEEK) Jobs** The 0.Collection jobs that comprise this auditing component are: @@ -560,8 +620,11 @@ workflows. Recommended Workflow 1 (for Access and Sensitive Data Discovery Auditing data collection) -**NOTE:** While Sensitive Data Discovery data can be collected, the Sensitive Data reports require +:::note +While Sensitive Data Discovery data can be collected, the Sensitive Data reports require the Activity Auditing components. +::: + **Step 1 –** Install the Sensitive Data Discovery Add-On on the Enterprise Auditor Console (once only). @@ -576,7 +639,10 @@ only). job. - If streaming is enabled in the **1-FSAA System Scans** job, do not run **2-FSAA Bulk Import** job. - **_RECOMMENDED:_** It is best practice to disable undesired Bulk Import jobs. + :::info + It is best practice to disable undesired Bulk Import jobs. + ::: + **Step 5 –** If necessary, run the **2-SEEK Bulk Import** job: @@ -585,7 +651,10 @@ only). - If streaming is enabled in the **1-SEEK System Scans** job, do not run the **2-SEEK Bulk Import** job. - **_RECOMMENDED:_** It is best practice to disable undesired Bulk Import jobs. + :::info + It is best practice to disable undesired Bulk Import jobs. + ::: + **Step 6 –** Run the **3-FSAA Exceptions** job. @@ -611,7 +680,10 @@ only). job. - If streaming is enabled in the **1-FSAA System Scans** job, do not run **2-FSAA Bulk Import** job. - **_RECOMMENDED:_** It is best practice to disable undesired Bulk Import jobs. + :::info + It is best practice to disable undesired Bulk Import jobs. + ::: + **Step 7 –** Run the **2-FSAC Bulk Import** job. @@ -622,7 +694,10 @@ only). - If streaming is enabled in the **1-SEEK System Scans** job, do not run the **2-SEEK Bulk Import** job. - **_RECOMMENDED:_** It is best practice to disable undesired Bulk Import jobs. + :::info + It is best practice to disable undesired Bulk Import jobs. + ::: + **Step 9 –** Run the **3-FSAA Exceptions** job. @@ -652,7 +727,10 @@ only). job. - If streaming is enabled in the **1-FSAA System Scans** job, do not run **2-FSAA Bulk Import** job. - **_RECOMMENDED:_** It is best practice to disable undesired Bulk Import jobs. + :::info + It is best practice to disable undesired Bulk Import jobs. + ::: + **Step 8 –** Run the **2-FSAC Bulk Import** job. @@ -663,7 +741,10 @@ only). - If streaming is enabled in the **1-SEEK System Scans** job, do not run the **2-SEEK Bulk Import** job. - **_RECOMMENDED:_** It is best practice to disable undesired Bulk Import jobs. + :::info + It is best practice to disable undesired Bulk Import jobs. + ::: + **Step 10 –** Run the **3-FSAA Exceptions** job. @@ -685,10 +766,16 @@ Activity Auditing components. - If streaming is enabled in the **1-SEEK System Scans** job, do not run the **2-SEEK Bulk Import** job. - **_RECOMMENDED:_** It is best practice to disable undesired Bulk Import jobs. + :::info + It is best practice to disable undesired Bulk Import jobs. + ::: + **Step 3 –** Run the desired corresponding analysis and reporting sub-job groups. -**NOTE:** Please see the +:::note +Please see the [Recommended Configuration for the File System Solution](/docs/accessanalyzer/11.6/solutions/filesystem/recommended.md) topic before continuing with these workflows. + +::: diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/content/fs_filetypes.md b/docs/accessanalyzer/11.6/solutions/filesystem/content/fs_filetypes.md index 0e6f1dbcbc..04d00761da 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/content/fs_filetypes.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/content/fs_filetypes.md @@ -17,23 +17,27 @@ The FS_FileTypes job is located in the File Types job group. View the analysis tasks by navigating to the **FileSystem** > **4.Content** > **File Types** > **FS_FileTypes** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the FS_FileTypes Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/content/filetypesanalysis.webp) The following analysis tasks are selected by default: -- 1. Create File Types View – Creates the SA_ENG_FSAA_FileTypeView view accessible under the job’s +- **1. Create File Types View** – Creates the SA_ENG_FSAA_FileTypeView view accessible under the job’s Results node -- 2. Ranked File Extensions – Creates the SA_FS_FileTypes_ExtensionsRanked table accessible under +- **2. Ranked File Extensions** – Creates the SA_FS_FileTypes_ExtensionsRanked table accessible under the job’s Results node -- 3. File Types by Share – Creates the SA_FS_FileTypes_TypesByShare table accessible under the +- **3. File Types by Share** – Creates the SA_FS_FileTypes_TypesByShare table accessible under the job’s Results node In addition to the tables and views created by the analysis tasks, the FS_FileTypes job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ---------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------- | -| File Types | This report identifies what types of files are located within your distributed file system and how much space they are taking up in gigabytes. | None | This report is comprised of two elements: - Pie Chart – Displays file types extensions ranked - Table – Provides details on file types by share | +| Report | Description | Default Tags | Report Elements | +| ---------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| File Types | This report identifies what types of files are located within your distributed file system and how much space they are taking up in gigabytes. | None | This report is comprised of two elements:
  • Pie Chart – Displays file types extensions ranked
  • Table – Provides details on file types by share
| + diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/content/fs_stalecontent.md b/docs/accessanalyzer/11.6/solutions/filesystem/content/fs_stalecontent.md index 59e4842bcd..91b309634b 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/content/fs_stalecontent.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/content/fs_stalecontent.md @@ -18,26 +18,30 @@ The FS_StaleContent job is located in the Stale job group. View the analysis tasks by navigating to the **FileSystem** > **4.Content** > **Stale** > **FS_StaleContent** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the FS_StaleContent Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/content/stalecontentanalysis.webp) The following analysis tasks are selected by default: -- 1. Create Aging View – Creates the SA_ENG_FSAA_FolderAging table accessible under the job’s +- **1. Create Aging View** – Creates the SA_ENG_FSAA_FolderAging table accessible under the job’s Results node -- 2. Enterprise Summary – Creates the SA_FS_StaleContent_EnterpriseSummary table accessible under +- **2. Enterprise Summary** – Creates the SA_FS_StaleContent_EnterpriseSummary table accessible under the job’s Results node -- 3. Share Summary – Creates the SA_FS_StaleContent_ShareSummary table accessible under the job’s +- **3. Share Summary** – Creates the SA_FS_StaleContent_ShareSummary table accessible under the job’s Results node -- 4. Host Summary – Creates the SA_FS_StaleContent_HostSummary table accessible under the job’s +- **4. Host Summary** – Creates the SA_FS_StaleContent_HostSummary table accessible under the job’s Results node In addition to the tables created by the analysis tasks, the FS_StaleContent job produces the following pre-configured reports: -| Report | Description | Default Tags | Report Elements | -| ----------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Hosts with Stale Content (Servers with Stale Content) | Identifies servers with stale content. Staleness is determined by files' last modified date. For these reports, by default, a file is considered stale after a year. Counts are based on Shares and Folders which contain any stale content. | None | This report is comprised of three elements: - Pie Chart – Displays enterprise aging summary - Stacked Bar Chart– Displays aging summary by host - Table – Provides details on servers with stale content | -| Shares with Stale Content | Identifies shares with stale content. Staleness is determined by files' last modified date. For these reports, by default, a file is considered stale after a year. Counts are based on Shares and Folders which contain any stale content. | None | This report is comprised of two elements: - Bar Chart – Displays share summary - Table – Provides details on shares | +| Report | Description | Default Tags | Report Elements | +| ----------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Hosts with Stale Content (Servers with Stale Content) | Identifies servers with stale content. Staleness is determined by files' last modified date. For these reports, by default, a file is considered stale after a year. Counts are based on Shares and Folders which contain any stale content. | None | This report is comprised of three elements:
  • Pie Chart – Displays enterprise aging summary
  • Stacked Bar Chart– Displays aging summary by host
  • Table – Provides details on servers with stale content
| +| Shares with Stale Content | Identifies shares with stale content. Staleness is determined by files' last modified date. For these reports, by default, a file is considered stale after a year. Counts are based on Shares and Folders which contain any stale content. | None | This report is comprised of two elements:
  • Bar Chart – Displays share summary
  • Table – Provides details on shares
| + diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/content/sizing/fs_emptyresources.md b/docs/accessanalyzer/11.6/solutions/filesystem/content/sizing/fs_emptyresources.md index aca69f7528..0638d5188a 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/content/sizing/fs_emptyresources.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/content/sizing/fs_emptyresources.md @@ -13,26 +13,30 @@ The FS_EmptyResources job is designed to report on empty resources from targeted View the analysis tasks by navigating to the **FileSystem** > **4.Content** > **Sizing** > **FS_EmptyResources** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the FS_EmptyResources Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/content/sizing/emptyresourcesanalysis.webp) The following analysis tasks are selected by default: -- 1. Folder Size View – Creates the SA_ENG_FSAA_FolderSizeView view accessible under the job’s +- **1. Folder Size View** – Creates the SA_ENG_FSAA_FolderSizeView view accessible under the job’s Results node -- 2. Empty Folders – Creates the SA_FS_EmptyResources_EmptyFolders table accessible under the +- **2. Empty Folders** – Creates the SA_FS_EmptyResources_EmptyFolders table accessible under the job’s Results node -- 3. Empty Shares – Creates the SA_FS_EmptyResources_EmptyShares table accessible under the job’s +- **3. Empty Shares** – Creates the SA_FS_EmptyResources_EmptyShares table accessible under the job’s Results node -- 4. Summarize by Host – Creates the SA_FS_EmptyResources_HostSummary table accessible under the +- **4. Summarize by Host** – Creates the SA_FS_EmptyResources_HostSummary table accessible under the job’s Results node In addition to the tables and views created by the analysis tasks, the FS_EmptyResources job produces the following pre-configured reports: -| Report | Description | Default Tags | Report Elements | -| ------------- | ----------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Empty Folders | Identifies empty folders with no subdirectories. | None | This report is comprised of three elements: - Bar Chart – Displays the top five servers by empty folders - Table – Provides details on empty folders - Table – Provides details on the top servers by empty folders | -| Empty Shares | This report identifies empty shares with no subdirectories. | None | This report is comprised of three elements: - Bar Chart – Displays the top 5 servers by empty shares - Table – Provides details on the empty shares - Table – Provides summary of the share | +| Report | Description | Default Tags | Report Elements | +| ------------- | ----------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Empty Folders | Identifies empty folders with no subdirectories. | None | This report is comprised of three elements:
  • Bar Chart – Displays the top five servers by empty folders
  • Table – Provides details on empty folders
  • Table – Provides details on the top servers by empty folders
| +| Empty Shares | This report identifies empty shares with no subdirectories. | None | This report is comprised of three elements:
  • Bar Chart – Displays the top 5 servers by empty shares
  • Table – Provides details on the empty shares
  • Table – Provides summary of the share
| + diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/content/sizing/fs_largestresources.md b/docs/accessanalyzer/11.6/solutions/filesystem/content/sizing/fs_largestresources.md index 6f27710e73..17fcc7b3e6 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/content/sizing/fs_largestresources.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/content/sizing/fs_largestresources.md @@ -14,22 +14,26 @@ servers. View the analysis tasks by navigating to the **FileSystem** > **4.Content** > **Sizing** > **FS_LargestResources** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the FS_LargestResources Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/content/sizing/largestresourcesanalysis.webp) The following analysis tasks are selected by default: -- 1. Largest Folders Ranked – Creates the SA_FS_LargestResources_Ranked table accessible under the +- **1. Largest Folders Ranked** – Creates the SA_FS_LargestResources_Ranked table accessible under the job’s Results node -- 2. Largest Shares – Creates the SA_FS_LargestResources_SharesRanked table accessible under the +- **2. Largest Shares** – Creates the SA_FS_LargestResources_SharesRanked table accessible under the job’s Results node In addition to the tables and views created by the analysis tasks, the FS_LargestResources job produces the following pre-configured reports: -| Report | Description | Default Tags | Report Elements | -| --------------- | ----------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------- | -| Largest Folders | This report identifies the largest folders found. | None | This report is comprised of two elements: - Bar Chart – Displays the top 5 largest folders - Table – Provides details on largest folders | -| Largest Shares | This report identifies the largest shares within the environment. | None | This report is comprised of two elements: - Bar Chart – Displays the top 5 largest shares - Table – Provides details on the largest resources | +| Report | Description | Default Tags | Report Elements | +| --------------- | ----------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Largest Folders | This report identifies the largest folders found. | None | This report is comprised of two elements:
  • Bar Chart – Displays the top 5 largest folders
  • Table – Provides details on largest folders
| +| Largest Shares | This report identifies the largest shares within the environment. | None | This report is comprised of two elements:
  • Bar Chart – Displays the top 5 largest shares
  • Table – Provides details on the largest resources
| + diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/content/sizing/fs_smallestresources.md b/docs/accessanalyzer/11.6/solutions/filesystem/content/sizing/fs_smallestresources.md index 74630a92ce..0118f58b3f 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/content/sizing/fs_smallestresources.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/content/sizing/fs_smallestresources.md @@ -14,21 +14,25 @@ servers. View the analysis tasks by navigating to the **FileSystem** > **4.Content** > **Sizing** > **FS_SmallestResources** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the FS_SmallestResources Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/content/sizing/smallestresourcesanalysis.webp) The following analysis tasks are selected by default: -- 1. Smallest Folders Ranked – Creates the SA_FS_SmallestResources_Ranked table accessible under +- **1. Smallest Folders Ranked** – Creates the SA_FS_SmallestResources_Ranked table accessible under the job’s Results node -- 2. Smallest Shares – Creates the SA_FS_SmallestResources_SharesRanked table accessible under the +- **2. Smallest Shares** – Creates the SA_FS_SmallestResources_SharesRanked table accessible under the job’s Results node In addition to the tables and views created by the analysis tasks, the FS_SmallestResources job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| --------------- | ------------------------------------------------------ | ------------ | ------------------------------------------------------------------------------------------ | -| Smallest Shares | Identifies the smallest shares within the environment. | None | This report is comprised of one element: - Table – Provides details on the smallest shares | +| Report | Description | Default Tags | Report Elements | +| --------------- | ------------------------------------------------------ | ------------ | ---------------------------------------------------------------------------------------------------------- | +| Smallest Shares | Identifies the smallest shares within the environment. | None | This report is comprised of one element:
  • Table – Provides details on the smallest shares
| + diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/content/tags/fs_aiplabels.md b/docs/accessanalyzer/11.6/solutions/filesystem/content/tags/fs_aiplabels.md index 63b91920dd..bb4a6d9ae3 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/content/tags/fs_aiplabels.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/content/tags/fs_aiplabels.md @@ -14,8 +14,11 @@ servers. View the analysis tasks by navigating to the **FileSystem** > **4.Content** > **Tags** > **FS_AIPLabels** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the FS_AIPLabels Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/content/tags/aiplabelsanalysis.webp) @@ -27,6 +30,7 @@ The following analysis task is selected by default: In addition to the tables and views created by the analysis task, the FS_AIPLabels job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ---------- | ----------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| AIP Labels | This report provides details on labels applied to files. This information is rolled up by folder, and summarized at the enterprise level. | None | This report is comprised of three elements: - Pie Chart – Displays enterprise AIP summary - Table– Provides details on label details by folder - Table – Provides details on labels by file count | +| Report | Description | Default Tags | Report Elements | +| ---------- | ----------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| AIP Labels | This report provides details on labels applied to files. This information is rolled up by folder, and summarized at the enterprise level. | None | This report is comprised of three elements:
  • Pie Chart – Displays enterprise AIP summary
  • Table– Provides details on label details by folder
  • Table – Provides details on labels by file count
| + diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/content/tags/fs_filetags.md b/docs/accessanalyzer/11.6/solutions/filesystem/content/tags/fs_filetags.md index 37583d902d..f4aec76905 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/content/tags/fs_filetags.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/content/tags/fs_filetags.md @@ -14,8 +14,11 @@ targeted file servers. View the analysis tasks by navigating to the **FileSystem** > **4.Content** > **Tags** > **FS_FileTags** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the FS_FileTags Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/content/tags/filetagsanalysis.webp) @@ -27,6 +30,7 @@ The following analysis task is selected by default: In addition to the tables and views created by the analysis task, the FS_FileTags job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| --------- | --------------------------------------------------------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| File Tags | This report provides details on tags applied to files. This information is rolled up by folder, and summarized at the enterprise level. | None | This report is comprised of three elements: - Pie Chart – Displays enterprise tag summary - Table– Provides details on tag details by folder - Table – Provides details on tags by file count | +| Report | Description | Default Tags | Report Elements | +| --------- | --------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| File Tags | This report provides details on tags applied to files. This information is rolled up by folder, and summarized at the enterprise level. | None | This report is comprised of three elements:
  • Pie Chart – Displays enterprise tag summary
  • Table– Provides details on tag details by folder
  • Table – Provides details on tags by file count
| + diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/directpermissions/fs_domainuseracls.md b/docs/accessanalyzer/11.6/solutions/filesystem/directpermissions/fs_domainuseracls.md index 8aaa1aa2fe..f169db70e1 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/directpermissions/fs_domainuseracls.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/directpermissions/fs_domainuseracls.md @@ -14,26 +14,30 @@ permissions on resources from targeted file servers. View the analysis tasks by navigating to the **FileSystem** > **2.Direct Permissions** > **FS_DomainUserACLs** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the FS_DomainUserACLs Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/directpermissions/domainuseraclsanalysis.webp) The following analysis tasks are selected by default: -- 0. Drop tables – Drops tables from previous runs -- 1. Direct User Resource Details – Creates the SA_FS_DomainUserACLs_DirectUserResourceDetails +- **0. Drop tables** – Drops tables from previous runs +- **1. Direct User Resource Details** – Creates the SA_FS_DomainUserACLs_DirectUserResourceDetails table accessible under the job’s Results node -- 2. Direct Users: Top 5 Servers – Creates an interim processing table in the database for use by +- **2. Direct Users: Top 5 Servers** – Creates an interim processing table in the database for use by downstream analysis and report generation -- 3. Direct Users – Creates an interim processing table in the database for use by downstream +- **3. Direct Users** – Creates an interim processing table in the database for use by downstream analysis and report generation -- 4. Direct Resources – Creates an interim processing table in the database for use by downstream +- **4. Direct Resources** – Creates an interim processing table in the database for use by downstream analysis and report generation In addition to the tables and views created by the analysis tasks which displays all direct user permissions, the FS_DomainUserACLs job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ---------------- | -------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Domain User ACLs | This report identifies all places where a domain user account has direct rights. | None | This report is comprised of three elements: - Bar Chart – Displays top 5 servers affected by folders - Table – Provides details on domain users - Table – Provides details on resources | +| Report | Description | Default Tags | Report Elements | +| ---------------- | -------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Domain User ACLs | This report identifies all places where a domain user account has direct rights. | None | This report is comprised of three elements:
  • Bar Chart – Displays top 5 servers affected by folders
  • Table – Provides details on domain users
  • Table – Provides details on resources
| + diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/directpermissions/fs_highriskacls.md b/docs/accessanalyzer/11.6/solutions/filesystem/directpermissions/fs_highriskacls.md index 32c98ce85e..b8973b30d5 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/directpermissions/fs_highriskacls.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/directpermissions/fs_highriskacls.md @@ -14,23 +14,27 @@ granted direct permissions on resources from targeted file servers. View the analysis tasks by navigating to the **FileSystem** > **2.Direct Permissions** > **FS_HighRiskACLs** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the FS_HighRiskACLs Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/directpermissions/highriskaclsanalysis.webp) The following analysis tasks are selected by default: -- 1. High Risk ACL Details – Creates the SA_FS_HighRiskACLs_Details table accessible under the +- **1. High Risk ACL Details** – Creates the SA_FS_HighRiskACLs_Details table accessible under the job’s Results node -- 2. High Risk Permissions Matrix – Creates an interim processing table in the database for use by +- **2. High Risk Permissions Matrix** – Creates an interim processing table in the database for use by downstream analysis and report generation -- 3. Open Manage Rights – Creates an interim processing table in the database for use by +- **3. Open Manage Rights** – Creates an interim processing table in the database for use by downstream analysis and report generation In addition to the tables and views created by the analysis task, the FS_HighRiskACLs job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| -------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| High Risk ACLs | This report shows permissions of Authenticated Users, Anonymous Login, Everyone, or Domain Users. Applying these trustees to permissions may inadvertently open security holes. | GDPR SOX HIPAA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of two elements: - Stacked Bar Chart – Displays high risk permission assignments - Table – Provides details on resources by open manage rights | +| Report | Description | Default Tags | Report Elements | +| -------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| High Risk ACLs | This report shows permissions of Authenticated Users, Anonymous Login, Everyone, or Domain Users. Applying these trustees to permissions may inadvertently open security holes. | GDPR SOX HIPAA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of two elements:
  • Stacked Bar Chart – Displays high risk permission assignments
  • Table – Provides details on resources by open manage rights
| + diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/directpermissions/fs_localusersandgroups.md b/docs/accessanalyzer/11.6/solutions/filesystem/directpermissions/fs_localusersandgroups.md index c314658a0e..163aad5f38 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/directpermissions/fs_localusersandgroups.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/directpermissions/fs_localusersandgroups.md @@ -14,24 +14,28 @@ granted direct permissions on resources from targeted file servers. View the analysis tasks by navigating to the **FileSystem** > **2.Direct Permissions** > **FS_LocalUsersAndGroups** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the FS_LocalUsersAndGroups Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/directpermissions/localusersandgroupsanalysis.webp) The following analysis tasks are selected by default: -- 1. Local Groups Resource Details – Creates the +- **1. Local Groups Resource Details** – Creates the SA_FS_LocalUsersAndGroups_LocalGroupResourceDetails table accessible under the job’s Results node -- 2. Local Groups – Creates an interim processing table in the database for use by downstream +- **2. Local Groups** – Creates an interim processing table in the database for use by downstream analysis and report generation -- 3. Local Group Details – Creates an interim processing table in the database for use by +- **3. Local Group Details** – Creates an interim processing table in the database for use by downstream analysis and report generation In addition to the tables and views created by the analysis task, the FS_LocalUsersAndGroups job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ---------------------- | ------------------------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Local Users And Groups | This report identifies at the server level, how many local users and groups have direct ACLs, followed by details at the share level. | None | This report is comprised of two elements: - Bar Chart – Displays top five servers with local users and groups by affected folders - Table – Provides details on local users and groups | +| Report | Description | Default Tags | Report Elements | +| ---------------------- | ------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Local Users And Groups | This report identifies at the server level, how many local users and groups have direct ACLs, followed by details at the share level. | None | This report is comprised of two elements:
  • Bar Chart – Displays top five servers with local users and groups by affected folders
  • Table – Provides details on local users and groups
| + diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/directpermissions/fs_missingfullcontrol.md b/docs/accessanalyzer/11.6/solutions/filesystem/directpermissions/fs_missingfullcontrol.md index 508f755656..259837cade 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/directpermissions/fs_missingfullcontrol.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/directpermissions/fs_missingfullcontrol.md @@ -14,21 +14,25 @@ have no Full Control rights granted to it. View the analysis tasks by navigating to the **FileSystem** > **2.Direct Permissions** > **FS_MissingFullControl** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the FS_MissingFullControl Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/directpermissions/missingfullcontrolanalysis.webp) The following analysis tasks are selected by default: -- 1. Determine folders which are missing full control – Creates an interim processing table in the +- **1. Determine folders which are missing full control** – Creates an interim processing table in the database for use by downstream analysis and report generation -- 2. Summarize folders which are missing full control – Creates an interim processing table in the +- **2. Summarize folders which are missing full control** – Creates an interim processing table in the database for use by downstream analysis and report generation In addition to the tables and views created by the analysis task, the FS_MissingFullControl job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| --------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Missing Full Control Rights | This report identifies folders within the environment which currently do not have any trustee with Full Control rights, adding to administrative burden. | None | This report is comprised of three elements: - Bar Chart – Displays shares with missing full control rights - Table – Provides details on folder - Table – Provides details on shares with missing full control rights | +| Report | Description | Default Tags | Report Elements | +| --------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Missing Full Control Rights | This report identifies folders within the environment which currently do not have any trustee with Full Control rights, adding to administrative burden. | None | This report is comprised of three elements:
  • Bar Chart – Displays shares with missing full control rights
  • Table – Provides details on folder
  • Table – Provides details on shares with missing full control rights
| + diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/directpermissions/fs_nestedshares.md b/docs/accessanalyzer/11.6/solutions/filesystem/directpermissions/fs_nestedshares.md index 15e64a24fc..7c177b352a 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/directpermissions/fs_nestedshares.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/directpermissions/fs_nestedshares.md @@ -14,31 +14,35 @@ permissions from targeted file servers. View the analysis tasks by navigating to the **FileSystem** > **2.Direct Permissions** > **FS_NestedShares** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the FS_NestedShares Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/directpermissions/nestedsharesanalysis.webp) The following analysis tasks are selected by default: -- 1. Identify Nested Shares +- **1. Identify Nested Shares** - Creates an interim processing table in the database for use by downstream analysis and report generation - Creates the SA_FS_NestedShares_ShareDetails table accessible under the job’s Results node -- 2. Create function to compare permissions -- 3. Analyze Permission Details +- **2. Create function to compare permissions** +- **3. Analyze Permission Details** - Creates the SA_FS_NestedShares_SharePermissions table accessible under the job’s Results node - Updates the SA_FS_NestedShares_ShareDetails table accessible under the job’s Results node -- 4. Host Summary – Creates the SA_FS_NestedShares_HostSummary table accessible under the job’s +- **4. Host Summary** – Creates the SA_FS_NestedShares_HostSummary table accessible under the job’s Results node In addition to the tables and views created by the analysis tasks, the FS_NestedShares job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ------------- | --------------------------------------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------- | -| Nested Shares | This report identifies where folders are exposed through multiple shares. This may cause issues with unwanted access. | None | This report is comprised of two elements: - Bar Chart – Displays hosts by folder count - Table – Provides details on shares | +| Report | Description | Default Tags | Report Elements | +| ------------- | --------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------- | +| Nested Shares | This report identifies where folders are exposed through multiple shares. This may cause issues with unwanted access. | None | This report is comprised of two elements:
  • Bar Chart – Displays hosts by folder count
  • Table – Provides details on shares
| + diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/directpermissions/fs_sidhistory.md b/docs/accessanalyzer/11.6/solutions/filesystem/directpermissions/fs_sidhistory.md index ede0ef219f..87c5f2ced0 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/directpermissions/fs_sidhistory.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/directpermissions/fs_sidhistory.md @@ -14,26 +14,30 @@ historical SID that has been granted direct permissions on resources from target View the analysis tasks by navigating to the **FileSystem** > **2.Direct Permissions** > **FS_SIDHistory** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the FS_SIDHistory Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/directpermissions/sidhistoryanalysis.webp) The following analysis tasks are selected by default: -- 1. Find ACEs Through SID History +- **1. Find ACEs Through SID History** - Creates the SA_FS_SIDHistory_Details table accessible under the job’s Results node - Creates the SA_FS_SIDHistory_TrusteeDetails table accessible under the job’s Results node -- 2. Host Rollups – Creates the SA_FS_SIDHistory_HostSummary table accessible under the job’s +- **2. Host Rollups** – Creates the SA_FS_SIDHistory_HostSummary table accessible under the job’s Results node -- 3. Expose SID Details View – Makes the SA_FS_SIDHistory_TrusteeDetails table visible under the +- **3. Expose SID Details View** – Makes the SA_FS_SIDHistory_TrusteeDetails table visible under the job’s Results node In addition to the tables and views created by the analysis tasks, the FS_SIDHistory job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| -------------------- | ------------------------------------------------------------------------------ | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| SID History Overview | This report identifies any applied ACE which utilizes a trustee's SID history. | None | This report is comprised of three elements: - Bar Chart – Displays the top 5 hosts by affected folders - Table – Provides details on permissions - Table – Provides details on trustees | +| Report | Description | Default Tags | Report Elements | +| -------------------- | ------------------------------------------------------------------------------ | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| SID History Overview | This report identifies any applied ACE which utilizes a trustee's SID history. | None | This report is comprised of three elements:
  • Bar Chart – Displays the top 5 hosts by affected folders
  • Table – Provides details on permissions
  • Table – Provides details on trustees
| + diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/directpermissions/fs_unresolvedsids.md b/docs/accessanalyzer/11.6/solutions/filesystem/directpermissions/fs_unresolvedsids.md index c16a80a708..926f8eb6f2 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/directpermissions/fs_unresolvedsids.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/directpermissions/fs_unresolvedsids.md @@ -14,8 +14,11 @@ permissions on resources from targeted file servers. View the analysis tasks by navigating to the **FileSystem** > **2.Direct Permissions** > **FS_UnresolvedSIDs** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the FS_UnresolvedSIDs Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/directpermissions/unresolvedsidsanalysis.webp) @@ -27,6 +30,7 @@ The following analysis task is selected by default: In addition to the tables and views created by the analysis task, the FS_UnresolvedSIDs job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| --------------- | -------------------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Unresolved SIDs | This report identifies where permissions are assigned for users which no longer exist. | None | This report is comprised of two elements: - Bar Chart – Displays top servers by affected folders - Table – Provides details on top unresolved SIDs - Table – Provides details on top servers by affected folders | +| Report | Description | Default Tags | Report Elements | +| --------------- | -------------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Unresolved SIDs | This report identifies where permissions are assigned for users which no longer exist. | None | This report is comprised of two elements:
  • Bar Chart – Displays top servers by affected folders
  • Table – Provides details on top unresolved SIDs
  • Table – Provides details on top servers by affected folders
| + diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/filesystemoverview.md b/docs/accessanalyzer/11.6/solutions/filesystem/filesystemoverview.md index 20111bf795..3936219d27 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/filesystemoverview.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/filesystemoverview.md @@ -24,8 +24,11 @@ targeted file servers. View the analysis tasks by navigating to the **FileSystem** > **FileSystemOverview** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the FileSystemOverview Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/filesystemoverviewanalysis.webp) @@ -37,6 +40,7 @@ The following analysis task is selected by default: In addition to the tables and views created by the analysis task, the FileSystemOverview job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| -------------------- | -------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------- | -| File System Overview | This report provides an overview of all targeted file servers. | None | This report is comprised of one element: - Table – Provides summary of the targeted file system | +| Report | Description | Default Tags | Report Elements | +| -------------------- | -------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------- | +| File System Overview | This report provides an overview of all targeted file servers. | None | This report is comprised of one element:
  • Table – Provides summary of the targeted file system
| + diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/fs_brokeninheritance.md b/docs/accessanalyzer/11.6/solutions/filesystem/fs_brokeninheritance.md index 5fdc096e31..59aa9c07a5 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/fs_brokeninheritance.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/fs_brokeninheritance.md @@ -37,14 +37,17 @@ topic for additional information. View the analysis tasks by navigating to the **FileSystem** > **3.Broken Inheritance** > **FS_BrokenInheritance** > **Configure** node and select **Analysis**. -**CAUTION:** Most of these analysis tasks are preconfigured and should not be modified and or +:::warning +Most of these analysis tasks are preconfigured and should not be modified and or deselected. There are some that are deselected by default, as they are for troubleshooting purposes. +::: + ![Analysis Tasks for the FS_BrokenInheritance Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/brokeninheritanceanalysis.webp) The following analysis tasks are selected by default: -- 1. Analyze Broken Inheritance +- **1. Analyze Broken Inheritance** - Creates an interim processing table in the database for use by downstream analysis and report generation @@ -53,7 +56,7 @@ The following analysis tasks are selected by default: - Creates the SA_FS_BrokenInheritance_UniqueTrusteesPivot table accessible under the job's Results node -- 2. Choose to analyze only folders with modified permissions – Creates an interim processing +- **2. Choose to analyze only folders with modified permissions** – Creates an interim processing table in the database for use by downstream analysis and report generation - By default set to only analyze resources with changed permissions from parent @@ -65,26 +68,27 @@ The following analysis tasks are selected by default: [Configure the Customizable Parameters in an Analysis Task](/docs/accessanalyzer/11.6/admin/jobs/job/configure/analysis/analysiscustomizableparameters.md) topic for additional information. -- 3. Determine Permission Changes – Creates an interim processing table in the database for use by +- **3. Determine Permission Changes** – Creates an interim processing table in the database for use by downstream analysis and report generation -- 4. Analyze Trustee Differences – Creates an interim processing table in the database for use by +- **4. Analyze Trustee Differences** – Creates an interim processing table in the database for use by downstream analysis and report generation -- 5. Inheritance Types. Categorizes Permission Changes – Creates an interim processing table in +- **5. Inheritance Types. Categorizes Permission Changes** – Creates an interim processing table in the database for use by downstream analysis and report generation -- 6. Summarize by Share – Creates an interim processing table in the database for use by +- **6. Summarize by Share** – Creates an interim processing table in the database for use by downstream analysis and report generation The following analysis tasks are deselected by default: -- 7. Bring Table to Console - Unique trustees – Restores the +- **7. Bring Table to Console - Unique trustees** – Restores the SA_FS_BrokenInheritance_UniqueTrustees table to be visible under the job's Results node -- 8. Bring Table to Console - Trustees pivot – Restores the +- **8. Bring Table to Console - Trustees pivot** – Restores the SA_FS_BrokenInheritance_UniqueTrusteesPivot table to be visible under the job's Results node In addition to the tables and views created by the analysis tasks, the FS_BrokenInheritance job produces the following pre-configured reports: -| Report | Description | Default Tags | Report Elements | -| -------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Broken Inheritance by Share (Broken Inheritance Details) | Broken inheritance between resources can lead to incorrect access for users, either overprovisioning them, or locking them out of critical data. This report identifies the shares and folders with the most permission changes from the parent resource. | None | This report is comprised of three elements: - Bar Chart – Displays top five shares by permission changes - Table – Provides details on folders - Table – Provides details on shares | -| Unique Trustees | This report identifies permission changes between folders. These trustees have been either removed, added, or had their rights adjusted. | None | This report is comprised of one element: - Table – Provides details on unique trustees | +| Report | Description | Default Tags | Report Elements | +| -------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Broken Inheritance by Share (Broken Inheritance Details) | Broken inheritance between resources can lead to incorrect access for users, either overprovisioning them, or locking them out of critical data. This report identifies the shares and folders with the most permission changes from the parent resource. | None | This report is comprised of three elements:
  • Bar Chart – Displays top five shares by permission changes
  • Table – Provides details on folders
  • Table – Provides details on shares
| +| Unique Trustees | This report identifies permission changes between folders. These trustees have been either removed, added, or had their rights adjusted. | None | This report is comprised of one element:
  • Table – Provides details on unique trustees
| + diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/fs_dlpresults.md b/docs/accessanalyzer/11.6/solutions/filesystem/fs_dlpresults.md index 0134b21ca2..9c85101c97 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/fs_dlpresults.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/fs_dlpresults.md @@ -20,8 +20,11 @@ The FS_DLPResults job is located in the 7.Sensitive Data job group. View the analysis tasks by navigating to the **FileSystem** > **7.Sensitive Data** > **FS_DLPResults** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the FS_DLPResults Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/dlpresultsanalysis.webp) @@ -45,10 +48,11 @@ The following analysis tasks are selected by default: In addition to the tables and views created by the analysis tasks, the FS_DLPResults job produces the following pre-configured reports: -| Report | Description | Default Tags | Report Elements | -| --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------ | ----------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Enterprise Summary (Sensitive Content) | This report identifies the type and amount of sensitive content found on scanned machines. | GDPR SOX HIPAA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of two elements: - Pie Chart – Displays exceptions by file count - Table – Provides details on exceptions by file count | -| File Ownership (Sensitive Data Ownership) | This report identifies the top 3 potential owners of files which have been found to contain sensitive content. | None | This report is comprised of one element: - Table – Provides details on top owners per file | -| Sensitive Data Access | This report shows who is accessing sensitive data. Emphasis is placed on activity within the last 30 days. | GDPR SOX HIPAA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of two elements: - Bar Chart – Displays sensitive data access by top users - last 30 days - Table – Provides details on sensitive data access | -| Sensitive Security Groups | This report identifies groups which are used to provide access to sensitive data. Changes to membership should be closely monitored. | GDPR SOX HIPAA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of two elements: - Bar Chart – Top groups by access to sensitive files - Table – Provides details on group access to sensitive files | -| Share Details (Shares with Sensitive Content) | This report identifies the location of sensitive data, and flags whether or not this data is accessible through open access. | GDPR SOX HIPAA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of three elements: - Bar chart – Displays top shares by sensitive file count - Table – Provides details on files - Table – Provides details on top shares by sensitive file count | +| Report | Description | Default Tags | Report Elements | +| --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------ | ----------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Enterprise Summary (Sensitive Content) | This report identifies the type and amount of sensitive content found on scanned machines. | GDPR SOX HIPAA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of two elements:
  • Pie Chart – Displays exceptions by file count
  • Table – Provides details on exceptions by file count
| +| File Ownership (Sensitive Data Ownership) | This report identifies the top 3 potential owners of files which have been found to contain sensitive content. | None | This report is comprised of one element:
  • Table – Provides details on top owners per file
| +| Sensitive Data Access | This report shows who is accessing sensitive data. Emphasis is placed on activity within the last 30 days. | GDPR SOX HIPAA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of two elements:
  • Bar Chart – Displays sensitive data access by top users
  • last 30 days
  • Table – Provides details on sensitive data access
| +| Sensitive Security Groups | This report identifies groups which are used to provide access to sensitive data. Changes to membership should be closely monitored. | GDPR SOX HIPAA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of two elements:
  • Bar Chart – Top groups by access to sensitive files
  • Table – Provides details on group access to sensitive files
| +| Share Details (Shares with Sensitive Content) | This report identifies the location of sensitive data, and flags whether or not this data is accessible through open access. | GDPR SOX HIPAA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of three elements:
  • Bar chart – Displays top shares by sensitive file count
  • Table – Provides details on files
  • Table – Provides details on top shares by sensitive file count
| + diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/fs_openaccess.md b/docs/accessanalyzer/11.6/solutions/filesystem/fs_openaccess.md index 440a66c1f3..861df9da8b 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/fs_openaccess.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/fs_openaccess.md @@ -19,40 +19,44 @@ The FS_OpenAccess job is located in the 1.Open Access job group. View the analysis tasks by navigating to the **FileSystem** > **1.Open Access** > **FS_OpenAccess** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the FS_OpenAccess Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/openaccessanalysis.webp) The following analysis tasks are selected by default: -- 1. Find Open Access – Creates the SA_FS_OpenAccess_OpenResources table accessible under the +- **1. Find Open Access** – Creates the SA_FS_OpenAccess_OpenResources table accessible under the job’s Results node -- 2. Sum by Host - Summarized Access Sprawl – Creates the SA_FS_OpenAccess_HostsRanked table +- **2. Sum by Host - Summarized Access Sprawl** – Creates the SA_FS_OpenAccess_HostsRanked table accessible under the job’s Results node -- 3. Sum by Share – Creates the SA_FS_OpenAccess_SharesRanked table accessible under the job’s +- **3. Sum by Share** – Creates the SA_FS_OpenAccess_SharesRanked table accessible under the job’s Results node -- 4. Content Type in Share - Categorizes shared content: +- **4. Content Type in Share - Categorizes shared content:** - Creates an interim processing view in the database for use by downstream analysis and report generation - Creates the SA_FS_OpenAccess_ShareContent view accessible under the job’s Results node -- 5. Content by Host – Updates the SA_FS_OpenAccess_HostsRanked table accessible under the job’s +- **5. Content by Host** – Updates the SA_FS_OpenAccess_HostsRanked table accessible under the job’s Results node -- 6. Remediation Tracking - Track Status of Shares Throughout Time – Creates an interim processing +- **6. Remediation Tracking - Track Status of Shares Throughout Time** – Creates an interim processing view in the database for use by downstream analysis and report generation -- 7. Track Remediation by Months - Track Status of Shares Throughout Time – Creates an interim +- **7. Track Remediation by Months - Track Status of Shares Throughout Time** – Creates an interim processing view in the database for use by downstream analysis and report generation -- 8. Assign Risk Ratings to Hosts and Shares – Updates the SA_FS_OpenAccess_HostsRanked and the +- **8. Assign Risk Ratings to Hosts and Shares** – Updates the SA_FS_OpenAccess_HostsRanked and the SA_FS_OpenAccess_SharesRanked tables accessible under the job’s Results node In addition to the tables and views created by the analysis tasks, the FS_OpenAccess job produces the following pre-configured reports: -| Report | Description | Default Tags | Report Elements | -| ------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Folder Details (Open Folder Details) | This report identifies all open folders within the targeted environment. | None | This report is comprised of one element: - Table – Provides details on open folders | -| Hosts with Open Access | This report identifies hosts with the highest number of open folders. | None | This report is comprised of two elements: - Bar Chart – Displays top hosts by open folder count - Table – Provides details on hosts with open folder access | -| Open Shares | This report identifies shares with open resources. The Open Access column shows the highest levels of access given to all users in any one resource inside the share. | GDPR SOX HIPAA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of two elements: - Bar Chart – Displays largest open shares by folder count - Table – Provides details on open shares | -| Remediation Status | This report identifies the historical success of the organization's share management effort. | None | This report is comprised of two elements: - Column Chart – Displays the remediation status - Table – Provides details on remediation status | +| Report | Description | Default Tags | Report Elements | +| ------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Folder Details (Open Folder Details) | This report identifies all open folders within the targeted environment. | None | This report is comprised of one element:
  • Table – Provides details on open folders
| +| Hosts with Open Access | This report identifies hosts with the highest number of open folders. | None | This report is comprised of two elements:
  • Bar Chart – Displays top hosts by open folder count
  • Table – Provides details on hosts with open folder access
| +| Open Shares | This report identifies shares with open resources. The Open Access column shows the highest levels of access given to all users in any one resource inside the share. | GDPR SOX HIPAA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of two elements:
  • Bar Chart – Displays largest open shares by folder count
  • Table – Provides details on open shares
| +| Remediation Status | This report identifies the historical success of the organization's share management effort. | None | This report is comprised of two elements:
  • Column Chart – Displays the remediation status
  • Table – Provides details on remediation status
| + diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/fs_probableowner.md b/docs/accessanalyzer/11.6/solutions/filesystem/fs_probableowner.md index 05b6440c6c..c48253d3b0 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/fs_probableowner.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/fs_probableowner.md @@ -1,10 +1,10 @@ --- -title: "fs_probableowner" -description: "fs_probableowner" +title: "6.Probable Owner > FS_ProbableOwner Job" +description: "6.Probable Owner > FS_ProbableOwner Job" sidebar_position: 80 --- -## 6.Probable Owner > FS_ProbableOwner Job +# 6.Probable Owner > FS_ProbableOwner Job The 6.Probable Owner Job Group is designed to report on probable owners of resources from targeted file servers. @@ -21,8 +21,11 @@ The 6.Probable Owner Job Group is comprised of: View the analysis tasks by navigating to the FileSystem > 6.Probable Owner > FS_ProbableOwner > Configure node and select Analysis. -**CAUTION:** Do not modify or deselect the first and third selected analysis tasks. The analysis +:::warning +Do not modify or deselect the first and third selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/probableowneranalysis.webp) @@ -49,6 +52,7 @@ The following analysis tasks are selected by default: In addition to the tables and views created by the analysis tasks, the FS_ProbableOwner Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ---------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------- | -| Probable Share Owners (A.K.A. Probable Owners) | This report identifies the number of shares owned by individuals, as determined by a weighted average of ownership of content, management, and level of activity. The top 2 owners per ownership criteria per share are displayed. | None | This report is comprised of one element: - Table – Provides details on probable owners | +| Report | Description | Default Tags | Report Elements | +| ---------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------ | +| Probable Share Owners (A.K.A. Probable Owners) | This report identifies the number of shares owned by individuals, as determined by a weighted average of ownership of content, management, and level of activity. The top 2 owners per ownership criteria per share are displayed. | None | This report is comprised of one element:
  • Table – Provides details on probable owners
| + diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/fs_securityassessment.md b/docs/accessanalyzer/11.6/solutions/filesystem/fs_securityassessment.md index db3718e550..592e47e388 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/fs_securityassessment.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/fs_securityassessment.md @@ -38,8 +38,11 @@ the 0.Collection job group and analyzed by the jobs listed above. View the analysis tasks by navigating to the **FileSystem** > **FS_SecurityAssessment** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Task for the FS_SecurityAssessment Job](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/securityassessmentanalysis.webp) @@ -53,6 +56,7 @@ The following analysis tasks are selected by default: In addition to the tables and views created by the analysis task, the FS_SecurityAssessment job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ------------------- | ---------------------------------------------------------------------------------- | ----------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Security Assessment | This report identifies common issues and vulnerabilities across your file systems. | GDPR SOX HIPAA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of four elements: - Table – Provides details of the scan Scope - Pie Chart – Provides details of findings by risk - Table – Provides details of findings by category - Table – Provides a summary of risk assessment details | +| Report | Description | Default Tags | Report Elements | +| ------------------- | ---------------------------------------------------------------------------------- | ----------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Security Assessment | This report identifies common issues and vulnerabilities across your file systems. | GDPR SOX HIPAA PCI-DSS GLBA ITAR FERPA FISMA ISO27001 | This report is comprised of four elements:
  • Table – Provides details of the scan Scope
  • Pie Chart – Provides details of findings by risk
  • Table – Provides details of findings by category
  • Table – Provides a summary of risk assessment details
| + diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/overview.md b/docs/accessanalyzer/11.6/solutions/filesystem/overview.md index 0cb898c839..a293b0dc6e 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/overview.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/overview.md @@ -27,13 +27,13 @@ be enhanced with the Netwrix Activity Monitor to also conduct Activity Auditing Additionally, the Sensitive Data Discovery Add-On enables the solution to search file content for sensitive data, or Sensitive Data Discovery Auditing (SEEK). -Supported Platforms +**Supported Platforms** - See the [File System Supported Platforms](/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/filesystems.md) topic for a full list of supported platforms. -Requirements, Permissions, and Ports +**Requirements, Permissions, and Ports** - Permissions vary based on the Scan Mode Option selected. See the [File System Supported Platforms](/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/filesystems.md) @@ -43,7 +43,7 @@ Requirements, Permissions, and Ports [File System Scan Options](/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/scanoptions.md) topic for additional information. -Sensitive Data Discovery Considerations +**Sensitive Data Discovery Considerations** The Sensitive Data Discovery Add-On must be installed on the Enterprise Auditor Console server, which enables Sensitive Data criteria for scans. If running Sensitive Data Discovery (SDD) scans, it @@ -51,17 +51,23 @@ will be necessary to increase the minimum amount of RAM. Each thread requires a additional GB of RAM per host. For example, if the job is configured to scan 8 hosts at a time , then an extra 16 GB of RAM are required (8x2=16). -**NOTE:** The Sensitive Data Discovery Add-on installation package installs the appropriate JDK +:::note +The Sensitive Data Discovery Add-on installation package installs the appropriate JDK (Java) version on the server. The JDK deployed is prepackaged and does not require any configuration; it has been preconfigured to work with Enterprise Auditor and should never be customized through Java. It will not conflict with other JDKs or Java Runtimes in the same environment. +::: -_Remember,_ if employing either of the File System Proxy Mode as a Service scan mode options, it is + +:::tip +Remember, if employing either of the File System Proxy Mode as a Service scan mode options, it is also necessary for the Sensitive Data Discovery Add-on to be installed on the server where the proxy service is installed. +::: + -Location +**Location** The File System Solution requires a special Enterprise Auditor license. It can be installed from the Instant Job Wizard. Once it has been installed into the Jobs tree, navigate to the solution: @@ -73,12 +79,15 @@ collects the data. The other job groups run analysis on the collected data. The [FileSystemOverview Job](/docs/accessanalyzer/11.6/solutions/filesystem/filesystemoverview.md) generates a statistical overview report of the targeted file systems. -**NOTE:** The +:::note +The [Cleanup Job Group](/docs/accessanalyzer/11.6/solutions/filesystem/cleanup/overview.md) and the [Resource Based Groups Job Group](/docs/accessanalyzer/11.6/solutions/filesystem/resourcebasedgroups/overview.md) require additional licenses to function. See the [Job Groups](#job-groups) topic for additional information. +::: + ## Job Groups diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/recommended.md b/docs/accessanalyzer/11.6/solutions/filesystem/recommended.md index c6a7d9c5c2..43c8352aec 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/recommended.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/recommended.md @@ -11,12 +11,15 @@ node for most jobs. However, it is a best practice to assign the host list and t Profile at the data collection level. Once these are assigned to the job, it can be run manually or scheduled. -_Remember,_ the credential permissions required for the scan and host lists are affected by the scan +:::tip +Remember, the credential permissions required for the scan and host lists are affected by the scan mode selected. See the [File System Scan Options](/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/scanoptions.md) topic for additional information. +::: -Dependencies + +**Dependencies** - The .Active Directory Inventory Job Group needs to be executed prior to running the File System Solution @@ -27,7 +30,7 @@ Dependencies - Sensitive Data Discovery Add-On installed on the proxy server (for Sensitive Data Discovery Auditing via proxy scanning architecture only) -Targeted Hosts +**Targeted Hosts** The host list assignment should be assigned under the **FileSystem** > **0.Collection** > **[job]** > **Host** node. The list should be a custom created list for the file system environments @@ -60,13 +63,16 @@ may need to be updated manually. See the [Host Inventory](/docs/accessanalyzer/11.6/admin/settings/hostinventory.md) topic for additional information. -**NOTE:** The host targeted by the File System scans is only the host entry for the cluster. For +:::note +The host targeted by the File System scans is only the host entry for the cluster. For example, the environment has a Windows File System Cluster named `ExampleCluster1` with three nodes named `ExampleNodeA`, `ExampleNodeB`, and `ExampleNodeC`. There would be four host entries in the Enterprise Auditor Master Host Table: `ExampleCluster1`, `ExampleNodeA`, `ExampleNodeB`, and `ExampleNodeC`. Each of these four entries would have the same value of the cluster name in the **WinCluster** column: `ExampleCluster1`. Only the `ExampleCluster1` host would be in the host list targeted by the File System scans. +::: + In order for the selected scan mode to be applied accurately for the target file system, it is necessary for host inventory to match the values in the table for OSType: @@ -81,7 +87,7 @@ necessary for host inventory to match the values in the table for OSType: | ARX | N/A or Unknown | | UNIX | N/A or Unknown | -Connection Profile +**Connection Profile** The FSAA Data Collector requires permissions based on the platform being targeted for data collection as well as the scan mode selected. See the @@ -99,16 +105,19 @@ the global settings level. However, since this may not be the Connection Profile permissions for the assigned hosts, click the radio button for the **Select one of the following user defined profiles** option and select the appropriate Connection Profile drop-down menu. -_Remember,_ if targeting Nasuni Edge Appliances, the 0-FS_Nasuni Job needs to be assigned a custom +:::tip +Remember, if targeting Nasuni Edge Appliances, the 0-FS_Nasuni Job needs to be assigned a custom Connection Profile containing the **API Access Key** and **Passcode** for each on-premise Nasuni Edge Appliance and cloud filer in the target environment. Nasuni API key names are case sensitive. When providing them, ensure they are entered in the exact same case as generated. +::: + See the [Connection](/docs/accessanalyzer/11.6/admin/settings/connection/overview.md) topic for additional information. -Schedule Frequency +**Schedule Frequency** One of the most important decisions to make is how frequently to collect this data. This is dependent on the size of the target environment. The FileSystem Solution can be scheduled to run @@ -119,7 +128,7 @@ For example, it may be desired in large environments to run Activity Auditing co daily basis, but to only run Access Auditing and Sensitive Data Discovery Auditing collection jobs on a weekly basis followed by the analysis and reporting job groups. -Run Order +**Run Order** Whatever schedule frequency may be configured, it is also recommended to streamline the collection jobs to those desired. The jobs in the 0.Collection Job Group must be run in order for the auditing @@ -131,17 +140,23 @@ after running the 0.Collection Job Group. The FileSystemOverview Job pulls infor 0.Collection Job Group and the other sub-job groups, and the report may contain blank sections if only select sub-job groups are run. -**_RECOMMENDED:_** If only conducting one or two types of auditing, scope the solution by disabling +:::info +If only conducting one or two types of auditing, scope the solution by disabling the undesired collection jobs. Disabling them allows the solution to run more efficiently. It is not recommended to delete any jobs. See the [Disable or Enable a Job](/docs/accessanalyzer/11.6/admin/jobs/job/disableenable.md) topic for additional information. +::: -**NOTE:** If targeting Nasuni Edge Appliances, it is necessary to add the + +:::note +If targeting Nasuni Edge Appliances, it is necessary to add the [0-FS_Nasuni Job](/docs/accessanalyzer/11.6/solutions/filesystem/collection/0-fs_nasuni.md) to the **0.Collection** Job Group. +::: + -Query Configuration +**Query Configuration** This solution can be run with the default query configuration. However, the most common customizations include: @@ -242,7 +257,7 @@ customizations include: - Recommendation to run with default setting of 60 days - Set on the **0.Collection** > **1-FSAC System Scans** Job for Activity Auditing -Analysis Configuration +**Analysis Configuration** This solution should be run with the default analysis configuration. Most of these analysis tasks are preconfigured and should not be modified or deselected. There are a few which are deselected by @@ -269,8 +284,11 @@ Though the analysis tasks should not be deselected, the following parameters can - Customize within **6.Probable Owner** > **FS_ProbableOwner** Job analysis task - **NOTE:** Changes to an exception’s definition will impact all jobs dependent upon that + :::note + Changes to an exception’s definition will impact all jobs dependent upon that exception as well as all AIC Active Directory Exceptions reports. + ::: + There are also a few Notification analysis tasks which can be configured and then enabled in the following jobs: @@ -281,7 +299,7 @@ following jobs: Please see the appropriate topics for details on these tasks. -Additional Consideration +**Additional Consideration** The Ad Hoc Audits Job Group is designed to work independent from the rest of the solution, but it is dependent upon the 0.Collection Job Group. The jobs are scoped to specific shares and trustees @@ -291,6 +309,8 @@ The jobs contained in the group use custom SQL scripts to render views on collec are used to populate report element tables and graphs. Changing or modifying the group, job, or table names result in no data displayed within the reports or the AIC. -_Remember,_ it is recommended to scope the 0.Collection Job Group to only include the collection +:::tip +Remember, it is recommended to scope the 0.Collection Job Group to only include the collection components desired by disabling the undesired collection jobs. Disabling them allows the solution to run more efficiently. It is not recommended to delete any jobs. +::: diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/resourcebasedgroups/fs_resourcebasedgroupaicimport.md b/docs/accessanalyzer/11.6/solutions/filesystem/resourcebasedgroups/fs_resourcebasedgroupaicimport.md index 14d83ec4de..d338666a41 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/resourcebasedgroups/fs_resourcebasedgroupaicimport.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/resourcebasedgroups/fs_resourcebasedgroupaicimport.md @@ -14,7 +14,7 @@ IAM. ## Recommended Configurations for the FS_ResourceBasedGroupsAICImport Job -Dependencies +**Dependencies** - The **FS_ResourceBasedGroups** job must be successfully run prior to running this job - The **.Active Directory Inventory** > **1-AD_Scan** job must be successfully run prior to running @@ -24,11 +24,11 @@ Dependencies - The **File System** > **0.Collection** > **2-FSAA Bulk Import** job must be successfully run prior to running this job -Targeted Hosts +**Targeted Hosts** None -Schedule Frequency +**Schedule Frequency** This job group can be scheduled to run as desired. Throughout this document reference to executing a job refers to either manual execution or scheduled execution, according to the needs of the @@ -36,11 +36,11 @@ organization. See the [Scheduling the Resource Based Groups Job Group](/docs/accessanalyzer/11.6/solutions/filesystem/resourcebasedgroups/overview.md#scheduling-the-resource-based-groups-job-group) topic for additional information. -History Retention +**History Retention** Not supported -Workflow +**Workflow** **Step 1 –** Run the following jobs: @@ -66,9 +66,12 @@ Now that the target environment follows a Resource Based Groups model, the new r imported into the Access Information Center. Follow the steps to import the new resources into the AIC Ownership Workflow. -**CAUTION:** It is important to run the .Active Directory Inventory Job Group and **File System** > +:::warning +It is important to run the .Active Directory Inventory Job Group and **File System** > **0. Collection** Job Group again so that the AD and permissions changes are captured by Enterprise Auditor. +::: + **Step 1 –** Run the **.Active Directory Inventory** Job Group and **FileSystem** > **0.Collection** Job Group again. diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/resourcebasedgroups/fs_resourcebasedgroups.md b/docs/accessanalyzer/11.6/solutions/filesystem/resourcebasedgroups/fs_resourcebasedgroups.md index 792046d955..4108761265 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/resourcebasedgroups/fs_resourcebasedgroups.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/resourcebasedgroups/fs_resourcebasedgroups.md @@ -18,17 +18,23 @@ group implementation. **Step 3 –** (Optional) Configure a Host List for the job at the job level. -**NOTE:** If a host list is not configured, this job will analyze and commit actions on every File +:::note +If a host list is not configured, this job will analyze and commit actions on every File System server known to Enterprise Auditor. To scope the actions to target specific servers, configure a host list at the job level to target only those servers. +::: + **Step 4 –** Model the intended changes: - Configure the Analyze Group Permissions analysis task - Verify that all actions are disabled - **CAUTION:** Do not make configuration changes to the analysis tasks after reviewing and + :::warning + Do not make configuration changes to the analysis tasks after reviewing and approving the Change Modeling report + ::: + - Execute the analysis tasks to generate the Change Modeling report and review the proposed changes - See the [Model Intended Changes](#model-intended-changes) topic for additional information @@ -57,7 +63,7 @@ configure a host list at the job level to target only those servers. - See the [Analyze and Report on Action History](#analyze-and-report-on-action-history) topic for additional information -Additional Options +**Additional Options** **Step 8 –** (Optional) Create and apply permissions for traverse groups based on previous resource based groups. See the @@ -108,9 +114,10 @@ topic for additional information. Execute the analysis tasks to generate the Change Modeling report and review the proposed changed prior to executing the actions to apply the changes. -| Report | Description | Default Tags | Report Elements | -| --------------- | ---------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Change Modeling | This report shows proposed changes of access for the targeted folders. | None | This report is comprised of three elements: - Pie Chart – Displays a proposed access changes summary - Table – Provides details on proposed access changes by share - Table – Provides details on access modification | +| Report | Description | Default Tags | Report Elements | +| --------------- | ---------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Change Modeling | This report shows proposed changes of access for the targeted folders. | None | This report is comprised of three elements:
  • Pie Chart – Displays a proposed access changes summary
  • Table – Provides details on proposed access changes by share
  • Table – Provides details on access modification
| + The Change Modeling report should be used to gain acceptance on the following areas before implementing the changes: @@ -130,8 +137,11 @@ Follow the steps to model the proposed changes. **Step 1 –** Make sure all of the analysis tasks are enabled. -**CAUTION:** Prior to executing the analysis tasks, make sure that all action tasks are disabled. +:::warning +Prior to executing the analysis tasks, make sure that all action tasks are disabled. The purpose at this point is only to model the intended changes. +::: + **Step 2 –** In the Configure node, select **Actions** and make sure that all of the action tasks are disabled. @@ -149,8 +159,11 @@ before continuing with implementing them. ## Configure & Execute Active Directory Action Tasks -**CAUTION:** Do not modify the analysis tasks after the Change Modeling report has been reviewed and +:::warning +Do not modify the analysis tasks after the Change Modeling report has been reviewed and approved. The approved modeled changes are implemented through the execution of the action tasks. +::: + The Active Directory action tasks create and populate resource based groups. The Create Groups and Update Members action tasks must be updated to specify a Target OU for group creation prior to @@ -236,10 +249,16 @@ only at the job level. Follow the steps to execute the AD actions. -**CAUTION:** Do not modify the analysis tasks after the Change Modeling report has been reviewed and +:::warning +Do not modify the analysis tasks after the Change Modeling report has been reviewed and approved. The approved modeled changes are implemented through the execution of the action tasks. +::: + + +:::info +Disable the analysis tasks. It is not necessary to collect the data again. +::: -**_RECOMMENDED:_** Disable the analysis tasks. It is not necessary to collect the data again. **Step 1 –** On the Action Selection page, enable the **Create Groups** and **Update Members** actions. @@ -252,8 +271,11 @@ The resource based groups are created and populated. ## Execute File System Action Tasks -**CAUTION:** Prior to executing the File System action tasks, allow a grace period, for example one +:::warning +Prior to executing the File System action tasks, allow a grace period, for example one week. This is important for token refresh to occur as users log off and log on again. +::: + The File System actions modify folder permissions and break inheritance. The Modify Permissions and Break Inheritance actions modules do not require any configuration. @@ -278,8 +300,11 @@ job’s Results node. The FS_ResourceBasedGroups Job will run analysis tasks aga Follow the steps to execute the FS actions. -**CAUTION:** Do not modify the analysis tasks after the Change Modeling report has been reviewed and +:::warning +Do not modify the analysis tasks after the Change Modeling report has been reviewed and approved. The approved modeled changes are implemented through the execution of the action tasks. +::: + **Step 1 –** On the Action Selection page, disable the **Create Groups** and **Update Members** actions. @@ -298,13 +323,17 @@ the configured permissions. All other permissions will have been removed from th The Action History report generated by the job shows all actions taken on each share for audit trail purposes. -| Report | Description | Default Tags | Report Elements | -| -------------- | --------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------- | -| Action History | This report shows all actions taken on each share for audit trail purposes. | None | This report is comprised of one element: - Table – This table provides details on the actions taken on each share | +| Report | Description | Default Tags | Report Elements | +| -------------- | --------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------- | +| Action History | This report shows all actions taken on each share for audit trail purposes. | None | This report is comprised of one element:
  • Table – This table provides details on the actions taken on each share
| + Follow the steps to analyze and report on action history. -**CAUTION:** Disable all of the action tasks prior to generating the Action History report. +:::warning +Disable all of the action tasks prior to generating the Action History report. +::: + **Step 1 –** On the Action Selection page, disable the **Modify Permissions** and **Break Inheritance** actions. Make sure all of the action tasks are disabled. diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/resourcebasedgroups/fs_traversegroups.md b/docs/accessanalyzer/11.6/solutions/filesystem/resourcebasedgroups/fs_traversegroups.md index a156522228..074bbba47f 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/resourcebasedgroups/fs_traversegroups.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/resourcebasedgroups/fs_traversegroups.md @@ -17,16 +17,16 @@ topic for additional information. ## Recommended Configurations for the FS_TraverseGroups Job -Dependencies +**Dependencies** - The **FS_ResourceBasedGroups** job must be successfully run prior to running this job -Targeted Hosts +**Targeted Hosts** - None – If targeting all file servers known to Enterprise Auditor - Scope the actions to a host list – If targeting specific file servers -Schedule Frequency +**Schedule Frequency** This job can be scheduled to run as desired. Throughout this document reference to executing a job refers to either manual execution or scheduled execution, according to the needs of the @@ -34,19 +34,22 @@ organization. See the [Scheduling the Resource Based Groups Job Group](/docs/accessanalyzer/11.6/solutions/filesystem/resourcebasedgroups/overview.md#scheduling-the-resource-based-groups-job-group) topic for additional information. -History Retention +**History Retention** Not supported -Workflow +**Workflow** **Step 1 –** Run the **FS_ResourceBasedGroups** job. **Step 2 –** Configure a Host List for the job at the job level. -**NOTE:** If a host list is not configured, this job will analyze and commit actions on every File +:::note +If a host list is not configured, this job will analyze and commit actions on every File System server known to Enterprise Auditor. To scope the actions to target specific servers, configure a host list at the job level to target only those servers. +::: + **Step 3 –** Configure and execute analysis tasks. @@ -116,8 +119,11 @@ tasks are selected by default. Follow the steps to execute the analysis tasks. **Step 1 –** Make sure all of the analysis tasks are enabled. -**CAUTION:** Prior to executing the analysis tasks, make sure that all action tasks are disabled. +:::warning +Prior to executing the analysis tasks, make sure that all action tasks are disabled. The purpose at this point is only to create the required traversal tables. +::: + **Step 2 –** In the Configure node, select **Actions** and make sure that all of the action tasks are disabled. @@ -139,8 +145,11 @@ Groups job was installed from the Instant Jobs library. Then go to the **FS_Trav **Configure** node and select **Actions**. The Create Groups action task must be configured to specify the OU for group creation. -**_RECOMMENDED:_** It is recommended to execute the actions one at a time and in order as opposed to +:::info +It is recommended to execute the actions one at a time and in order as opposed to running the entire job group with the actions enabled. +::: + ![FS_TraverseGroups action tasks](/img/product_docs/accessanalyzer/11.6/solutions/filesystem/resourcebasedgroups/traverseactions.webp) @@ -197,8 +206,11 @@ The resource based groups are created and populated. Once the Create Groups action has been executed, the Modify Permissions action can be executed. Follow the steps to execute the action. -**CAUTION:** Prior to executing the File System action tasks, allow a grace period, for example one +:::warning +Prior to executing the File System action tasks, allow a grace period, for example one week. This is important for token refresh to occur as users log off and log on again. +::: + **Step 1 –** On the Action Selection page, disable the **Create Groups** action task. @@ -216,14 +228,18 @@ with the configured permissions. All other permissions will have been removed fr The Generate the List Traverse Group Changes report displays a list of changes made in the environment by the action modules. -| Report | Description | Default Tags | Report Elements | -| --------------------------- | ---------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------- | -| List Traverse Group Changes | This report shows a list of changes made in the environment by the action modules. | None | This report is comprised of one elements: - Table – This table provides details on the changes made to the environment by the action modules | +| Report | Description | Default Tags | Report Elements | +| --------------------------- | ---------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| List Traverse Group Changes | This report shows a list of changes made in the environment by the action modules. | None | This report is comprised of one elements:
  • Table – This table provides details on the changes made to the environment by the action modules
| +  Follow the steps to analyze and report on action history. -**CAUTION:** Disable all of the action tasks prior to generating the List Traverse Group Changes +:::warning +Disable all of the action tasks prior to generating the List Traverse Group Changes report. +::: + **Step 1 –** On the Action Selection page, disable the **Modify Permissions** action task. Make sure all of the action tasks are disabled. diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/resourcebasedgroups/overview.md b/docs/accessanalyzer/11.6/solutions/filesystem/resourcebasedgroups/overview.md index 62fc839a4d..afded4503d 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/resourcebasedgroups/overview.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/resourcebasedgroups/overview.md @@ -65,17 +65,17 @@ The following jobs comprise the Resource Based Groups Job Group: ## Recommended Configurations for the Resource Based Groups Job Group -Dependencies +**Dependencies** - The **.Active Directory Inventory** Job Group must be successfully run prior to running this job - The **FileSystem** > **0.Collection** Job Group must be successfully run prior to running this job -Targeted Hosts +**Targeted Hosts** - None – If targeting all file servers known to Enterprise Auditor - Scope the actions to a host list – If targeting specific file servers -Schedule Frequency +**Schedule Frequency** This job group can be scheduled to run as desired. Throughout this document reference to executing a job refers to either manual execution or scheduled execution, according to the needs of the @@ -83,7 +83,7 @@ organization. See the [Scheduling the Resource Based Groups Job Group](#scheduling-the-resource-based-groups-job-group) topic for additional information. -History Retention +**History Retention** Not supported diff --git a/docs/accessanalyzer/11.6/solutions/nisinventory/nis_scan.md b/docs/accessanalyzer/11.6/solutions/nisinventory/nis_scan.md index 019e02e67d..84623f557b 100644 --- a/docs/accessanalyzer/11.6/solutions/nisinventory/nis_scan.md +++ b/docs/accessanalyzer/11.6/solutions/nisinventory/nis_scan.md @@ -14,8 +14,11 @@ solutions. The NIS Scan Job uses the NIS Data Collector for the following query: -**CAUTION:** This query must be modified. See the +:::warning +This query must be modified. See the [Configure the NIS Scan Query](#configure-the-nis-scan-query) topic for additional information. +::: + ![Query for the NIS Scan Job](/img/product_docs/accessanalyzer/11.6/solutions/nisinventory/nisscanquery.webp) @@ -36,8 +39,11 @@ opens. **Step 3 –** Select the **Data Source** tab, and click **Configure**. The NIS Data Collector Wizard opens. -**CAUTION:** Do not make changes to other wizard pages as they have been pre-configured for the +:::warning +Do not make changes to other wizard pages as they have been pre-configured for the purpose of this job. +::: + ![NIS Settings page](/img\product_docs\accessanalyzer\11.6\admin\datacollector\nis\settings.webp) @@ -64,8 +70,11 @@ The NIS Scan Job is now ready to run. View the analysis tasks by navigating to the **.NIS Inventory** > **NIS Scan** > **Configure** node and select **Analysis**. -**CAUTION:** Most of these analysis tasks are preconfigured and should not be modified or +:::warning +Most of these analysis tasks are preconfigured and should not be modified or deselected. There is one that is deselected by default, as it is for troubleshooting purposes. +::: + ![Analysis Tasks for the NIS Scan Job](/img/product_docs/accessanalyzer/11.6/solutions/nisinventory/nisscananalysis.webp) @@ -78,9 +87,12 @@ The following analysis tasks are selected by default: The following analysis task only needs to be selected when there is a need to remove the tables from the database: -**CAUTION:** This analysis task is for troubleshooting and cleanup only. Data will be deleted from +:::warning +This analysis task is for troubleshooting and cleanup only. Data will be deleted from the database. Do not execute this task with the other analysis tasks, as that results in the deletion of data that was just collected. +::: + - Drop NIS Tables – Removes all tables and views created by this job from SQL Server database @@ -102,7 +114,10 @@ task. **Step 4 –** After the analysis task has completed execution, the tables have been cleared from the SQL database. -**CAUTION:** Do not forget to clear the Drop NIS Tables analysis task and reselect all of the other +:::warning +Do not forget to clear the Drop NIS Tables analysis task and reselect all of the other analysis tasks. +::: + The next time the job is run, the standard reference tables are recreated in the database. diff --git a/docs/accessanalyzer/11.6/solutions/nisinventory/overview.md b/docs/accessanalyzer/11.6/solutions/nisinventory/overview.md index 46fd6bdbe0..5af178f5fd 100644 --- a/docs/accessanalyzer/11.6/solutions/nisinventory/overview.md +++ b/docs/accessanalyzer/11.6/solutions/nisinventory/overview.md @@ -12,20 +12,20 @@ designed to provide essential user and group membership information from a NIS d principals to Windows-style SIDs. This provides valuable information to the File Systems Solution when auditing NFS shares. This information can also be used in the Unix Solution Set. -Supported Platforms +**Supported Platforms** - NIS domains -Permissions +**Permissions** - No special permissions are needed aside from access to a NIS server -Ports +**Ports** - TCP 111 or UDP 111 - Randomly allocated high TCP ports -Location +**Location** The .NIS Inventory Solution is a core component of all Enterprise Auditor installations. It can be installed from the Enterprise Auditor Instant Job Wizard.. diff --git a/docs/accessanalyzer/11.6/solutions/nisinventory/recommended.md b/docs/accessanalyzer/11.6/solutions/nisinventory/recommended.md index 4d7a792be6..11407fa417 100644 --- a/docs/accessanalyzer/11.6/solutions/nisinventory/recommended.md +++ b/docs/accessanalyzer/11.6/solutions/nisinventory/recommended.md @@ -9,11 +9,11 @@ sidebar_position: 10 The .NIS Inventory Solution requires some configuration for the target environment. It can be run directly or scheduled. -Dependencies +**Dependencies** This job group does not have dependencies. -Targeted Hosts +**Targeted Hosts** The host list assignment should be assigned under the **.NIS Inventory** > **NIS Scan** > **Hosts** node. Select the custom host list containing the NIS servers or manually add the host in the @@ -21,7 +21,7 @@ node. Select the custom host list containing the NIS servers or manually add the [Unix Connection Profile & Host List](/docs/accessanalyzer/11.6/admin/datacollector/nis/configurejob.md) topic for additional information. -Connection Profile +**Connection Profile** The Connection Profile should be assigned in the **.NIS Inventory** > **NIS Scan** > **Job Properties** window on the **Connection** tab. It is set to **Use the Default Profile**, as @@ -31,17 +31,17 @@ defined profiles** option and select the appropriate Connection Profile. See the [Unix Connection Profile & Host List](/docs/accessanalyzer/11.6/admin/datacollector/nis/configurejob.md) topic for additional information. -Schedule Frequency +**Schedule Frequency** It is recommended to schedule the .NIS Inventory job group to run once a day. If there are frequent changes within the target environment, then it can be executed more often. It is best to rerun it anytime changes might have occurred. -Run at the Solution Level +**Run at the Solution Level** The job in the .NIS Inventory job group can be run at either the job or job group level. -Query Configuration +**Query Configuration** The solution requires the NIS domain to be configured in the **Inventory Scan** query. Navigate to the **NIS Settings** page of the NIS Data Collector Wizard. Optionally, modifications can be made @@ -49,20 +49,20 @@ for SID mappings within the **NIS Scan** job. See the [NIS Scan Job](/docs/accessanalyzer/11.6/solutions/nisinventory/nis_scan.md) topic for additional information. -Analysis Configuration +**Analysis Configuration** The solution is best run with the default analysis configuration. However, the **Drop NIS Tables** analysis task is deselected by default, as it is for troubleshooting purposes only. -History Retention +**History Retention** History retention is not supported and should be turned off. -Multi-console Support +**Multi-console Support** Multi-console is not supported. -Workflow +**Workflow** **Step 1 –** Configure and assign the host list and Connection Profile. diff --git a/docs/accessanalyzer/11.6/solutions/overview.md b/docs/accessanalyzer/11.6/solutions/overview.md index def20cd43e..41a5e74183 100644 --- a/docs/accessanalyzer/11.6/solutions/overview.md +++ b/docs/accessanalyzer/11.6/solutions/overview.md @@ -13,21 +13,22 @@ the Enterprise Auditor Instant Job Library, according to the license owned by th These solutions are broken down by the top-level job group that comprises the solution. -| Solutions | Description | -| ------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| .Active Directory Inventory | The .Active Directory Inventory Solution is designed to provide essential user, group membership, and computer details from the targeted domains to many Enterprise Auditor built-in solutions. Key information includes user status, user attributes, and group membership. The collected data is accessed by other Enterprise Auditor solutions and the Netwrix Access Information Center for analysis. \*Core Solution | -| .Entra ID Inventory | The .Entra ID Inventory Solution is designed to inventory, analyze, and report on Microsoft Entra ID. It provides essential user and group membership details to the Entra ID Solution. Key information includes managers, email addresses, and direct memberships. Collected data helps an organization identify toxic conditions like nested groups, circular nesting, disabled users, and duplicate groups. The user and group information assists with understanding probable group ownership, group memberships, largest groups, user status, attribute completion, and synchronization status between on-premises Active Directory and Microsoft Entra ID. \*Core Solution | -| .NIS Inventory | The .NIS Inventory Solution is designed to provide essential user and group membership information from a NIS domain, mapping these principals to Windows-style SIDs. This provides valuable information to the File Systems Solution when auditing NFS shares. \*Core Solution | -| Active Directory | The Active Directory Solution is designed to provide the information every administrator needs regarding Active Directory configuration, operational management, troubleshooting, analyzing effective permissions, and tracking who is making what changes within your organization. \*Requires Active Directory Licensed Feature | -| Active Directory Permissions Analyzer | The Active Directory Permissions Analyzer Solution is designed to easily and automatically determine effective permissions applied to any and all Active Directory objects, at any scope, allowing for the most authoritative view available of who has access to what in Active Directory. \*Requires Active Directory Permissions Analyzer Licensed Feature | -| AnyID Connectors | The AnyID Connectors Solution allows you to quickly find where data for identities are stored, reducing the response time to Data Subject Access Requests (DSARs). Integration with third party repositories allows you to perform exact data matching for profiles such as employees, customers, students, or patients across any data repository. | -| Amazon Web Services | Enterprise Auditor for AWS allows organizations to secure their data residing in Amazon Web Services (AWS) S3 platform, reducing their risk exposure through proactive, automated auditing and reporting of S3 permissions, sensitive data, and ultimately a consolidated view of user access rights across dozens of structured and unstructured data resources both on-premises and in the cloud. | -| Box | The Box solution set contains jobs to provide visibility into Box access rights, policies, configurations, activities, and more, ensuring you never lose sight or control of your critical assets residing in Box. \*Requires Box Collection Licensed Feature | -| Databases | Enterprise Auditor Databases Solution Set is a comprehensive set of pre-configured audit jobs and reports that provide visibility into various aspects of supported databases. - Azure SQL – The Azure SQL Solution Set is a comprehensive set of pre-configured audit jobs and reports that provide visibility into various aspects of Azure SQL : Users and Roles, Sensitive Data Discovery, Object Permissions, Configuration, and User Activity. - Db2 – The Db2 Solution Set is a comprehensive set of pre-configured audit jobs and reports that provides visibility into various aspects of a Db2 Databases: Sensitive Data Discovery and Object Permissions. - Instance Discovery – The Instance Discovery Solution discovers instances on supported database servers. - MongoDB Solution – The MongoDB Solution automates the process of understanding where MongDB databases exist and provides an overview of the MongoDB environment in order to answer questions around data access. With visibility into every corner of MongoDB and the operating system it relies upon, organizations can proactively highlight and prioritize risks to sensitive data. Additionally, organizations can automate manual, time-consuming, and expensive processes associated with compliance, security, and operations to easily adhere to best practices that keep MongoDB Server safe and operational. - MySQL Solution – The MySQL Solution automates the process of understanding where SQL databases exist and provides an overview of the MySQL environment in order to answer questions around data access. With visibility into every corner of Microsoft SQL Server and the Windows operating system it relies upon, organizations can proactively highlight and prioritize risks to sensitive data. Additionally, organizations can automate manual, time-consuming, and expensive processes associated with compliance, security, and operations to easily adhere to best practices that keep SQL Server safe and operational. - Oracle Solution – The Oracle Solution delivers comprehensive permissions, activity, and sensitive data auditing and reporting for Oracle databases. Through the power of Enterprise Auditor, users can automate Oracle instance discovery, understand who has access to their Oracle databases, the level of permission they have, and who is leveraging their access privileges, identify the location of sensitive information, measure adherence to best practices, and generate workflows and reports to satisfy security, compliance, and operational requirements. - PostgreSQL Solution – Enterprise Auditor PostgreSQL Solution Set is a set of pre-configured audit jobs and reports that provides visibility into PostgreSQL Sensitive Data. - Redshift – Enterprise Auditor Redshift Solution Set is a set of pre-configured audit jobs and reports that provides visibility into Redshift Sensitive Data. - SQL Solution – The SQL Solution is an auditing, compliance, and governance solution for Microsoft SQL Server database. Key capabilities include effective access calculation, sensitive data discovery, security configuration assessment, and database activity monitoring. \*Requires SQL Licensed Feature | -| Dropbox | The Dropbox Solution is an auditing, compliance, and governance solution for Dropbox for Business. Key capabilities include effective access calculation, sensitive data discovery, file content inspection, inactive access and stale data identification, and entitlement collection for integration with Identity & Access Management (IAM) processes. \*Requires Dropbox Collection Licensed Feature | -| Entra ID | The Entra ID Solution is a comprehensive set of audit jobs and reports that provide the information regarding Microsoft Entra ID configuration, operational management, and troubleshooting. The jobs within this group help pinpoint potential areas of administrative and security concerns related to Microsoft Entra ID users and groups, including syncing with on-premises Active Directory. \*Requires Entra ID Licensed Feature | -| Exchange | The Exchange Solution provides auditing and reporting on multiple aspects of the Exchange environment to assist with identifying risk, understanding usage, and decreasing bloat. Areas of focus include Audit and Compliance, Maintenance and Cleanup, Metrics and Capacity, Operations and Health, Public Folders and Configuration Baseline. \*Requires Exchange Licensed Feature | -| FileSystem | The File Systems Solution is an auditing, compliance, and governance solution for Windows, NAS, Unix, and Linux file systems. Key capabilities include effective access calculation, data owner identification, governance workflows including entitlement reviews and self-service access requests, sensitive data discovery and classification, open access remediation, least-privilege access transformation, and file activity monitoring. \*Requires File System Reports Licensed Feature | -| SharePoint | The SharePoint Solution is a comprehensive set of audit jobs and reports which provide the information every administrator needs regarding SharePoint on-premises and SharePoint Online infrastructure, configuration, performance, permissions, required ports, and effective rights. \*Requires SharePoint Reports Licensed Feature | -| Unix | The Unix Solution reports on areas of administrative concern for Unix and Linux systems. Attention is given to users and group details, privileged access rights, and NFS and Samba sharing configurations. \*Requires Unix Licensed Feature | -| Windows | The Windows Solution allows organizations to quickly inventory, assess, and secure their Windows desktop and server infrastructure from a central location. Key capabilities include privileged account discovery, security configuration and vulnerability assessment, compliance reporting, and asset inventory. | +| Solutions | Description | +| ------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| .Active Directory Inventory | The .Active Directory Inventory Solution is designed to provide essential user, group membership, and computer details from the targeted domains to many Enterprise Auditor built-in solutions. Key information includes user status, user attributes, and group membership. The collected data is accessed by other Enterprise Auditor solutions and the Netwrix Access Information Center for analysis.
**Core Solution** | +| .Entra ID Inventory | The .Entra ID Inventory Solution is designed to inventory, analyze, and report on Microsoft Entra ID. It provides essential user and group membership details to the Entra ID Solution. Key information includes managers, email addresses, and direct memberships. Collected data helps an organization identify toxic conditions like nested groups, circular nesting, disabled users, and duplicate groups. The user and group information assists with understanding probable group ownership, group memberships, largest groups, user status, attribute completion, and synchronization status between on-premises Active Directory and Microsoft Entra ID.
**Core Solution** | +| .NIS Inventory | The .NIS Inventory Solution is designed to provide essential user and group membership information from a NIS domain, mapping these principals to Windows-style SIDs. This provides valuable information to the File Systems Solution when auditing NFS shares.
**Core Solution** | +| Active Directory | The Active Directory Solution is designed to provide the information every administrator needs regarding Active Directory configuration, operational management, troubleshooting, analyzing effective permissions, and tracking who is making what changes within your organization.
**Requires Active Directory Licensed Feature** | +| Active Directory Permissions Analyzer | The Active Directory Permissions Analyzer Solution is designed to easily and automatically determine effective permissions applied to any and all Active Directory objects, at any scope, allowing for the most authoritative view available of who has access to what in Active Directory.
**Requires Active Directory Permissions Analyzer Licensed Feature** | +| AnyID Connectors | The AnyID Connectors Solution allows you to quickly find where data for identities are stored, reducing the response time to Data Subject Access Requests (DSARs). Integration with third party repositories allows you to perform exact data matching for profiles such as employees, customers, students, or patients across any data repository. | +| Amazon Web Services | Enterprise Auditor for AWS allows organizations to secure their data residing in Amazon Web Services (AWS) S3 platform, reducing their risk exposure through proactive, automated auditing and reporting of S3 permissions, sensitive data, and ultimately a consolidated view of user access rights across dozens of structured and unstructured data resources both on-premises and in the cloud. | +| Box | The Box solution set contains jobs to provide visibility into Box access rights, policies, configurations, activities, and more, ensuring you never lose sight or control of your critical assets residing in Box.
**Requires Box Collection Licensed Feature** | +| Databases | Enterprise Auditor Databases Solution Set is a comprehensive set of pre-configured audit jobs and reports that provide visibility into various aspects of supported databases.
  • Azure SQL – The Azure SQL Solution Set is a comprehensive set of pre-configured audit jobs and reports that provide visibility into various aspects of Azure SQL : Users and Roles, Sensitive Data Discovery, Object Permissions, Configuration, and User Activity.
  • Db2 – The Db2 Solution Set is a comprehensive set of pre-configured audit jobs and reports that provides visibility into various aspects of a Db2 Databases: Sensitive Data Discovery and Object Permissions.
  • Instance Discovery – The Instance Discovery Solution discovers instances on supported database servers.
  • MongoDB Solution – The MongoDB Solution automates the process of understanding where MongDB databases exist and provides an overview of the MongoDB environment in order to answer questions around data access. With visibility into every corner of MongoDB and the operating system it relies upon, organizations can proactively highlight and prioritize risks to sensitive data. Additionally, organizations can automate manual, time-consuming, and expensive processes associated with compliance, security, and operations to easily adhere to best practices that keep MongoDB Server safe and operational.
  • MySQL Solution – The MySQL Solution automates the process of understanding where SQL databases exist and provides an overview of the MySQL environment in order to answer questions around data access. With visibility into every corner of Microsoft SQL Server and the Windows operating system it relies upon, organizations can proactively highlight and prioritize risks to sensitive data. Additionally, organizations can automate manual, time-consuming, and expensive processes associated with compliance, security, and operations to easily adhere to best practices that keep SQL Server safe and operational.
  • Oracle Solution – The Oracle Solution delivers comprehensive permissions, activity, and sensitive data auditing and reporting for Oracle databases. Through the power of Enterprise Auditor, users can automate Oracle instance discovery, understand who has access to their Oracle databases, the level of permission they have, and who is leveraging their access privileges, identify the location of sensitive information, measure adherence to best practices, and generate workflows and reports to satisfy security, compliance, and operational requirements.
  • PostgreSQL Solution – Enterprise Auditor PostgreSQL Solution Set is a set of pre-configured audit jobs and reports that provides visibility into PostgreSQL Sensitive Data.
  • Redshift – Enterprise Auditor Redshift Solution Set is a set of pre-configured audit jobs and reports that provides visibility into Redshift Sensitive Data.
  • SQL Solution – The SQL Solution is an auditing, compliance, and governance solution for Microsoft SQL Server database. Key capabilities include effective access calculation, sensitive data discovery, security configuration assessment, and database activity monitoring.

**Requires SQL Licensed Feature** | +| Dropbox | The Dropbox Solution is an auditing, compliance, and governance solution for Dropbox for Business. Key capabilities include effective access calculation, sensitive data discovery, file content inspection, inactive access and stale data identification, and entitlement collection for integration with Identity & Access Management (IAM) processes. \*Requires Dropbox Collection Licensed Feature | +| Entra ID | The Entra ID Solution is a comprehensive set of audit jobs and reports that provide the information regarding Microsoft Entra ID configuration, operational management, and troubleshooting. The jobs within this group help pinpoint potential areas of administrative and security concerns related to Microsoft Entra ID users and groups, including syncing with on-premises Active Directory.
**Requires Entra ID Licensed Feature** | +| Exchange | The Exchange Solution provides auditing and reporting on multiple aspects of the Exchange environment to assist with identifying risk, understanding usage, and decreasing bloat. Areas of focus include Audit and Compliance, Maintenance and Cleanup, Metrics and Capacity, Operations and Health, Public Folders and Configuration Baseline.
**Requires Exchange Licensed Feature** | +| FileSystem | The File Systems Solution is an auditing, compliance, and governance solution for Windows, NAS, Unix, and Linux file systems. Key capabilities include effective access calculation, data owner identification, governance workflows including entitlement reviews and self-service access requests, sensitive data discovery and classification, open access remediation, least-privilege access transformation, and file activity monitoring.
**Requires File System Reports Licensed Feature** | +| SharePoint | The SharePoint Solution is a comprehensive set of audit jobs and reports which provide the information every administrator needs regarding SharePoint on-premises and SharePoint Online infrastructure, configuration, performance, permissions, required ports, and effective rights.
**Requires SharePoint Reports Licensed Feature** | +| Unix | The Unix Solution reports on areas of administrative concern for Unix and Linux systems. Attention is given to users and group details, privileged access rights, and NFS and Samba sharing configurations.
**Requires Unix Licensed Feature** | +| Windows | The Windows Solution allows organizations to quickly inventory, assess, and secure their Windows desktop and server infrastructure from a central location. Key capabilities include privileged account discovery, security configuration and vulnerability assessment, compliance reporting, and asset inventory. | + diff --git a/docs/accessanalyzer/11.6/solutions/sharepoint/activity/forensics/sp_deletions.md b/docs/accessanalyzer/11.6/solutions/sharepoint/activity/forensics/sp_deletions.md index b0406a8221..cbc410acea 100644 --- a/docs/accessanalyzer/11.6/solutions/sharepoint/activity/forensics/sp_deletions.md +++ b/docs/accessanalyzer/11.6/solutions/sharepoint/activity/forensics/sp_deletions.md @@ -13,8 +13,11 @@ This job identifies SharePoint deletion events which have occurred over the past Navigate to the **Jobs** > **SharePoint** > **7.Activity** > **Forensics** > **SP_Deletions** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the SP_Deletions Job](/img/product_docs/accessanalyzer/11.6/solutions/sharepoint/activity/forensics/deletionsanalysis.webp) @@ -26,6 +29,7 @@ The default analysis task is: In addition to the tables and views created by the analysis tasks, the SQL_Deletions Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ---------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Deletion Details | This report identifies deletion events for the past 30 days. The detailed report shows all resources that were successfully deleted as well as which users performed those events. | None | This report is comprised of two elements: - Bar Chart – Displays total number of deletions in the past 30 days - Table – Provides details on deletions in the past 30 days | +| Report | Description | Default Tags | Report Elements | +| ---------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Deletion Details | This report identifies deletion events for the past 30 days. The detailed report shows all resources that were successfully deleted as well as which users performed those events. | None | This report is comprised of two elements:
  • Bar Chart – Displays total number of deletions in the past 30 days
  • Table – Provides details on deletions in the past 30 days
| + diff --git a/docs/accessanalyzer/11.6/solutions/sharepoint/activity/forensics/sp_permissionchanges.md b/docs/accessanalyzer/11.6/solutions/sharepoint/activity/forensics/sp_permissionchanges.md index 6e1b316895..652b8c83c5 100644 --- a/docs/accessanalyzer/11.6/solutions/sharepoint/activity/forensics/sp_permissionchanges.md +++ b/docs/accessanalyzer/11.6/solutions/sharepoint/activity/forensics/sp_permissionchanges.md @@ -14,8 +14,11 @@ over the past 30 days. Navigate to the **Jobs** > **SharePoint** > **7.Activity** > **Forensics** > **SP_PermissionChanges** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the SP_PermissionChanges Job](/img/product_docs/accessanalyzer/11.6/solutions/sharepoint/activity/forensics/permissionchangesanalysis.webp) @@ -29,6 +32,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the SQL_PermissionChanges Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Permission Changes | This report identifies SharePoint permission changes based on activity events and determines whether or not that permission change is considered a high security risk. | None | This report is comprised of two elements: - Bar Chart – Displays permission change activity in the past seven days - Table – Provides permission change details | +| Report | Description | Default Tags | Report Elements | +| ------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Permission Changes | This report identifies SharePoint permission changes based on activity events and determines whether or not that permission change is considered a high security risk. | None | This report is comprised of two elements:
  • Bar Chart – Displays permission change activity in the past seven days
  • Table – Provides permission change details
| + diff --git a/docs/accessanalyzer/11.6/solutions/sharepoint/activity/forensics/sp_sensitivedataactivity.md b/docs/accessanalyzer/11.6/solutions/sharepoint/activity/forensics/sp_sensitivedataactivity.md index 8dd7b20239..b64441379c 100644 --- a/docs/accessanalyzer/11.6/solutions/sharepoint/activity/forensics/sp_sensitivedataactivity.md +++ b/docs/accessanalyzer/11.6/solutions/sharepoint/activity/forensics/sp_sensitivedataactivity.md @@ -15,8 +15,11 @@ Navigate to the **Jobs** > **SharePoint** > **7.Activity** > **Forensics** > **SP_SensitiveDataActivity** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the SP_SensitiveDataActivity Job](/img/product_docs/accessanalyzer/11.6/solutions/sharepoint/activity/forensics/sensitivedataactivityanalysis.webp) @@ -30,6 +33,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the SQL_SensitiveDataActivity Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ----------------------- | -------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------- | -| Sensitive Data Activity | This Report shows user activity on sensitive data. | None | This report is comprised of two elements: - Bar Chart – Displays sensitive data activity - Table – Provides details on sensitive data activity | +| Report | Description | Default Tags | Report Elements | +| ----------------------- | -------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Sensitive Data Activity | This Report shows user activity on sensitive data. | None | This report is comprised of two elements:
  • Bar Chart – Displays sensitive data activity
  • Table – Provides details on sensitive data activity
| + diff --git a/docs/accessanalyzer/11.6/solutions/sharepoint/activity/usagestatistics/sp_inactivesites.md b/docs/accessanalyzer/11.6/solutions/sharepoint/activity/usagestatistics/sp_inactivesites.md index 89e957308f..3815cf4f1a 100644 --- a/docs/accessanalyzer/11.6/solutions/sharepoint/activity/usagestatistics/sp_inactivesites.md +++ b/docs/accessanalyzer/11.6/solutions/sharepoint/activity/usagestatistics/sp_inactivesites.md @@ -13,8 +13,11 @@ This job highlights your environments least active Sites or Site Collections. Navigate to the **Jobs** > **SharePoint** > **7.Activity** > **Usage Statistics** > **SP_InactiveSites** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the SP_InactiveSites Job](/img/product_docs/accessanalyzer/11.6/solutions/sharepoint/activity/usagestatistics/inactivesitesanalysis.webp) @@ -26,6 +29,7 @@ The default analysis task is: In addition to the tables and views created by the analysis tasks, the SQL_InactiveSites Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| -------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------- | -| Inactive Sites | This report identifies Sites that have not had activity for at least 30 days. [View], [Delete], [Update], [Delete] fields reflect the number of unique operations of each type that was performed on the inactive site for this time frame. | None | This report is comprised of two elements: - Bar Chart – Displays information on inactive sites - Table – Provides details on inactive sites | +| Report | Description | Default Tags | Report Elements | +| -------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Inactive Sites | This report identifies Sites that have not had activity for at least 30 days. [View], [Delete], [Update], [Delete] fields reflect the number of unique operations of each type that was performed on the inactive site for this time frame. | None | This report is comprised of two elements:
  • Bar Chart – Displays information on inactive sites
  • Table – Provides details on inactive sites
| + diff --git a/docs/accessanalyzer/11.6/solutions/sharepoint/activity/usagestatistics/sp_mostactivesites.md b/docs/accessanalyzer/11.6/solutions/sharepoint/activity/usagestatistics/sp_mostactivesites.md index e96c878b95..c5c944c25b 100644 --- a/docs/accessanalyzer/11.6/solutions/sharepoint/activity/usagestatistics/sp_mostactivesites.md +++ b/docs/accessanalyzer/11.6/solutions/sharepoint/activity/usagestatistics/sp_mostactivesites.md @@ -13,8 +13,11 @@ This job identifies the top five most active monitored sites. Navigate to the **Jobs** > **SharePoint** > **7.Activity** > **Usage Statistics** > **SP_MostActiveSites** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the SP_MostActiveSites Job](/img/product_docs/accessanalyzer/11.6/solutions/sharepoint/activity/usagestatistics/mostactivesitesanalysis.webp) @@ -26,6 +29,7 @@ The default analysis task is: In addition to the tables and views created by the analysis tasks, the SQL_MostActiveSites Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Most Active Sites – Last 30 Days | This report identifies the top five most active sites for the past 30 days. [Reads], [Updates], [Deletes], [Permission Changes] fields reflect the number of unique operations of each type that was performed on the site for this time frame. Unique Resources Accessed, number of active user performing operations on the site, as well as whether or not the active site contains sensitive information. | None | This report is comprised of two elements: - Bar Chart – Displays information on most active sites by event count - Table – Provides details on most active sites by event count | +| Report | Description | Default Tags | Report Elements | +| -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Most Active Sites – Last 30 Days | This report identifies the top five most active sites for the past 30 days. [Reads], [Updates], [Deletes], [Permission Changes] fields reflect the number of unique operations of each type that was performed on the site for this time frame. Unique Resources Accessed, number of active user performing operations on the site, as well as whether or not the active site contains sensitive information. | None | This report is comprised of two elements:
  • Bar Chart – Displays information on most active sites by event count
  • Table – Provides details on most active sites by event count
| + diff --git a/docs/accessanalyzer/11.6/solutions/sharepoint/activity/usagestatistics/sp_mostactiveusers.md b/docs/accessanalyzer/11.6/solutions/sharepoint/activity/usagestatistics/sp_mostactiveusers.md index 582d4d6ef2..3cef989ff7 100644 --- a/docs/accessanalyzer/11.6/solutions/sharepoint/activity/usagestatistics/sp_mostactiveusers.md +++ b/docs/accessanalyzer/11.6/solutions/sharepoint/activity/usagestatistics/sp_mostactiveusers.md @@ -14,8 +14,11 @@ with a view of Reads, Updates, Deletes, and Permission changes performed by a us Navigate to the **Jobs** > **SharePoint** > **7.Activity** > **Usage Statistics** > **SP_MostActiveUsers** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the SP_MostActiveUsers Job](/img/product_docs/accessanalyzer/11.6/solutions/sharepoint/activity/usagestatistics/mostactiveusersanalysis.webp) @@ -27,6 +30,7 @@ The default analysis task is: In addition to the tables and views created by the analysis tasks, the SQL_MostActiveUsers Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| -------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Most Active Users – Last 30 Days | This report identifies the top users for the past 30 days. [View], [Delete], [Update], [Delete] fields reflect the number of unique operations of each type that was performed by the user for this time frame. Unique Resources are the number of distinct resources that have had activity during that time. | None | This report is comprised of two elements: - Bar Chart – Displays information on top users by operation count - Table – Provides details on top users by operation count | +| Report | Description | Default Tags | Report Elements | +| -------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Most Active Users – Last 30 Days | This report identifies the top users for the past 30 days. [View], [Delete], [Update], [Delete] fields reflect the number of unique operations of each type that was performed by the user for this time frame. Unique Resources are the number of distinct resources that have had activity during that time. | None | This report is comprised of two elements:
  • Bar Chart – Displays information on top users by operation count
  • Table – Provides details on top users by operation count
| + diff --git a/docs/accessanalyzer/11.6/solutions/sharepoint/collection/1-spseek_systemscans.md b/docs/accessanalyzer/11.6/solutions/sharepoint/collection/1-spseek_systemscans.md index 8379260269..4401838899 100644 --- a/docs/accessanalyzer/11.6/solutions/sharepoint/collection/1-spseek_systemscans.md +++ b/docs/accessanalyzer/11.6/solutions/sharepoint/collection/1-spseek_systemscans.md @@ -25,10 +25,13 @@ The 1-SPSEEK_SystemScans Job has been preconfigured to run with the default sett Data Collector category of Scan for Sensitive Content, which is not visible within the SharePoint Access Auditor Data Collector Wizard when opened from within this job. -**CAUTION:** Users should not change scans in a way that would result in less data being returned on +:::warning +Users should not change scans in a way that would result in less data being returned on a subsequent scan (i.e. scanning fewer web applications, scanning fewer site collections, or a shallower depth scan). Those resources not included in a subsequent scan are marked as deleted in the Tier 2 database and subsequently removed from the Tier 1 database. +::: + Follow the steps to set any desired customizations. @@ -74,10 +77,13 @@ page, the default setting is to **Don’t process files larger than: 2 MB** and documents (recommended, fastest)**. These settings can be customized to adjust for scan time or database size. Click **Next**. -**NOTE:** The typical documents for this setting are files with the following extensions: .doc, +:::note +The typical documents for this setting are files with the following extensions: .doc, .docx, .msg, .odt, .pages, .rtf, .wpd, .wps, .abw, .bib, .dotx, .eml, .fb2, .fdx, .gdoc, .lit, .sig, .sty, .wps, .wpt, .yml, .tex, .pdf, .csv, .xlr, .xls, .xlsx, .gsheet, .nb, .numbers, .ods, .qpw, .sdc, .wks, .xlsb, .xltm, .xltx, .aws, .fods, .ots, .rdf, .sxc, .uos, .xlsm, .txt +::: + ![Select DLP Criteria Page of the SPAA Data Collector Wizard](/img/product_docs/accessanalyzer/11.6/solutions/sharepoint/collection/selectdlpcriteriaspseek.webp) @@ -88,7 +94,10 @@ All** and **Clear All** buttons. Click **Next**. _(Optional)_ To create custom c [Sensitive Data Criteria Editor](/docs/accessanalyzer/11.6/sensitivedatadiscovery/criteriaeditor/overview.md) topic for additional information. -**CAUTION:** Do not configure the options on the Results page. +:::warning +Do not configure the options on the Results page. +::: + **Step 10 –** On the Results page, all Available Properties are selected by default. Click **Next**. diff --git a/docs/accessanalyzer/11.6/solutions/sharepoint/collection/2-spaa_systemscans.md b/docs/accessanalyzer/11.6/solutions/sharepoint/collection/2-spaa_systemscans.md index 746177e238..273b8605ff 100644 --- a/docs/accessanalyzer/11.6/solutions/sharepoint/collection/2-spaa_systemscans.md +++ b/docs/accessanalyzer/11.6/solutions/sharepoint/collection/2-spaa_systemscans.md @@ -25,10 +25,13 @@ The 2-SPAA_SystemScans Job has been preconfigured to run with the default settin Data Collector category of Scan SharePoint Access, which is not visible within the SharePoint Access Auditor Data Collector Wizard when opened from within this job. -**CAUTION:** Users should not change scans in a way that would result in less data being returned on +:::warning +Users should not change scans in a way that would result in less data being returned on a subsequent scan (i.e. scanning fewer web applications, scanning fewer site collections, or a shallower depth scan). Those resources not included in a subsequent scan are marked as deleted in the Tier 2 database and subsequently removed from the Tier 1 database. +::: + Follow the steps to set any desired customizations. @@ -66,7 +69,10 @@ setting as desired and click **Next**. [SPAA: Agent Settings](/docs/accessanalyzer/11.6/admin/datacollector/spaa/agentsettings.md) page, use the default settings unless an agent scan mode is desired. Click **Next**. -**CAUTION:** Do not configure the options on the Results page. +:::warning +Do not configure the options on the Results page. +::: + **Step 8 –** On the Results page, all Available Properties are selected by default. Click **Next**. diff --git a/docs/accessanalyzer/11.6/solutions/sharepoint/collection/3-spac_systemscans.md b/docs/accessanalyzer/11.6/solutions/sharepoint/collection/3-spac_systemscans.md index 7f1b7637bb..a79970f882 100644 --- a/docs/accessanalyzer/11.6/solutions/sharepoint/collection/3-spac_systemscans.md +++ b/docs/accessanalyzer/11.6/solutions/sharepoint/collection/3-spac_systemscans.md @@ -15,7 +15,10 @@ The 3-SPAC_SystemScans Job has been preconfigured to run with the default settin Data Collector category of Scan SharePoint Activity, which is not visible within the SharePoint Access Auditor Data Collector Wizard when opened from within this job. -**CAUTION:** Do not modify the query. The query is preconfigured for this job. +:::warning +Do not modify the query. The query is preconfigured for this job. +::: + ![Query Selection](/img/product_docs/accessanalyzer/11.6/solutions/sharepoint/collection/spacsystemscansquery.webp) diff --git a/docs/accessanalyzer/11.6/solutions/sharepoint/collection/4-spseek_bulkimport.md b/docs/accessanalyzer/11.6/solutions/sharepoint/collection/4-spseek_bulkimport.md index f05a16805c..30750ab3d5 100644 --- a/docs/accessanalyzer/11.6/solutions/sharepoint/collection/4-spseek_bulkimport.md +++ b/docs/accessanalyzer/11.6/solutions/sharepoint/collection/4-spseek_bulkimport.md @@ -40,10 +40,16 @@ displays. [SPAA: Bulk Import Settings](/docs/accessanalyzer/11.6/admin/datacollector/spaa/bulkimportsettings.md) page, the **Set Host Identifier** is not configured by default. Click **Next**. -**NOTE:** Unless SQL Server Replication is used, it should not be necessary to adjust the **Host +:::note +Unless SQL Server Replication is used, it should not be necessary to adjust the **Host Identifier** seed. +::: + + +:::warning +Do not configure the options on the Results page. +::: -**CAUTION:** Do not configure the options on the Results page. **Step 5 –** On the Results page, all Available Properties are selected by default. Click **Next**. @@ -57,20 +63,23 @@ If changes were made, the 4-SPSEEK_BulkImport Job has now been customized. Navigate to the **Jobs** > **SharePoint** > **0.Collection** > **4-SPSEEK_BulkImport** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** The analysis tasks are preconfigured for this job. Never modify or deselect the +:::warning +The analysis tasks are preconfigured for this job. Never modify or deselect the selected analysis tasks. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/sharepoint/collection/spseekbulkimportanalysis.webp) The default analysis tasks are: -- 1. Update data types – Enterprise Auditor uses custom SQL data types to render data. This +- **1. Update data types** – Enterprise Auditor uses custom SQL data types to render data. This analysis creates updates to those data types. -- 2. Import new functions (for SA Core) – Creates functions used in the SharePoint Solution -- 3. Import new functions (for SA SPAA) – Creates functions used in the SharePoint Solution -- 4. Create exception schema – Creates the SA_SPAA_Exceptions table -- 5. Create DLP views – Creates the SA_SPDLP_MatchesView -- 6. Create exceptions view – Creates the SA_SPAA_ExceptionsView +- **2. Import new functions (for SA Core)** – Creates functions used in the SharePoint Solution +- **3. Import new functions (for SA SPAA)** – Creates functions used in the SharePoint Solution +- **4. Create exception schema** – Creates the SA_SPAA_Exceptions table +- **5. Create DLP views** – Creates the SA_SPDLP_MatchesView +- **6. Create exceptions view** – Creates the SA_SPAA_ExceptionsView The following analysis task is not selected by default, but can be enabled: diff --git a/docs/accessanalyzer/11.6/solutions/sharepoint/collection/5-spaa_bulkimport.md b/docs/accessanalyzer/11.6/solutions/sharepoint/collection/5-spaa_bulkimport.md index dddfd75362..1d6fc68c18 100644 --- a/docs/accessanalyzer/11.6/solutions/sharepoint/collection/5-spaa_bulkimport.md +++ b/docs/accessanalyzer/11.6/solutions/sharepoint/collection/5-spaa_bulkimport.md @@ -40,10 +40,16 @@ displays. [SPAA: Bulk Import Settings](/docs/accessanalyzer/11.6/admin/datacollector/spaa/bulkimportsettings.md) page, the **Set Host Identifier** is not configured by default. Click **Next**. -**NOTE:** Unless SQL Server Replication is used, it should not be necessary to adjust the **Host +:::note +Unless SQL Server Replication is used, it should not be necessary to adjust the **Host Identifier** seed. +::: + + +:::warning +Do not configure the options on the Results page. +::: -**CAUTION:** Do not configure the options on the Results page. **Step 5 –** On the Results page, all Available Properties are selected by default. Click **Next**. @@ -57,18 +63,21 @@ If changes were made, the 5-SPAA_BulkImport Job has now been customized. Navigate to the **Jobs** > **SharePoint** > **0.Collection** > **2-SPAA_BulkImport** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** The analysis tasks are preconfigured for this job. Never modify or deselect the +:::warning +The analysis tasks are preconfigured for this job. Never modify or deselect the selected analysis tasks. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/sharepoint/collection/spaabulkimportanalysis.webp) The default analysis tasks are: -- 0. TryConvert for UniqueIdentifiers – Simulates Try_Convert functionality for SQL Server 2008 +- **0. TryConvert for UniqueIdentifiers** – Simulates Try_Convert functionality for SQL Server 2008 and below -- 1. Update data types – Enterprise Auditor uses custom SQL data types to render data. This +- **1. Update data types** – Enterprise Auditor uses custom SQL data types to render data. This analysis creates updates to those data types. -- 2. Import new functions (for SA Core) – Creates functions used in the SharePoint Solution -- 3. Import new functions (for SA SPAA) – Creates functions used in the SharePoint Solution -- 4. Create exception schema – Creates the SA_SPAA_Exceptions table -- 5. Create views – Creates views visible through the Results node +- **2. Import new functions (for SA Core)** – Creates functions used in the SharePoint Solution +- **3. Import new functions (for SA SPAA)** – Creates functions used in the SharePoint Solution +- **4. Create exception schema** – Creates the SA_SPAA_Exceptions table +- **5. Create views** – Creates views visible through the Results node diff --git a/docs/accessanalyzer/11.6/solutions/sharepoint/collection/6-spac_bulkimport.md b/docs/accessanalyzer/11.6/solutions/sharepoint/collection/6-spac_bulkimport.md index 288bbf9c0e..3ce1563b6a 100644 --- a/docs/accessanalyzer/11.6/solutions/sharepoint/collection/6-spac_bulkimport.md +++ b/docs/accessanalyzer/11.6/solutions/sharepoint/collection/6-spac_bulkimport.md @@ -40,10 +40,16 @@ displays. [SPAA: Bulk Import Settings](/docs/accessanalyzer/11.6/admin/datacollector/spaa/bulkimportsettings.md) page, the **Set Host Identifier** is not configured by default. Click **Next**. -**NOTE:** Unless SQL Server Replication is used, it should not be necessary to adjust the **Host +:::note +Unless SQL Server Replication is used, it should not be necessary to adjust the **Host Identifier** seed. +::: + + +:::warning +Do not configure the options on the Results page. +::: -**CAUTION:** Do not configure the options on the Results page. **Step 5 –** On the Results page, all Available Properties are selected by default. Click **Next**. @@ -57,12 +63,15 @@ If changes were made, the 6-SPAC_BulkImport Job has now been customized. Navigate to the **Jobs** > **SharePoint** > **0.Collection** > **6-SPAC_BulkImport** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** The analysis tasks are preconfigured for this job. Never modify or deselect the +:::warning +The analysis tasks are preconfigured for this job. Never modify or deselect the selected analysis tasks. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/sharepoint/collection/spacbulkimportanalysis.webp) The default analysis tasks are: -- 1. Create Event Name Table – Creates the SA_SPAC_EventNames table associated with SPAC -- 2. Create Views – Creates the views associated with SPAC +- **1. Create Event Name Table** – Creates the SA_SPAC_EventNames table associated with SPAC +- **2. Create Views** – Creates the views associated with SPAC diff --git a/docs/accessanalyzer/11.6/solutions/sharepoint/collection/spaa_exceptions-7.md b/docs/accessanalyzer/11.6/solutions/sharepoint/collection/7-spaa_exceptions.md similarity index 91% rename from docs/accessanalyzer/11.6/solutions/sharepoint/collection/spaa_exceptions-7.md rename to docs/accessanalyzer/11.6/solutions/sharepoint/collection/7-spaa_exceptions.md index 46e3a11e79..2ded28f1e5 100644 --- a/docs/accessanalyzer/11.6/solutions/sharepoint/collection/spaa_exceptions-7.md +++ b/docs/accessanalyzer/11.6/solutions/sharepoint/collection/7-spaa_exceptions.md @@ -1,3 +1,9 @@ +--- +title: "7-SPAA_Exceptions Job" +description: "7-SPAA_Exceptions Job" +sidebar_position: 70 +--- + # 7-SPAA_Exceptions Job This job searches scanned data for resources that match high risk conditions and retrieving a @@ -14,8 +20,11 @@ The 7-SPAA_Exceptions page has the following configurable parameters: - #opengroups – High-risk groups such as those known to be sensitive or open can be added - **NOTE:** Groups must be entered exactly as they are listed in SA_SPAA_Trustees. Copy and paste + :::note + Groups must be entered exactly as they are listed in SA_SPAA_Trustees. Copy and paste the Group name as it appears in the Name Column. + ::: + See the [Customizable Analysis Tasks for the 7-SPAA_Exceptions Job](#customizable-analysis-tasks-for-the-7-spaa_exceptions-job) @@ -28,8 +37,11 @@ returned by the 2-SPAA_BulkImport Job. View the analysis tasks by navigating to **SharePoint** > **0.Collection** > **3-SPAA_Exceptions** > **Configure** node and select **Analysis**. -**CAUTION:** The analysis tasks are preconfigured for this job. Never modify or deselect the +:::warning +The analysis tasks are preconfigured for this job. Never modify or deselect the selected analysis tasks. +::: + ![Analysis Selection](/img/product_docs/accessanalyzer/11.6/solutions/sharepoint/collection/spaaexceptionsanalysis.webp) diff --git a/docs/accessanalyzer/11.6/solutions/sharepoint/collection/overview.md b/docs/accessanalyzer/11.6/solutions/sharepoint/collection/overview.md index 9018ee196a..fc45f239b9 100644 --- a/docs/accessanalyzer/11.6/solutions/sharepoint/collection/overview.md +++ b/docs/accessanalyzer/11.6/solutions/sharepoint/collection/overview.md @@ -32,7 +32,7 @@ The jobs in the 0.Collection Job Group are: - [6-SPAC_BulkImport Job](/docs/accessanalyzer/11.6/solutions/sharepoint/collection/6-spac_bulkimport.md) – Responsible for retrieving the SPAC Tier 2 Database information and importing it to the Enterprise Auditor SQL database -- [7-SPAA_Exceptions Job](/docs/accessanalyzer/11.6/solutions/sharepoint/collection/spaa_exceptions-7.md) +- [7-SPAA_Exceptions Job](/docs/accessanalyzer/11.6/solutions/sharepoint/collection/7-spaa_exceptions.md) – Searches scanned data for resources that match high risk conditions, retrieving a summary of SharePoint exceptions per host @@ -94,7 +94,7 @@ The 0.Collection jobs that comprise this auditing component are: - [5-SPAA_BulkImport Job](/docs/accessanalyzer/11.6/solutions/sharepoint/collection/5-spaa_bulkimport.md) – Responsible for retrieving the SPAA tier 2 database information and import it to the Enterprise Auditor SQL database -- [7-SPAA_Exceptions Job](/docs/accessanalyzer/11.6/solutions/sharepoint/collection/spaa_exceptions-7.md) +- [7-SPAA_Exceptions Job](/docs/accessanalyzer/11.6/solutions/sharepoint/collection/7-spaa_exceptions.md) – Searches scanned data for resources that match high risk conditions, retrieving a summary of SharePoint exceptions per host @@ -119,7 +119,7 @@ See the [Recommended Configuration for the SharePoint Solution](/docs/accessanalyzer/11.6/solutions/sharepoint/recommended.md) topic for other Runtime Details. -Workflow +**Workflow** **Step 1 –** Run [2-SPAA_SystemScans Job](/docs/accessanalyzer/11.6/solutions/sharepoint/collection/2-spaa_systemscans.md). @@ -128,7 +128,7 @@ Workflow [5-SPAA_BulkImport Job](/docs/accessanalyzer/11.6/solutions/sharepoint/collection/5-spaa_bulkimport.md). **Step 3 –** Run -[7-SPAA_Exceptions Job](/docs/accessanalyzer/11.6/solutions/sharepoint/collection/spaa_exceptions-7.md). +[7-SPAA_Exceptions Job](/docs/accessanalyzer/11.6/solutions/sharepoint/collection/7-spaa_exceptions.md). **Step 4 –** Run desired corresponding analysis and reporting sub-job groups. @@ -136,11 +136,14 @@ Please see the [Recommended Configuration for the SharePoint Solution](/docs/accessanalyzer/11.6/solutions/sharepoint/recommended.md) topic before continuing with this workflow. -**_RECOMMENDED:_** Scope the 0.Collection Job Group to only include the collection components +:::info +Scope the 0.Collection Job Group to only include the collection components desired by disabling the undesired collection jobs. Disabling them allows the solution to run more efficiently. It is not recommended to delete any jobs. See the [Disable or Enable a Job](/docs/accessanalyzer/11.6/admin/jobs/job/disableenable.md) topic for additional information. +::: + ## SharePoint Activity Auditing @@ -178,7 +181,7 @@ See the SharePoint Reports topics in the [Netwrix Access Information Center Documentation](https://helpcenter.netwrix.com/category/accessinformationcenter) for additional information. -Recommended Workflow 1 (for Access & Activity Auditing) +**Recommended Workflow 1 (for Access & Activity Auditing)** **Step 1 –** Run [2-SPAA_SystemScans Job](/docs/accessanalyzer/11.6/solutions/sharepoint/collection/2-spaa_systemscans.md). @@ -193,19 +196,25 @@ Recommended Workflow 1 (for Access & Activity Auditing) [6-SPAC_BulkImport Job](/docs/accessanalyzer/11.6/solutions/sharepoint/collection/6-spac_bulkimport.md). **Step 5 –** Run -[7-SPAA_Exceptions Job](/docs/accessanalyzer/11.6/solutions/sharepoint/collection/spaa_exceptions-7.md). +[7-SPAA_Exceptions Job](/docs/accessanalyzer/11.6/solutions/sharepoint/collection/7-spaa_exceptions.md). **Step 6 –** Run desired corresponding analysis and reporting sub-job groups. -**NOTE:** Once an initial 2-SPAA SystemScans job (scoped to at least 0-level depth) and the +:::note +Once an initial 2-SPAA SystemScans job (scoped to at least 0-level depth) and the corresponding 5-SPAA Bulk Import job have been run, then the SPAA Scans can be run concurrently with SPAC Scans and Bulk Import jobs as desired. +::: + Recommended Workflow 2 (for Access, Sensitive Data Discovery & Activity Auditing) -**CAUTION:** The jobs must be run in the order shown. It is not possible to disable the +:::warning +The jobs must be run in the order shown. It is not possible to disable the 1-SPAA_SystemScan and 2-SPAA_BulkImport jobs and run the 0.Collection Job Group because the remaining jobs are in the wrong order. Renaming the jobs is not an option. +::: + **Step 1 –** Install the Sensitive Data Discovery Add-on on the Enterprise Auditor Console (once only). @@ -223,15 +232,18 @@ only). [6-SPAC_BulkImport Job](/docs/accessanalyzer/11.6/solutions/sharepoint/collection/6-spac_bulkimport.md). **Step 6 –** Run -[7-SPAA_Exceptions Job](/docs/accessanalyzer/11.6/solutions/sharepoint/collection/spaa_exceptions-7.md). +[7-SPAA_Exceptions Job](/docs/accessanalyzer/11.6/solutions/sharepoint/collection/7-spaa_exceptions.md). **Step 7 –** Run desired corresponding analysis and reporting sub-job groups. -**NOTE:** Once an initial 1-SPSEEK SystemScans job (scoped to at least 0-level depth) and the +:::note +Once an initial 1-SPSEEK SystemScans job (scoped to at least 0-level depth) and the corresponding 4-SPSEEK Bulk Import job have been run, then the SPSEEK Scans jobs can be run concurrently with the SPAC Scans and the Bulk Import jobs as desired. +::: + -Optional Workflow (for Activity Auditing Only) +**Optional Workflow (for Activity Auditing Only)** **Step 1 –** Run [3-SPAC_SystemScans Job](/docs/accessanalyzer/11.6/solutions/sharepoint/collection/3-spac_systemscans.md). @@ -241,15 +253,21 @@ Optional Workflow (for Activity Auditing Only) **Step 3 –** Run desired corresponding analysis and reporting sub-job groups. -**NOTE:** Please see the +:::note +Please see the [Recommended Configuration for the SharePoint Solution](/docs/accessanalyzer/11.6/solutions/sharepoint/recommended.md) topic before continuing with this workflow. +::: + -**_RECOMMENDED:_** Scope the 0.Collection Job Group to only include the collection components +:::info +Scope the 0.Collection Job Group to only include the collection components desired by disabling the undesired collection jobs. Disabling them allows the solution to run more efficiently. It is not recommended to delete any jobs. See the [Disable or Enable a Job](/docs/accessanalyzer/11.6/admin/jobs/job/disableenable.md) topic for additional information. +::: + ## SharePoint Sensitive Data Discovery Auditing (SEEK) @@ -261,11 +279,14 @@ tables and views are prefaced with `SPDLP`. See the [SharePoint Sensitive Data Discovery Auditing Tables & Views](/docs/accessanalyzer/11.6/admin/datacollector/spaa/standardtables.md) topic for additional information on the data collected. -**NOTE:** The Sensitive Data Discovery Auditing (SEEK) component is an add-on to the SharePoint +:::note +The Sensitive Data Discovery Auditing (SEEK) component is an add-on to the SharePoint Solution. Though the jobs are visible within the console, it requires an additional installer package before data collection will occur. See the [Sensitive Data Discovery Add-On Installation](/docs/accessanalyzer/11.6/install/sensitivedatadiscovery/overview.md) topic for additional information. +::: + Customized search criteria can be created with the Criteria Editor accessible through the [SPAA: Select DLP Criteria](/docs/accessanalyzer/11.6/admin/datacollector/spaa/selectdlpcriteria.md) @@ -281,7 +302,7 @@ The 0.Collection jobs that comprise this auditing component are: - [4-SPSEEK_BulkImport Job](/docs/accessanalyzer/11.6/solutions/sharepoint/collection/4-spseek_bulkimport.md) – Responsible for retrieving the Tier 2 SPDLP database information and importing it to the SQL Server where Enterprise Auditor stores data -- [7-SPAA_Exceptions Job](/docs/accessanalyzer/11.6/solutions/sharepoint/collection/spaa_exceptions-7.md) +- [7-SPAA_Exceptions Job](/docs/accessanalyzer/11.6/solutions/sharepoint/collection/7-spaa_exceptions.md) – Searches scanned data for resources that match high risk conditions, retrieving a summary of SharePoint exceptions per host @@ -315,15 +336,18 @@ the SharePoint application server when applicable (once only). [4-SPSEEK_BulkImport Job](/docs/accessanalyzer/11.6/solutions/sharepoint/collection/4-spseek_bulkimport.md). **Step 4 –** Run -[7-SPAA_Exceptions Job](/docs/accessanalyzer/11.6/solutions/sharepoint/collection/spaa_exceptions-7.md). +[7-SPAA_Exceptions Job](/docs/accessanalyzer/11.6/solutions/sharepoint/collection/7-spaa_exceptions.md). **Step 5 –** Run desired corresponding analysis and reporting sub-job groups. Recommended Workflow 2 (for Access, Sensitive Data Discovery & Activity Auditing) -**CAUTION:** The jobs must be run in the order shown. It is not possible to disable the +:::warning +The jobs must be run in the order shown. It is not possible to disable the 2-SPAA_SystemScan and 5-SPAA_BulkImport jobs and run the 0.Collection Job Group because the remaining jobs are in the wrong order. Renaming the jobs is not an option. +::: + **Step 1 –** Install the Sensitive Data Discovery Add-on the Enterprise Auditor Console (once only). @@ -340,20 +364,29 @@ remaining jobs are in the wrong order. Renaming the jobs is not an option. [6-SPAC_BulkImport Job](/docs/accessanalyzer/11.6/solutions/sharepoint/collection/6-spac_bulkimport.md). **Step 6 –** Run -[7-SPAA_Exceptions Job](/docs/accessanalyzer/11.6/solutions/sharepoint/collection/spaa_exceptions-7.md). +[7-SPAA_Exceptions Job](/docs/accessanalyzer/11.6/solutions/sharepoint/collection/7-spaa_exceptions.md). **Step 7 –** Run desired corresponding analysis and reporting sub-job groups. -**NOTE:** Once an initial 1-SPSEEK SystemScans job (scoped to at least 0-level depth) and the +:::note +Once an initial 1-SPSEEK SystemScans job (scoped to at least 0-level depth) and the corresponding 4-SPSEEK Bulk Import job have been run, then the SPSEEK Scans can be run concurrently with the SPAC Scans and the Bulk Import jobs as desired. +::: + -**NOTE:** Please see the +:::note +Please see the [Recommended Configuration for the SharePoint Solution](/docs/accessanalyzer/11.6/solutions/sharepoint/recommended.md) topic before continuing with this workflow. +::: + -**_RECOMMENDED:_** Scope the 0.Collection Job Group to only include the collection components +:::info +Scope the 0.Collection Job Group to only include the collection components desired by disabling the undesired collection jobs. Disabling them allows the solution to run more efficiently. It is not recommended to delete any jobs. See the [Disable or Enable a Job](/docs/accessanalyzer/11.6/admin/jobs/job/disableenable.md) topic for additional information. + +::: diff --git a/docs/accessanalyzer/11.6/solutions/sharepoint/collection/spaa_exceptions.md b/docs/accessanalyzer/11.6/solutions/sharepoint/collection/spaa_exceptions.md deleted file mode 100644 index 3c3de8456a..0000000000 --- a/docs/accessanalyzer/11.6/solutions/sharepoint/collection/spaa_exceptions.md +++ /dev/null @@ -1,6 +0,0 @@ -# SPAA_Exceptions Job - -This job handles SharePoint exceptions. For information on configuring customizable parameters, see -the -[Configure the Customizable Parameters in an Analysis Task](/docs/accessanalyzer/11.6/admin/jobs/job/configure/analysis/analysiscustomizableparameters.md) -topic. diff --git a/docs/accessanalyzer/11.6/solutions/sharepoint/content/sp_largestfiles.md b/docs/accessanalyzer/11.6/solutions/sharepoint/content/sp_largestfiles.md index 673157007a..b0276a0d21 100644 --- a/docs/accessanalyzer/11.6/solutions/sharepoint/content/sp_largestfiles.md +++ b/docs/accessanalyzer/11.6/solutions/sharepoint/content/sp_largestfiles.md @@ -16,8 +16,11 @@ versions, and version size, along with file owner and file editor information. Navigate to the **Jobs** > **SharePoint** > **4.Content** > **SP_LargestFiles** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the SP_LargestFiles Job](/img/product_docs/accessanalyzer/11.6/solutions/sharepoint/content/largestfilesanalysis.webp) @@ -29,6 +32,7 @@ The default analysis task is: In addition to the table created by the analysis task which displays the largest file resources, the SP_LargestFiles Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ------------- | ------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Largest Files | This report identifies where the largest files, including versions, are stored. | None | This report is comprised of three elements: - Bar Chart – Displays largest files - Table – Provides a summary of the largest sites - Table – Provides details on largest files | +| Report | Description | Default Tags | Report Elements | +| ------------- | ------------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Largest Files | This report identifies where the largest files, including versions, are stored. | None | This report is comprised of three elements:
  • Bar Chart – Displays largest files
  • Table – Provides a summary of the largest sites
  • Table – Provides details on largest files
| + diff --git a/docs/accessanalyzer/11.6/solutions/sharepoint/content/sp_stalefiles.md b/docs/accessanalyzer/11.6/solutions/sharepoint/content/sp_stalefiles.md index 0bea53bff4..c3850515dc 100644 --- a/docs/accessanalyzer/11.6/solutions/sharepoint/content/sp_stalefiles.md +++ b/docs/accessanalyzer/11.6/solutions/sharepoint/content/sp_stalefiles.md @@ -32,8 +32,11 @@ for additional information. Navigate to the **Jobs** > **SharePoint** > **4.Content** > **SP_StaleFiles** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. Only the `@stale` parameter can be configured for the analysis task. +::: + ![Analysis Tasks for the SP_StaleFiles Job](/img/product_docs/accessanalyzer/11.6/solutions/sharepoint/content/stalefilesanalysis.webp) @@ -49,9 +52,10 @@ The default analysis task is: In addition to the table created by the analysis task which displays the stale file resources, the SP_StaleFiles Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ----------- | -------------------------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Stale Files | This report identifies the files which have not been modified in the longest amount of time. | Stale Data | This report is comprised of three elements: - Bar Chart – Provides a comparison of stale vs active content - Bar Chart – Displays top 5 Sites by Stale Data (GB) - Table – Provides details on stale files | +| Report | Description | Default Tags | Report Elements | +| ----------- | -------------------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Stale Files | This report identifies the files which have not been modified in the longest amount of time. | Stale Data | This report is comprised of three elements:
  • Bar Chart – Provides a comparison of stale vs active content
  • Bar Chart – Displays top 5 Sites by Stale Data (GB)
  • Table – Provides details on stale files
| + ### Customizable Analysis Tasks for the SP_StaleFiles Job diff --git a/docs/accessanalyzer/11.6/solutions/sharepoint/directpermissions/sp_domainusers.md b/docs/accessanalyzer/11.6/solutions/sharepoint/directpermissions/sp_domainusers.md index fdd227fb2d..c6c6ff7bc1 100644 --- a/docs/accessanalyzer/11.6/solutions/sharepoint/directpermissions/sp_domainusers.md +++ b/docs/accessanalyzer/11.6/solutions/sharepoint/directpermissions/sp_domainusers.md @@ -14,23 +14,27 @@ permissions. Best practices dictate that groups should be used to provide access Navigate to the **Jobs** > **SharePoint** > **1.Direct Permissions** > **SP_DomainUsers** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the SP_DomainUsers Job](/img/product_docs/accessanalyzer/11.6/solutions/sharepoint/directpermissions/domainusersanalysis.webp) The default analysis tasks are: -- 1. Direct Permissions. Shows All Direct User Permissions – Creates the +- **1. Direct Permissions. Shows All Direct User Permissions** – Creates the SA_SP_DomainUsers_DirectPermissions table accessible under the job’s Results node -- 2. Rank Resources by Number of Directly Applied Users – Creates an interim processing table in +- **2. Rank Resources by Number of Directly Applied Users** – Creates an interim processing table in the database for use by downstream analysis and report generation -- 3. Rank Domain Users by Number of Direct Assignments – Creates an interim processing table in +- **3. Rank Domain Users by Number of Direct Assignments** – Creates an interim processing table in the database for use by downstream analysis and report generation In addition to the table created by the analysis task which displays all direct user permissions, the SP_DomainUsers Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ----------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Domain User Permissions | This report identifies locations where there are domain users directly applied on permissions. Best practices dictate that groups should be used to provide access to resources. | None | This report is comprised of three elements: - Bar chart – Displays the top 5 resources by directly applied users - Table – Provides details on directly applied users by resource - Table – Provides details on direct permission counts by user | +| Report | Description | Default Tags | Report Elements | +| ----------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Domain User Permissions | This report identifies locations where there are domain users directly applied on permissions. Best practices dictate that groups should be used to provide access to resources. | None | This report is comprised of three elements:
  • Bar chart – Displays the top 5 resources by directly applied users
  • Table – Provides details on directly applied users by resource
  • Table – Provides details on direct permission counts by user
| + diff --git a/docs/accessanalyzer/11.6/solutions/sharepoint/directpermissions/sp_emptydomaingroupperms.md b/docs/accessanalyzer/11.6/solutions/sharepoint/directpermissions/sp_emptydomaingroupperms.md index 2687f4642c..cc0af576bb 100644 --- a/docs/accessanalyzer/11.6/solutions/sharepoint/directpermissions/sp_emptydomaingroupperms.md +++ b/docs/accessanalyzer/11.6/solutions/sharepoint/directpermissions/sp_emptydomaingroupperms.md @@ -16,22 +16,26 @@ Navigate to the **Jobs** > **SharePoint** > **1.Direct Permissions** > **SP_EmptyDomainGroupPerms** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the SP_EmptyDomainGroupPerms Job](/img/product_docs/accessanalyzer/11.6/solutions/sharepoint/directpermissions/emptydomaingrouppermsanalysis.webp) The default analysis tasks are: -- 1. Find Empty Group Permission – Creates the SA_SP_EmptyDomainGroupPerms_DirectPermissions table +- **1. Find Empty Group Permission** – Creates the SA_SP_EmptyDomainGroupPerms_DirectPermissions table accessible under the job’s Results node -- 2. Find Affected Resource Count per Group – Creates the +- **2. Find Affected Resource Count per Group** – Creates the SA_SP_EmptyDomainGroupPerms_ResourceCount table accessible under the job’s Results node In addition to the tables created by the analysis tasks which display direct permissions and resource counts for empty groups, the SP_EmptyDomainGroupPerms Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Empty Domain Group Permissions | This report identifies empty security groups with directly assigned permissions to resources. These groups add no access, and should be deleted from SharePoint farms, where found. Inadvertent changes to group membership may open up unwanted access. | None | This report is comprised of three elements: - Bar chart – Displays the top 5 groups by affected resources - Table – Provides details on permissions - Table – Provides details on top groups by affected resources | +| Report | Description | Default Tags | Report Elements | +| ------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Empty Domain Group Permissions | This report identifies empty security groups with directly assigned permissions to resources. These groups add no access, and should be deleted from SharePoint farms, where found. Inadvertent changes to group membership may open up unwanted access. | None | This report is comprised of three elements:
  • Bar chart – Displays the top 5 groups by affected resources
  • Table – Provides details on permissions
  • Table – Provides details on top groups by affected resources
| + diff --git a/docs/accessanalyzer/11.6/solutions/sharepoint/directpermissions/sp_highriskpermissions.md b/docs/accessanalyzer/11.6/solutions/sharepoint/directpermissions/sp_highriskpermissions.md index 286236867e..8f94ae86b3 100644 --- a/docs/accessanalyzer/11.6/solutions/sharepoint/directpermissions/sp_highriskpermissions.md +++ b/docs/accessanalyzer/11.6/solutions/sharepoint/directpermissions/sp_highriskpermissions.md @@ -14,27 +14,31 @@ Anonymous Logon, or Domain users have been directly assigned permissions Navigate to the **Jobs** > **SharePoint** > **1.Direct Permissions** > **SP_HighRiskPermissions** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the SP_HighRiskPermissions Job](/img/product_docs/accessanalyzer/11.6/solutions/sharepoint/directpermissions/highriskpermissionsanalysis.webp) The default analysis tasks are: -- 1. Detailed View – Creates the SA_SP_HighRiskPermissions_Details table accessible under the +- **1. Detailed View** – Creates the SA_SP_HighRiskPermissions_Details table accessible under the job’s Results node -- 2. Permissions Matrix. Resource counts by Permission Level and Trustee – Creates the +- **2. Permissions Matrix. Resource counts by Permission Level and Trustee** – Creates the SA_SP_HighRiskPermissions_Details table (SP_HighRiskPermissions_Matrix) accessible under the job’s Results node - 3.Open Manage Rights – Creates the SA_SP_HighRiskPermissions_ManageRights table accessible under the job’s Results node -- 4. Pivot Permissions by Resource Type – Creates the +- **4. Pivot Permissions by Resource Type** – Creates the SA_SP_HighRiskPermissions_SiteCollectionSummary table accessible under the job’s Results node In addition to the tables created by the analysis tasks which display information on open resources from directly applied permissions, the SP_HighRiskPermissions Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| --------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| High Risk Permissions | This report shows permissions of Authenticated Users, Anonymous Logon, or Domain users. Applying these trustees to permissions may inadvertently open security holes. | GDPR, SOX, HIPAA, PCI-DSS, GLBA, ITAR, FERPA, FISMA, ISO27001 | This report is comprised of three elements: - Stacked Bar Chart – Displays Open Resources - Table – Provides details on resource counts by permissions and high risk trustees - Table – Provides details top resources with open manage rights | +| Report | Description | Default Tags | Report Elements | +| --------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| High Risk Permissions | This report shows permissions of Authenticated Users, Anonymous Logon, or Domain users. Applying these trustees to permissions may inadvertently open security holes. | GDPR, SOX, HIPAA, PCI-DSS, GLBA, ITAR, FERPA, FISMA, ISO27001 | This report is comprised of three elements:
  • Stacked Bar Chart – Displays Open Resources
  • Table – Provides details on resource counts by permissions and high risk trustees
  • Table – Provides details top resources with open manage rights
| + diff --git a/docs/accessanalyzer/11.6/solutions/sharepoint/directpermissions/sp_sitecollectionperms.md b/docs/accessanalyzer/11.6/solutions/sharepoint/directpermissions/sp_sitecollectionperms.md index f935cc104f..bbb14c7403 100644 --- a/docs/accessanalyzer/11.6/solutions/sharepoint/directpermissions/sp_sitecollectionperms.md +++ b/docs/accessanalyzer/11.6/solutions/sharepoint/directpermissions/sp_sitecollectionperms.md @@ -15,27 +15,31 @@ SharePoint permission configuration. Navigate to the **Jobs** > **SharePoint** > **1.Direct Permissions** > **SP_SiteCollectionPerms** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the SP_SiteCollectionPerms Job](/img/product_docs/accessanalyzer/11.6/solutions/sharepoint/directpermissions/sitecollectionpermsanalysis.webp) They need to remain in the default order: -- 1. Site Collection Direct Permissions +- **1. Site Collection Direct Permissions** - Creates the SA_SP_SiteCollectionPerms_DirectPerms table accessible under the job’s Results node - Creates an interim processing table in the database for use by downstream analysis and report generation -- 2. Site Collection Details – Creates the SA_SP_SiteCollectionPerms_Details table accessible +- **2. Site Collection Details** – Creates the SA_SP_SiteCollectionPerms_Details table accessible under the job’s Results node In addition to the tables created by the analysis tasks which display direct permissions at the root of the site collections, the SP_SiteCollectionPerms Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Direct Site Collection Permissions | Most content will inherit the permissions configured at the root of the site collection. Having an understanding of how those permissions are assigned is useful for gaining perspective on the overall SharePoint permission configuration. | None | This report is comprised of two elements: - Bar Chart – Displays top 5 site collections by direct permissions - Table – Provides details on site collections by direct permissions breakdown | +| Report | Description | Default Tags | Report Elements | +| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Direct Site Collection Permissions | Most content will inherit the permissions configured at the root of the site collection. Having an understanding of how those permissions are assigned is useful for gaining perspective on the overall SharePoint permission configuration. | None | This report is comprised of two elements:
  • Bar Chart – Displays top 5 site collections by direct permissions
  • Table – Provides details on site collections by direct permissions breakdown
| + diff --git a/docs/accessanalyzer/11.6/solutions/sharepoint/directpermissions/sp_staleusers.md b/docs/accessanalyzer/11.6/solutions/sharepoint/directpermissions/sp_staleusers.md index 5a5655ea6a..528cb3451e 100644 --- a/docs/accessanalyzer/11.6/solutions/sharepoint/directpermissions/sp_staleusers.md +++ b/docs/accessanalyzer/11.6/solutions/sharepoint/directpermissions/sp_staleusers.md @@ -15,23 +15,27 @@ applied on SharePoint resources. These permissions can be safely removed. Navigate to the **Jobs** > **SharePoint** > **1.Direct Permissions** > **SP_StaleUsers** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the SP_StaleUsers Job](/img/product_docs/accessanalyzer/11.6/solutions/sharepoint/directpermissions/staleusersanalysis.webp) The default analysis tasks are: -- 1. Direct Permissions. Shows all Direct User Permissions – Creates the +- **1. Direct Permissions. Shows all Direct User Permissions** – Creates the SA_SP_StaleUsers_DirectPermissions table accessible under the job’s Results node -- 2. Rank Resources by Number of Stale Users – Creates the SA_SP_StaleUsers_ResourcePermCounts +- **2. Rank Resources by Number of Stale Users** – Creates the SA_SP_StaleUsers_ResourcePermCounts table accessible under the job’s Results node -- 3. Rank Domain Users by Number of Direct Assignments – Creates the +- **3. Rank Domain Users by Number of Direct Assignments** – Creates the SA_SP_StaleUsers_UserPermCount table accessible under the job’s Results node In addition to the tables created by the analysis tasks which display direct permissions for stale users, the SP_StaleUsers Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ---------------------- | --------------------------------------------------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Stale User Permissions | A stale user is defined as either currently disabled within Active Directory, or has not logged onto the domain for over 90 days. | None | This report is comprised of three elements: - Bar Chart – Displays top 5 users by affected resources - Table – Provides details on top resource by stale user permissions - Table – Provides details on top stale users by affected resources | +| Report | Description | Default Tags | Report Elements | +| ---------------------- | --------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Stale User Permissions | A stale user is defined as either currently disabled within Active Directory, or has not logged onto the domain for over 90 days. | None | This report is comprised of three elements:
  • Bar Chart – Displays top 5 users by affected resources
  • Table – Provides details on top resource by stale user permissions
  • Table – Provides details on top stale users by affected resources
| + diff --git a/docs/accessanalyzer/11.6/solutions/sharepoint/directpermissions/sp_unresolvedsids.md b/docs/accessanalyzer/11.6/solutions/sharepoint/directpermissions/sp_unresolvedsids.md index 93e21c972b..a1ed6db109 100644 --- a/docs/accessanalyzer/11.6/solutions/sharepoint/directpermissions/sp_unresolvedsids.md +++ b/docs/accessanalyzer/11.6/solutions/sharepoint/directpermissions/sp_unresolvedsids.md @@ -14,25 +14,29 @@ SIDs can be safely cleaned up without affecting user access. Navigate to the **Jobs** > **SharePoint** > **1.Direct Permissions** > **SP_UnresolvedSIDs** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the SP_UnresolvedSIDs Job](/img/product_docs/accessanalyzer/11.6/solutions/sharepoint/directpermissions/unresolvedsidsanalysis.webp) They need to remain in the default order: -- 1. Create Function – Creates an interim processing table in the database for use by downstream +- **1. Create Function** – Creates an interim processing table in the database for use by downstream analysis and report generation -- 2. Find Unresolved SID ACLs – Creates the SA_SP_UnresolvedSIDs_DirectPermissions table +- **2. Find Unresolved SID ACLs** – Creates the SA_SP_UnresolvedSIDs_DirectPermissions table accessible under the job’s Results node -- 3. Find Affected Resource Count per SID – Creates the SA_SP_UnresolvedSIDs_ResourceCount table +- **3. Find Affected Resource Count per SID** – Creates the SA_SP_UnresolvedSIDs_ResourceCount table accessible under the job’s Results node -- 4. Rank Resources by SID Count – Creates the SA_SP_UnresolvedSIDs_DirectPermissions table +- **4. Rank Resources by SID Count** – Creates the SA_SP_UnresolvedSIDs_DirectPermissions table accessible under the job’s Results node In addition to the tables created by the analysis tasks which display direct permissions for unresolved SIDs, the SP_UnresolvedSIDs Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| -------------------------- | ----------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Unresolved SID Permissions | Unresolved SIDs can be safely cleaned up without affecting user access. | None | This report is comprised of three elements: - Bar Chart – Displays top 5 unresolved SIDs by affected resources - Table – Provides details on resources with unresolved SIDs applied - Table – Provides details on unresolved SIDs by affected resources | +| Report | Description | Default Tags | Report Elements | +| -------------------------- | ----------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Unresolved SID Permissions | Unresolved SIDs can be safely cleaned up without affecting user access. | None | This report is comprised of three elements:
  • Bar Chart – Displays top 5 unresolved SIDs by affected resources
  • Table – Provides details on resources with unresolved SIDs applied
  • Table – Provides details on unresolved SIDs by affected resources
| + diff --git a/docs/accessanalyzer/11.6/solutions/sharepoint/effectiveaccessaudits/sp_trusteeaccess.md b/docs/accessanalyzer/11.6/solutions/sharepoint/effectiveaccessaudits/sp_trusteeaccess.md index 17118e08eb..8cd17892a6 100644 --- a/docs/accessanalyzer/11.6/solutions/sharepoint/effectiveaccessaudits/sp_trusteeaccess.md +++ b/docs/accessanalyzer/11.6/solutions/sharepoint/effectiveaccessaudits/sp_trusteeaccess.md @@ -11,10 +11,13 @@ SharePoint environment. You can also accomplish this by looking users up in the Center, however you want to utilize this job in scenarios where you want to generate a report on multiple users’ effective access at once. -**NOTE:** Trustees can be specified in the `UserScoping.csv` file for the SP_TrusteeAccess Job. See +:::note +Trustees can be specified in the `UserScoping.csv` file for the SP_TrusteeAccess Job. See the [Configure CSV File for the Query for the SP_TrusteeAccess Job](#configure-csv-file-for-the-query-for-the-sp_trusteeaccess-job) topic for additional information. +::: + ![Scoping > SP_TrusteeAccess Job in the Jobs Tree](/img/product_docs/accessanalyzer/11.6/solutions/sharepoint/effectiveaccessaudits/scopingjobstree.webp) diff --git a/docs/accessanalyzer/11.6/solutions/sharepoint/effectiveaccessaudits/sp_trusteeaudit.md b/docs/accessanalyzer/11.6/solutions/sharepoint/effectiveaccessaudits/sp_trusteeaudit.md index 37cbfa201b..7433c9d181 100644 --- a/docs/accessanalyzer/11.6/solutions/sharepoint/effectiveaccessaudits/sp_trusteeaudit.md +++ b/docs/accessanalyzer/11.6/solutions/sharepoint/effectiveaccessaudits/sp_trusteeaudit.md @@ -15,23 +15,27 @@ scoped audits of user access across the targeted SharePoint environment. Navigate to the **Jobs** > **SharePoint** > **Effective Access Audits** > **SP_TrusteeAudit** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the SP_TrusteeAudit Job](/img/product_docs/accessanalyzer/11.6/solutions/sharepoint/effectiveaccessaudits/trusteeauditanalysis.webp) The default analysis tasks are: -- 1. Find Effective Access. Returns Only Site Collections – Creates the SA_SP_TrusteeAudit_Results +- **1. Find Effective Access. Returns Only Site Collections** – Creates the SA_SP_TrusteeAudit_Results table accessible under the job’s Results node -- 2. Find Direct Permissions. Unscoped - All Resource Types – Creates the +- **2. Find Direct Permissions. Unscoped - All Resource Types** – Creates the SA_SP_TrusteeAudit_DirectPermissions table accessible under the job’s Results node -- 3. Summarize Access – Creates an interim processing table in the database for use by downstream +- **3. Summarize Access** – Creates an interim processing table in the database for use by downstream analysis and report generation In addition to the tables created by the analysis tasks which display effective access for the specified trustees, the SP_TrusteeAudit Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ---------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Site Collection Access | This report shows what site collections a domain user has effective and direct access to. Audited users are scoped in the SP_TrusteeAccess job. | None | This report is comprised of three elements: - Table – Provides user summary details - Table – Provides details on site collections with effective access - Table – Provides details on direct permissions | +| Report | Description | Default Tags | Report Elements | +| ---------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Site Collection Access | This report shows what site collections a domain user has effective and direct access to. Audited users are scoped in the SP_TrusteeAccess job. | None | This report is comprised of three elements:
  • Table – Provides user summary details
  • Table – Provides details on site collections with effective access
  • Table – Provides details on direct permissions
| + diff --git a/docs/accessanalyzer/11.6/solutions/sharepoint/m365/sp_externalusers.md b/docs/accessanalyzer/11.6/solutions/sharepoint/m365/sp_externalusers.md index 3a94a12e24..5f6229f710 100644 --- a/docs/accessanalyzer/11.6/solutions/sharepoint/m365/sp_externalusers.md +++ b/docs/accessanalyzer/11.6/solutions/sharepoint/m365/sp_externalusers.md @@ -14,8 +14,11 @@ servers. Navigate to the **Jobs** > **SharePoint** > **8.M365** > **SP_OneDrives** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the SP_ExternalUsers Job](/img/product_docs/accessanalyzer/11.6/solutions/sharepoint/m365/externalusersanalysis.webp) @@ -30,7 +33,8 @@ The default analysis task is: In addition to the tables created by the analysis tasks, the SP_TeamsExternalUsers Job produces the following preconfigured report: -| Report | Description | Default Tags | Report Elements | -| ---------------------- | --------------------------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| External User Activity | This report analyzes activity performed by external users in scanned SharePoint environments. | None | This report is comprised of three elements: - Bar Chart – Provides information on top users by operation count - Table – Provides summary on external users - Table – Provides details on external user activity | -| External User Summary | This report analyzes activity performed by external users in scanned SharePoint environments. | None | This report is comprised of three elements: - Bar Chart – Provides information on top users by operation count - Table – Provides summary on external users - Table – Provides details on external user activity | +| Report | Description | Default Tags | Report Elements | +| ---------------------- | --------------------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| External User Activity | This report analyzes activity performed by external users in scanned SharePoint environments. | None | This report is comprised of three elements:
  • Bar Chart – Provides information on top users by operation count
  • Table – Provides summary on external users
  • Table – Provides details on external user activity
| +| External User Summary | This report analyzes activity performed by external users in scanned SharePoint environments. | None | This report is comprised of three elements:
  • Bar Chart – Provides information on top users by operation count
  • Table – Provides summary on external users
  • Table – Provides details on external user activity
| + diff --git a/docs/accessanalyzer/11.6/solutions/sharepoint/m365/sp_onedrives.md b/docs/accessanalyzer/11.6/solutions/sharepoint/m365/sp_onedrives.md index 37801ec400..d6666ea3d3 100644 --- a/docs/accessanalyzer/11.6/solutions/sharepoint/m365/sp_onedrives.md +++ b/docs/accessanalyzer/11.6/solutions/sharepoint/m365/sp_onedrives.md @@ -14,8 +14,11 @@ OneDrives. Navigate to the **Jobs** > **SharePoint** > **8.M365** > **SP_OneDrives** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the OneDrives Job](/img/product_docs/accessanalyzer/11.6/solutions/sharepoint/m365/onedrivesanalysis.webp) @@ -37,8 +40,9 @@ The default analysis tasks are: In addition to the tables created by the analysis tasks, the SP_OneDrives Job produces the following preconfigured reports: -| Report | Description | Default Tags | Report Elements | -| ------------------------ | -------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| One Drive Activity | This report displays activity information from OneDrives. | None | This report is comprised of three elements: - Bar Chart – Provides information on top OneDrives by Operation Count - Table – Provides details on OneDriveSummary - Table – Provides details on OneDrive Activity Details | -| One Drive Sensitive Data | This report displays sensitive information from OneDrives. | None | This report is comprised of three elements: - Bar Chart – Provides information on top OneDrives by sensitive files - Table – Provides details on sensitive data summary - Table – Provides details on OneDrive file details | -| One Drive Sensitive Data | This report displays summary level information across all OneDrives. | None | This report is comprised of three elements: - Bar Chart – Provides information on OneDrive summary - Table – Provides details on top OneDrives by GB - Table – Provides details on top OneDrives by GB summary - Table – Provides information on OneDrive details | +| Report | Description | Default Tags | Report Elements | +| ------------------------ | -------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| One Drive Activity | This report displays activity information from OneDrives. | None | This report is comprised of three elements:
  • Bar Chart – Provides information on top OneDrives by Operation Count
  • Table – Provides details on OneDriveSummary
  • Table – Provides details on OneDrive Activity Details
| +| One Drive Sensitive Data | This report displays sensitive information from OneDrives. | None | This report is comprised of three elements:
  • Bar Chart – Provides information on top OneDrives by sensitive files
  • Table – Provides details on sensitive data summary
  • Table – Provides details on OneDrive file details
| +| One Drive Sensitive Data | This report displays summary level information across all OneDrives. | None | This report is comprised of three elements:
  • Bar Chart – Provides information on OneDrive summary
  • Table – Provides details on top OneDrives by GB
  • Table – Provides details on top OneDrives by GB summary
  • Table – Provides information on OneDrive details
| + diff --git a/docs/accessanalyzer/11.6/solutions/sharepoint/m365/sp_sharedlinks.md b/docs/accessanalyzer/11.6/solutions/sharepoint/m365/sp_sharedlinks.md index 3746e286ff..e58f5d9190 100644 --- a/docs/accessanalyzer/11.6/solutions/sharepoint/m365/sp_sharedlinks.md +++ b/docs/accessanalyzer/11.6/solutions/sharepoint/m365/sp_sharedlinks.md @@ -15,8 +15,11 @@ Links. Navigate to the **Jobs** > **SharePoint** > **8.M365** > **SP_SharedLinks** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the SharedLinks Job](/img/product_docs/accessanalyzer/11.6/solutions/sharepoint/m365/sharedlinksanalysis.webp) @@ -37,8 +40,9 @@ The default analysis tasks are: In addition to the tables created by the analysis tasks, the SP_Shared Links Job produces the following preconfigured reports: -| Report | Description | Default Tags | Report Elements | -| -------------------- | ------------------------------------------------------------------------------------------------------------------ | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Anonymous Sharing | This report highlights instances where resources are anonymously shared via a shareable link in SharePoint Online. | None | This report is comprised of three elements: - Bar Chart – Provides information on the top site collections and anonymously shared files - Table – Provides details anonymous sharing summary by site collection - Table – Provides details on anonymously sharing details | -| Shared Link Activity | This report highlights instances of activity via shared links in SharePoint Online. | None | This report is comprised of three elements: - Bar Chart – Provides information on the shared link creation for the last 7 days OneDrive summary - Table – Provides details on shared link creation summary for the last 7 days - Table – Provides details on shared link activity | -| Shared Links | This report highlights instances of shared links in SharePoint Online. | None | This report is comprised of three elements: - Bar Chart Table– Provides information on the shared link summary - Bar Chart– Provides details on top site collections by shared files - Table – Provides details on site collection summary - Table – Provides details on shared links | +| Report | Description | Default Tags | Report Elements | +| -------------------- | ------------------------------------------------------------------------------------------------------------------ | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Anonymous Sharing | This report highlights instances where resources are anonymously shared via a shareable link in SharePoint Online. | None | This report is comprised of three elements:
  • Bar Chart – Provides information on the top site collections and anonymously shared files
  • Table – Provides details anonymous sharing summary by site collection
  • Table – Provides details on anonymously sharing details
| +| Shared Link Activity | This report highlights instances of activity via shared links in SharePoint Online. | None | This report is comprised of three elements:
  • Bar Chart – Provides information on the shared link creation for the last 7 days OneDrive summary
  • Table – Provides details on shared link creation summary for the last 7 days
  • Table – Provides details on shared link activity
| +| Shared Links | This report highlights instances of shared links in SharePoint Online. | None | This report is comprised of three elements:
  • Bar Chart Table– Provides information on the shared link summary
  • Bar Chart– Provides details on top site collections by shared files
  • Table – Provides details on site collection summary
  • Table – Provides details on shared links
| + diff --git a/docs/accessanalyzer/11.6/solutions/sharepoint/m365/sp_staleteamsites.md b/docs/accessanalyzer/11.6/solutions/sharepoint/m365/sp_staleteamsites.md index 874ee17406..f48ac02798 100644 --- a/docs/accessanalyzer/11.6/solutions/sharepoint/m365/sp_staleteamsites.md +++ b/docs/accessanalyzer/11.6/solutions/sharepoint/m365/sp_staleteamsites.md @@ -43,9 +43,10 @@ The default analysis task is: In addition to the table created by the analysis task, the SP_StaleTeamSites Job produces the following preconfigured report: -| Report | Description | Default Tags | Report Elements | -| ----------- | ---------------------------------------------------------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Stale Teams | This report identifies Teams that have not had activity for a number of days that can be set in the analysis (Set at 30 Days by Default) | None | This report is comprised of two elements: - Bar Chart – Provides information on the top five least active sites - Table – Provides details on stale Teams sites | +| Report | Description | Default Tags | Report Elements | +| ----------- | ---------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Stale Teams | This report identifies Teams that have not had activity for a number of days that can be set in the analysis (Set at 30 Days by Default) | None | This report is comprised of two elements:
  • Bar Chart – Provides information on the top five least active sites
  • Table – Provides details on stale Teams sites
| + ### Customizable Analysis Tasks for the SP_StaleTeamSites Job diff --git a/docs/accessanalyzer/11.6/solutions/sharepoint/m365/sp_teams.md b/docs/accessanalyzer/11.6/solutions/sharepoint/m365/sp_teams.md index ed4ad08533..2b5a24c014 100644 --- a/docs/accessanalyzer/11.6/solutions/sharepoint/m365/sp_teams.md +++ b/docs/accessanalyzer/11.6/solutions/sharepoint/m365/sp_teams.md @@ -14,8 +14,11 @@ SharePoint Teams. Navigate to the **Jobs** > **SharePoint** > **8.M365** > **SP_Teams** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the SP_Teams Job](/img/product_docs/accessanalyzer/11.6/solutions/sharepoint/m365/teamsanalysis.webp) @@ -33,8 +36,9 @@ The default analysis task is: In addition to the tables created by the analysis tasks, the SP_Teams Job produces the following preconfigured reports: -| Report | Description | Default Tags | Report Elements | -| -------------------- | ----------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Teams Activity | This report identifies and analyzes activity in SharePoint Teams. | None | This report is comprised of three elements: - Bar Chart – Provides Operation count of the Top Teams - Table – Provides a summary of Teams activity - Table – Provides details about Teams activity | -| Teams Sensitive Data | This report identifies and analyzes sensitive data in SharePoint Teams. | None | This report is comprised of three elements: - Bar Chart – Provides the top Teams containing sensitive files - Table – Provides a sensitive data summary - Table – Provides additional details about sensitive files in Teams | -| Teams Summary | This report summarizes collected data for SharePoint Teams. | None | This report is comprised of four elements: - Table – Provides a summary of permissions in Teams - Bar Chart – Provides information about Top Teams by size (GB) - Pie Chart – Provides a comparison of stale vs active Teams sites - Table – Provides additional details about Teams sites permissions | +| Report | Description | Default Tags | Report Elements | +| -------------------- | ----------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Teams Activity | This report identifies and analyzes activity in SharePoint Teams. | None | This report is comprised of three elements:
  • Bar Chart – Provides Operation count of the Top Teams
  • Table – Provides a summary of Teams activity
  • Table – Provides details about Teams activity
| +| Teams Sensitive Data | This report identifies and analyzes sensitive data in SharePoint Teams. | None | This report is comprised of three elements:
  • Bar Chart – Provides the top Teams containing sensitive files
  • Table – Provides a sensitive data summary
  • Table – Provides additional details about sensitive files in Teams
| +| Teams Summary | This report summarizes collected data for SharePoint Teams. | None | This report is comprised of four elements:
  • Table – Provides a summary of permissions in Teams
  • Bar Chart – Provides information about Top Teams by size (GB)
  • Pie Chart – Provides a comparison of stale vs active Teams sites
  • Table – Provides additional details about Teams sites permissions
| + diff --git a/docs/accessanalyzer/11.6/solutions/sharepoint/m365/sp_teamsexternaluseractivity.md b/docs/accessanalyzer/11.6/solutions/sharepoint/m365/sp_teamsexternaluseractivity.md index 4986af15c3..b5e0651a8b 100644 --- a/docs/accessanalyzer/11.6/solutions/sharepoint/m365/sp_teamsexternaluseractivity.md +++ b/docs/accessanalyzer/11.6/solutions/sharepoint/m365/sp_teamsexternaluseractivity.md @@ -15,8 +15,11 @@ Navigate to the **Jobs** > **SharePoint** > **8.M365** > **SP_TeamsExternalUserActivity** >**Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the SP_TeamsExternalUserActivity Job](/img/product_docs/accessanalyzer/11.6/solutions/sharepoint/m365/teamsexternaluseractivityanalysis.webp) @@ -28,6 +31,7 @@ The default analysis task is: In addition to the table created by the analysis task, the SP_TeamsExternalUserActivity Job produces the following preconfigured report: -| Report | Description | Default Tags | Report Elements | -| ---------------------------- | ----------------------------------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Teams External User Activity | This report displays most active external users within Teams, as well as Teams that have the most external users. | None | This report is comprised of three elements: - Bar Chart – Provides information on the most active external team members - Table – Provides details on Teams with the most external users - Table – Provides details on external user activity details | +| Report | Description | Default Tags | Report Elements | +| ---------------------------- | ----------------------------------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Teams External User Activity | This report displays most active external users within Teams, as well as Teams that have the most external users. | None | This report is comprised of three elements:
  • Bar Chart – Provides information on the most active external team members
  • Table – Provides details on Teams with the most external users
  • Table – Provides details on external user activity details
| + diff --git a/docs/accessanalyzer/11.6/solutions/sharepoint/m365/sp_teamssensitivedata.md b/docs/accessanalyzer/11.6/solutions/sharepoint/m365/sp_teamssensitivedata.md index 5e46266b8a..dc6ad8f537 100644 --- a/docs/accessanalyzer/11.6/solutions/sharepoint/m365/sp_teamssensitivedata.md +++ b/docs/accessanalyzer/11.6/solutions/sharepoint/m365/sp_teamssensitivedata.md @@ -13,8 +13,11 @@ The SP_TeamsSensitiveData Job analyzes sensitive data activity within Teams Site Navigate to the **Jobs** > **SharePoint** > **8.M365** > **SP_TeamsSensitiveData** >**Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the SP_TeamsSensitiveData Job](/img/product_docs/accessanalyzer/11.6/solutions/sharepoint/m365/teamssensitivedataanalysis.webp) @@ -26,6 +29,7 @@ The default analysis task is: In addition to the table created by the analysis task, the SP_TeamsSensitiveData Job produces the following preconfigured report: -| Report | Description | Default Tags | Report Elements | -| --------------------------- | ------------------------------------------------------------ | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Teams Sensitive Data Report | This report analyzes sensitive data activity in Teams sites. | None | This report is comprised of two elements: - Bar Chart – Provides information on the top Teams users by sensitive file interaction count - Table – Provides details on user activity | +| Report | Description | Default Tags | Report Elements | +| --------------------------- | ------------------------------------------------------------ | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Teams Sensitive Data Report | This report analyzes sensitive data activity in Teams sites. | None | This report is comprised of two elements:
  • Bar Chart – Provides information on the top Teams users by sensitive file interaction count
  • Table – Provides details on user activity
| + diff --git a/docs/accessanalyzer/11.6/solutions/sharepoint/overview.md b/docs/accessanalyzer/11.6/solutions/sharepoint/overview.md index c3f9d7ce27..5eaad8db76 100644 --- a/docs/accessanalyzer/11.6/solutions/sharepoint/overview.md +++ b/docs/accessanalyzer/11.6/solutions/sharepoint/overview.md @@ -13,7 +13,7 @@ Access Auditing and Sensitive Data Discovery Auditing components of this solutio SharePoint on-premises and SharePoint Online. The Activity Auditing components of this solution can only target SharePoint on-premises. -Supported Platforms +**Supported Platforms** - SharePoint Online® (Agent-less mode scans only) @@ -24,7 +24,7 @@ Supported Platforms - SharePoint® 2016 - SharePoint® 2013 -Requirements, Permissions, and Ports +**Requirements, Permissions, and Ports** - Permissions vary based on the Scan Mode selected and target environment. See the [SharePoint Support](/docs/accessanalyzer/11.6/requirements/sharepoint/sharepoint/sharepoint.md) @@ -34,13 +34,16 @@ Requirements, Permissions, and Ports [SharePoint Scan Options](/docs/accessanalyzer/11.6/requirements/sharepoint/scanoptions/scanoptions.md) topic for additional information. -**NOTE:** You can use the **SP_RegisterAzureAppAuth** instant job to make the configuration for +:::note +You can use the **SP_RegisterAzureAppAuth** instant job to make the configuration for SharePoint Online easier. This job registers the necessary Microsoft Entra ID application and provisions it with the required permissions. See the [SP_RegisterAzureAppAuth Job](/docs/accessanalyzer/11.6/admin/jobs/instantjobs/sp_registerazureappauth.md) topic for additional information. +::: -Sensitive Data Discovery Considerations + +**Sensitive Data Discovery Considerations** The Sensitive Data Discovery Add-On must be installed on the Enterprise Auditor Console server, which enables Sensitive Data criteria for scans. If running Sensitive Data Discovery (SDD) scans, it @@ -48,16 +51,22 @@ will be necessary to increase the minimum amount of RAM. Each thread requires a additional GB of RAM per host. For example, if the job is configured to scan 8 hosts at a time , then an extra 16 GB of RAM are required (8x2=16). -**NOTE:** The Sensitive Data Discovery Add-on installation package installs the appropriate JDK +:::note +The Sensitive Data Discovery Add-on installation package installs the appropriate JDK (Java) version on the server. The JDK deployed is prepackaged and does not require any configuration; it has been preconfigured to work with Enterprise Auditor and should never be customized through Java. It will not conflict with other JDKs or Java Runtimes in the same environment. +::: + -_Remember,_ if employing the Enterprise Auditor SharePoint Agent, it is also necessary for the +:::tip +Remember, if employing the Enterprise Auditor SharePoint Agent, it is also necessary for the Sensitive Data Discovery Add-on to be installed on the server where the agent is installed. +::: + -Location +**Location** The SharePoint Solution requires a special Enterprise Auditor license. It can be installed from the Enterprise Auditor Instant Job Wizard. Once it has been installed into the Jobs tree, navigate to diff --git a/docs/accessanalyzer/11.6/solutions/sharepoint/recommended.md b/docs/accessanalyzer/11.6/solutions/sharepoint/recommended.md index e34e81fbaf..61e49cebe4 100644 --- a/docs/accessanalyzer/11.6/solutions/sharepoint/recommended.md +++ b/docs/accessanalyzer/11.6/solutions/sharepoint/recommended.md @@ -11,7 +11,7 @@ node. However, it is a best practice to assign the host list and the Connection collection level, 0.Collection Job Group. Once these are assigned to the job group, it can be run directly or scheduled. -Dependencies +**Dependencies** - The **.Active Directory Inventory** Job Group needs to be executed prior to running the SharePoint Solution against a SharePoint on-premises environment @@ -24,7 +24,7 @@ Dependencies - The Sensitive Data Discovery Add-on must be installed on the SharePoint application server (for Sensitive Data Discovery Auditing with agent-based scans only) -Targeted Host(s) +**Targeted Host(s)** For the 0.Collection Job Group: @@ -41,7 +41,7 @@ See the [Add Hosts](/docs/accessanalyzer/11.6/admin/hostmanagement/actions/add.md) topic for additional information. -Connection Profile +**Connection Profile** The SPAA Data Collector requires a specific set of permissions. See the [SharePoint Scan Options](/docs/accessanalyzer/11.6/requirements/sharepoint/scanoptions/scanoptions.md) @@ -69,11 +69,11 @@ See the [Connection](/docs/accessanalyzer/11.6/admin/settings/connection/overview.md) topic for additional information. -Schedule Frequency +**Schedule Frequency** The jobs in this job group can be scheduled to run as desired. -Run Order +**Run Order** The 0.Collection Jobs must be run first and in order. RunSystem Scans jobs and then the Bulk Import jobs according to the desired workflow. The other SharePoint Solution sub-job groups can be run in @@ -87,13 +87,16 @@ tasks in order for permission/access reports to be accessible. For activity repo Information Center requires the execution of both the 2-SPAA Bulk Import Job default analysis tasks and the 2-SPAC Bulk Import Job default analysis tasks. -**_RECOMMENDED:_** If only conducting one or two types of auditing, scope the solution by disabling +:::info +If only conducting one or two types of auditing, scope the solution by disabling the undesired collection jobs. Disabling them allows the solution to run more efficiently. It is not recommended to delete any jobs. See the [Disable or Enable a Job](/docs/accessanalyzer/11.6/admin/jobs/job/disableenable.md) topic for additional information. +::: -Query Configuration + +**Query Configuration** This solution can be run with the default query configuration. However, the most common customizations include: @@ -154,7 +157,7 @@ customizations include: event log files - Set on the **0.Collection** > **1-SPAC_SystemScans** Job for Activity Auditing -Analysis Configuration +**Analysis Configuration** This solution should be run with the default analysis configuration. Most of these analysis tasks are preconfigured. There are a few which are deselected by default, as they are for troubleshooting @@ -176,12 +179,12 @@ including SharePoint, which incorporate this analyzed data into further analysis - Customize within .Active Directory Inventory > 3-AD_Exceptions Job analysis tasks -Additional Considerations +**Additional Considerations** The Effective Access Audits Job Group is designed to work independently of the rest of the solution, but it is dependent upon the 0.Collection Job Group and the user-modified CSV files. -Additional Notes +**Additional Notes** The jobs contained in the group use custom SQL scripts to render views on collected data. SQL views are used to populate report element tables and graphs. Changing or modifying the group, job, or diff --git a/docs/accessanalyzer/11.6/solutions/sharepoint/sp_brokeninheritance.md b/docs/accessanalyzer/11.6/solutions/sharepoint/sp_brokeninheritance.md index 9950300b6b..e59347b0de 100644 --- a/docs/accessanalyzer/11.6/solutions/sharepoint/sp_brokeninheritance.md +++ b/docs/accessanalyzer/11.6/solutions/sharepoint/sp_brokeninheritance.md @@ -21,25 +21,29 @@ The SP_BrokenInheritance job is located in the 3.Broken Inheritance Job Group. Navigate to the **Jobs** > **SharePoint** > **3.Broken Inheritance** > **SP_BrokenInheritance** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the SP_BrokenInheritance Job](/img/product_docs/accessanalyzer/11.6/solutions/sharepoint/brokeninheritanceanalysis.webp) They need to remain in the default order: -- 1. Create Inheritance View – Creates the SA_ENG_SPAA_Inheritance view accessible under the job’s +- **1. Create Inheritance View** – Creates the SA_ENG_SPAA_Inheritance view accessible under the job’s Results node -- 2. Unique Trustees Table. Identifies where Trustees have been Added/Removed – Creates the +- **2. Unique Trustees Table. Identifies where Trustees have been Added/Removed** – Creates the SA_SP_BrokenInheritance_UniqueTrustees table accessible under the job’s Results node -- 3. Pivot Unique Trustees Table – Creates the SA_SP_BrokenInheritance_UniqueTrusteesPivot table +- **3. Pivot Unique Trustees Table** – Creates the SA_SP_BrokenInheritance_UniqueTrusteesPivot table accessible under the job’s Results node -- 4. Summarize by Site Collection – Creates an interim processing table in the database for use by +- **4. Summarize by Site Collection** – Creates an interim processing table in the database for use by downstream analysis and report generation In addition to the tables created by the analysis tasks which display resources with broken inheritance, the SP_BrokenInheritance Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Broken Inheritance | This job is responsible for performing data analysis and generating SharePoint direct permission reports at the site level. This includes looking at site broken inheritance and the trustees who are assigned to those sites where inheritance is broken. | None | This report is comprised of two elements: - Bar Chart – Displays top 5 site collections by resources with permission changes - Table – Provides a site collection summary - Table – Provides broken inheritance details | +| Report | Description | Default Tags | Report Elements | +| ------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Broken Inheritance | This job is responsible for performing data analysis and generating SharePoint direct permission reports at the site level. This includes looking at site broken inheritance and the trustees who are assigned to those sites where inheritance is broken. | None | This report is comprised of two elements:
  • Bar Chart – Displays top 5 site collections by resources with permission changes
  • Table – Provides a site collection summary
  • Table – Provides broken inheritance details
| + diff --git a/docs/accessanalyzer/11.6/solutions/sharepoint/sp_openaccess.md b/docs/accessanalyzer/11.6/solutions/sharepoint/sp_openaccess.md index 9d31c98cb9..7442d629f0 100644 --- a/docs/accessanalyzer/11.6/solutions/sharepoint/sp_openaccess.md +++ b/docs/accessanalyzer/11.6/solutions/sharepoint/sp_openaccess.md @@ -31,21 +31,25 @@ components of the Navigate to the **Jobs** > **SharePoint** > **2.High Risk Sites** > **SP_OpenAccess** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the SP_OpenAccess Job](/img/product_docs/accessanalyzer/11.6/solutions/sharepoint/openaccessanalysis.webp) The default analysis tasks are: -- 1. Determine Access to Resources – Creates the SA_SP_OpenAccess_AccessDetails table accessible +- **1. Determine Access to Resources** – Creates the SA_SP_OpenAccess_AccessDetails table accessible under the job’s Results node -- 2. Summarize by Site Collection – Creates the SA_SP_OpenAccess_SiteCollectionSummary table +- **2. Summarize by Site Collection** – Creates the SA_SP_OpenAccess_SiteCollectionSummary table accessible under the job’s Results node In addition to the tables created by the analysis tasks which display resources with open access, the SP_OpenAccess Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ----------- | ------------------------------------------------------------ | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Open Access | This report identifies site collections with open resources. | Open Access | This report is comprised of two elements: - Stacked Bar – Displays top site collections with open access - Table – Provides site collection details - Table – Provides access details | +| Report | Description | Default Tags | Report Elements | +| ----------- | ------------------------------------------------------------ | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Open Access | This report identifies site collections with open resources. | Open Access | This report is comprised of two elements:
  • Stacked Bar – Displays top site collections with open access
  • Table – Provides site collection details
  • Table – Provides access details
| + diff --git a/docs/accessanalyzer/11.6/solutions/sharepoint/sp_overview.md b/docs/accessanalyzer/11.6/solutions/sharepoint/sp_overview.md index f21d170955..8a2f2e4ad9 100644 --- a/docs/accessanalyzer/11.6/solutions/sharepoint/sp_overview.md +++ b/docs/accessanalyzer/11.6/solutions/sharepoint/sp_overview.md @@ -27,8 +27,11 @@ groups have been run, there will be blank sections of this overview report. Navigate to the **Jobs** > **SharePoint** > **SP_Overview** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the SP_Overview Job](/img/product_docs/accessanalyzer/11.6/solutions/sharepoint/overviewanalysis.webp) @@ -40,6 +43,7 @@ The default analysis tasks is: In addition to the table created by the analysis task which displays all direct user permissions, the SP_Overview Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ------------------- | ------------------------------------------------------------------------ | ------------ | ---------------------------------------------------------------------------------------------------------- | -| SharePoint Overview | This report provides an overview of the targeted SharePoint environment. | None | This report is comprised of one element: - Table – Provides details on the targeted SharePoint environment | +| Report | Description | Default Tags | Report Elements | +| ------------------- | ------------------------------------------------------------------------ | ------------ | -------------------------------------------------------------------------------------------------------------------------- | +| SharePoint Overview | This report provides an overview of the targeted SharePoint environment. | None | This report is comprised of one element:
  • Table – Provides details on the targeted SharePoint environment
| + diff --git a/docs/accessanalyzer/11.6/solutions/sharepoint/sp_probableowner.md b/docs/accessanalyzer/11.6/solutions/sharepoint/sp_probableowner.md index 4472ba76ff..c7e4dbbb51 100644 --- a/docs/accessanalyzer/11.6/solutions/sharepoint/sp_probableowner.md +++ b/docs/accessanalyzer/11.6/solutions/sharepoint/sp_probableowner.md @@ -20,8 +20,11 @@ The SP_ProbableOwner Job is located in the 5.Probable Owner Job Group. Navigate to the **Jobs** > **SharePoint** > **5.Probable Owner** > **SP_ProbableOwner** >**Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the SP_ProbableOwner Job](/img/product_docs/accessanalyzer/11.6/solutions/sharepoint/probableowneranalysis.webp) @@ -33,6 +36,7 @@ The default analysis tasks are: In addition to the table created by the analysis task which displays probable ownership, the SP_ProbableOwner Job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ----------------------------- | --------------------------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------- | -| SharePoint Probable Ownership | This report identifies probable owners based on management structure, file ownership, and activity. | None | This report is comprised of one element: - Table – Provides details on probable owners | +| Report | Description | Default Tags | Report Elements | +| ----------------------------- | --------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------ | +| SharePoint Probable Ownership | This report identifies probable owners based on management structure, file ownership, and activity. | None | This report is comprised of one element:
  • Table – Provides details on probable owners
| + diff --git a/docs/accessanalyzer/11.6/solutions/sharepoint/sp_sensitivedata.md b/docs/accessanalyzer/11.6/solutions/sharepoint/sp_sensitivedata.md index f3e26bed9d..19a6171db9 100644 --- a/docs/accessanalyzer/11.6/solutions/sharepoint/sp_sensitivedata.md +++ b/docs/accessanalyzer/11.6/solutions/sharepoint/sp_sensitivedata.md @@ -18,8 +18,11 @@ The SP_SensitiveData Job is located in the 6.Sensitive Data Job Group. Navigate to the **Jobs** > **SharePoint** > **6.Sensitive Data** > **SP_SensitiveData** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the SP_SensitiveData Job](/img/product_docs/accessanalyzer/11.6/solutions/sharepoint/sensitivedataanalysis.webp) @@ -34,7 +37,8 @@ The default analysis tasks are: In addition to the tables created by the analysis tasks which display sensitive data, the SP_SensitiveData Job produces the following pre-configured reports: -| Report | Description | Default Tags | Report Elements | -| ------------------------------------------ | ------------------------------------------------------------------------------------------------------ | -------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Enterprise Summary (A.K.A. Sensitive Data) | This report summarizes the types and amount of sensitive data discovered on targeted SharePoint farms. | Sensitive Data | This report is comprised of two elements: - Pie Chart – Displays sensitive data discovered on SharePoint farms - Table – Provides details on sensitive data | -| Site Collection Details | This report highlights sites with the largest amount of sensitive data found. | Sensitive Data | This report is comprised of three elements: - Bar Chart – Displays top sites by sensitive files - Table – Provides details on the site collection summary - Table – Provides details the files fetched | +| Report | Description | Default Tags | Report Elements | +| ------------------------------------------ | ------------------------------------------------------------------------------------------------------ | -------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Enterprise Summary (A.K.A. Sensitive Data) | This report summarizes the types and amount of sensitive data discovered on targeted SharePoint farms. | Sensitive Data | This report is comprised of two elements:
  • Pie Chart – Displays sensitive data discovered on SharePoint farms
  • Table – Provides details on sensitive data
| +| Site Collection Details | This report highlights sites with the largest amount of sensitive data found. | Sensitive Data | This report is comprised of three elements:
  • Bar Chart – Displays top sites by sensitive files
  • Table – Provides details on the site collection summary
  • Table – Provides details the files fetched
| + diff --git a/docs/accessanalyzer/11.6/solutions/unix/overview.md b/docs/accessanalyzer/11.6/solutions/unix/overview.md index 399b0bdf97..1a14fa4b10 100644 --- a/docs/accessanalyzer/11.6/solutions/unix/overview.md +++ b/docs/accessanalyzer/11.6/solutions/unix/overview.md @@ -10,7 +10,7 @@ The Unix Solution reports on areas of administrative concern for Unix and Linux is given to users and group details, privileged access rights, and NFS and Samba sharing configurations. -Supported Platforms +**Supported Platforms** - AIX® 4+ - Solaris™ 8+ @@ -20,13 +20,13 @@ Supported Platforms - CentOS® 7+ - SUSE® 10+ -Requirements, Permissions, and Ports +**Requirements, Permissions, and Ports** See the -[Target Unix Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/unix/unix_1.md) +[Target Unix Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/unix/target.md) topic for additional information. -Location +**Location** The Unix Solution requires a special Enterprise Auditor license. It can be installed from the Enterprise Auditor Instant Job Wizard. Once it has been installed into the Jobs tree, navigate to diff --git a/docs/accessanalyzer/11.6/solutions/unix/privilegedaccess/sudoers/collection/ux_makedirectory.md b/docs/accessanalyzer/11.6/solutions/unix/privilegedaccess/sudoers/collection/ux_makedirectory.md index c98609c820..fa5e4f6986 100644 --- a/docs/accessanalyzer/11.6/solutions/unix/privilegedaccess/sudoers/collection/ux_makedirectory.md +++ b/docs/accessanalyzer/11.6/solutions/unix/privilegedaccess/sudoers/collection/ux_makedirectory.md @@ -13,7 +13,10 @@ used by the UX_ParseSudoers job. The UX_MakeDirectory job uses the Unix Data Collector for the following query: -**CAUTION:** The query is preconfigured for this job. Never modify the query. +:::warning +The query is preconfigured for this job. Never modify the query. +::: + ![Queries for the UX_MakeDirectory Job](/img/product_docs/accessanalyzer/11.6/solutions/unix/privilegedaccess/sudoers/collection/makedirectoryquery.webp) diff --git a/docs/accessanalyzer/11.6/solutions/unix/privilegedaccess/sudoers/collection/ux_parsesudeors.md b/docs/accessanalyzer/11.6/solutions/unix/privilegedaccess/sudoers/collection/ux_parsesudeors.md index 61761ac6a5..95e07271d9 100644 --- a/docs/accessanalyzer/11.6/solutions/unix/privilegedaccess/sudoers/collection/ux_parsesudeors.md +++ b/docs/accessanalyzer/11.6/solutions/unix/privilegedaccess/sudoers/collection/ux_parsesudeors.md @@ -12,7 +12,10 @@ The UX_ParseSudoers job parses all rights granted via sudoers in the audited env The UX_ParseSudoers job uses the Unix Data Collector for the following query: -**CAUTION:** The query is preconfigured for this job. Never modify the query. +:::warning +The query is preconfigured for this job. Never modify the query. +::: + ![Queries for the UX_ParseSudoers Job](/img/product_docs/accessanalyzer/11.6/solutions/unix/privilegedaccess/sudoers/collection/parsesudoersquery.webp) diff --git a/docs/accessanalyzer/11.6/solutions/unix/privilegedaccess/sudoers/ux_sudoers.md b/docs/accessanalyzer/11.6/solutions/unix/privilegedaccess/sudoers/ux_sudoers.md index 767bdfd539..7f4e16710e 100644 --- a/docs/accessanalyzer/11.6/solutions/unix/privilegedaccess/sudoers/ux_sudoers.md +++ b/docs/accessanalyzer/11.6/solutions/unix/privilegedaccess/sudoers/ux_sudoers.md @@ -14,8 +14,11 @@ Linux environments. Navigate to the **Unix** > **2.Privileged Access** > **Sudoers** > **UX_Sudoers** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the UX_Sudoers Job](/img/product_docs/accessanalyzer/11.6/solutions/unix/privilegedaccess/sudoers/sudoersanalysis.webp) @@ -31,6 +34,7 @@ The default analysis tasks are: In addition to the table and views created by the analysis tasks, the UX_Sudoers job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ------------------- | --------------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Sudo Rights by Host | This report details all rights granted via sudoers across the audited environment | None | This report is comprised of three elements: - Bar Chart – Displays Hosts With Most Provisioning - Table – Provides details on Provisioning by Host - Table – Provides information on Sudoers Details | +| Report | Description | Default Tags | Report Elements | +| ------------------- | --------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Sudo Rights by Host | This report details all rights granted via sudoers across the audited environment | None | This report is comprised of three elements:
  • Bar Chart – Displays Hosts With Most Provisioning
  • Table – Provides details on Provisioning by Host
  • Table – Provides information on Sudoers Details
| + diff --git a/docs/accessanalyzer/11.6/solutions/unix/privilegedaccess/ux_criticalfiles.md b/docs/accessanalyzer/11.6/solutions/unix/privilegedaccess/ux_criticalfiles.md index bcb253f198..e8b39cbc1c 100644 --- a/docs/accessanalyzer/11.6/solutions/unix/privilegedaccess/ux_criticalfiles.md +++ b/docs/accessanalyzer/11.6/solutions/unix/privilegedaccess/ux_criticalfiles.md @@ -13,7 +13,10 @@ Linux environments such as passwd, shadow, sudoers, hosts.deny, and more. The UX_CriticalFIles job uses the Unix Data Collector for the following query: -**CAUTION:** The query is preconfigured for this job. Never modify the query. +:::warning +The query is preconfigured for this job. Never modify the query. +::: + ![Queries for the UX_CriticalFiles Job](/img/product_docs/accessanalyzer/11.6/solutions/unix/privilegedaccess/criticalfilesquery.webp) @@ -26,8 +29,11 @@ The query for the UX_CriticalFiles job is: Navigate to the **Unix** > **2.Privileged Access** > **UX_CriticalFiles** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the UX_CriticalFiles Job](/img/product_docs/accessanalyzer/11.6/solutions/unix/privilegedaccess/criticalfilesanalysis.webp) @@ -43,6 +49,7 @@ The default analysis task is: In addition to the tables and views created by the analysis task, the UX_CriticalFiles job produces the following preconfigured report: -| Report | Description | Default Tags | Report Elements | -| ----------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Critical File Ownership | This report lists the ownership of critical files across the audited environment. The top non-root users and groups with critical file ownership are highlighted. | None | This report is comprised of three elements: - Table – Provides details on Top 5 Critical File Owners (Users) - Table – Provides details on Top 5 Critical File Owners (Groups) - Table – Provides information on Critical File Ownership Details | +| Report | Description | Default Tags | Report Elements | +| ----------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Critical File Ownership | This report lists the ownership of critical files across the audited environment. The top non-root users and groups with critical file ownership are highlighted. | None | This report is comprised of three elements:
  • Table – Provides details on Top 5 Critical File Owners (Users)
  • Table – Provides details on Top 5 Critical File Owners (Groups)
  • Table – Provides information on Critical File Ownership Details
| + diff --git a/docs/accessanalyzer/11.6/solutions/unix/recommended.md b/docs/accessanalyzer/11.6/solutions/unix/recommended.md index 4f1c0a6f25..165943d1c0 100644 --- a/docs/accessanalyzer/11.6/solutions/unix/recommended.md +++ b/docs/accessanalyzer/11.6/solutions/unix/recommended.md @@ -9,12 +9,12 @@ sidebar_position: 10 The Unix job group has been configured by default to run with the default settings. It can be run directly or scheduled. -Dependencies +**Dependencies** If applicable, the **.NIS Inventory** job group can be run to enable reporting on users and groups from NIS environments. -Target Host(s) +**Target Host(s)** All Unix Servers. Create a custom host list in Host Management that contains all Unix servers that are in scope to be auditing with the Unix solution. @@ -23,36 +23,36 @@ The Unix job group has been configured to inherit the host list assignment from The host list assignment should be assigned under the **Unix** > **Settings** > **Host List Assignment** node. Select the UNIX servers host list created previously. -Connection Profile +**Connection Profile** Set a Connection Profile on the Unix job group with root permissions for Unix/Linux. If the Root permission is unavailable, a least privileged model can be used. See the -[Least Privilege Model](/docs/accessanalyzer/11.6/requirements/unix/unix_1.md#least-privilege-model) +[Least Privilege Model](/docs/accessanalyzer/11.6/requirements/unix/target.md#least-privilege-model) topic for permissions needed to target the supported platforms for data collection. -Schedule Frequency +**Schedule Frequency** Schedule the Unix Solution or individual job groups to run as desired. -History Retention +**History Retention** This is not supported in this job group and should be turned off. -Run at the Job Group Level +**Run at the Job Group Level** It is a common practice to run the job in the **1.Users and Groups** job group by running the entire job group, instead of the individual jobs. -Query Configuration +**Query Configuration** The queries in this job group are preconfigured to run with the default configurations. -Analysis Configuration +**Analysis Configuration** The analysis tasks in this job group are preconfigured to run with the default configurations. -Workflow +**Workflow** **Step 1 –** Run a Host Discovery Query to create a host list with All Unix Servers, and assign that host list under the **Unix** > **Settings** > **Host List Assignment** node. diff --git a/docs/accessanalyzer/11.6/solutions/unix/sharing/collection/ux_nfsconfiguration.md b/docs/accessanalyzer/11.6/solutions/unix/sharing/collection/ux_nfsconfiguration.md index 65bd8cc53d..142fa7ae32 100644 --- a/docs/accessanalyzer/11.6/solutions/unix/sharing/collection/ux_nfsconfiguration.md +++ b/docs/accessanalyzer/11.6/solutions/unix/sharing/collection/ux_nfsconfiguration.md @@ -13,7 +13,10 @@ be further analyzed to identify and categorize risk within audited Unix and Linu The UX_NFSConfiguration job uses the Unix Data Collector for the following queries: -**CAUTION:** The queries are preconfigured for this job. Never modify the queries. +:::warning +The queries are preconfigured for this job. Never modify the queries. +::: + ![Queries for the UX_NFSConfiguration Job](/img/product_docs/accessanalyzer/11.6/solutions/unix/sharing/collection/nfsconfigurationqueries.webp) @@ -27,8 +30,11 @@ The queries for the UX_NFSConfiguration job are: Navigate to the **Unix** > **3.Sharing** > **0.Collection** > **UX_NFSConfiguration** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the UX_NFSConfiguration Job](/img/product_docs/accessanalyzer/11.6/solutions/unix/sharing/collection/nfsconfigurationanalysis.webp) diff --git a/docs/accessanalyzer/11.6/solutions/unix/sharing/collection/ux_sambaconfiguration.md b/docs/accessanalyzer/11.6/solutions/unix/sharing/collection/ux_sambaconfiguration.md index c148cae253..196f3dbee4 100644 --- a/docs/accessanalyzer/11.6/solutions/unix/sharing/collection/ux_sambaconfiguration.md +++ b/docs/accessanalyzer/11.6/solutions/unix/sharing/collection/ux_sambaconfiguration.md @@ -13,7 +13,10 @@ will be further analyzed to identify and categorize risk within audited Unix and The UX_SambaConfiguration job uses the Unix Data Collector for the following queries: -**CAUTION:** The queries are preconfigured for this job. Never modify the queries. +:::warning +The queries are preconfigured for this job. Never modify the queries. +::: + ![Queries for the UX_SambaConfiguration Job](/img/product_docs/accessanalyzer/11.6/solutions/unix/sharing/collection/sambaconfigurationqueries.webp) @@ -27,8 +30,11 @@ The queries for the UX_SambaConfiguration Job are: Navigate to the **Unix** > **3.Sharing** > **0.Collection** > **UX_SambaConfiguration** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the UX_SambaConfiguration Job](/img/product_docs/accessanalyzer/11.6/solutions/unix/sharing/collection/sambaconfigurationanalysis.webp) diff --git a/docs/accessanalyzer/11.6/solutions/unix/sharing/ux_nfs.md b/docs/accessanalyzer/11.6/solutions/unix/sharing/ux_nfs.md index 2234e19948..86dbe16760 100644 --- a/docs/accessanalyzer/11.6/solutions/unix/sharing/ux_nfs.md +++ b/docs/accessanalyzer/11.6/solutions/unix/sharing/ux_nfs.md @@ -14,8 +14,11 @@ level. Separate lists of options are checked based on target operating system. Navigate to the **Unix** > **3.Sharing** > **UX_NFS** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the UX_NFS Job](/img/product_docs/accessanalyzer/11.6/solutions/unix/sharing/nfsanalysis.webp) @@ -29,6 +32,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis task, the UX_NFS job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| -------------------------------------------- | ---------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| NFS Shares with Potentially Insecure Options | This report identifies NFS shares with options which may lead to open access | None | This report is comprised of three elements: - Bar Chart – Displays Top Hosts by Potentially Insecure Shares - Table – Provides details on Top Hosts by Potentially Insecure Shares bar chart - Table – Provides details on List of Potentially Insecure Share Options | +| Report | Description | Default Tags | Report Elements | +| -------------------------------------------- | ---------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| NFS Shares with Potentially Insecure Options | This report identifies NFS shares with options which may lead to open access | None | This report is comprised of three elements:
  • Bar Chart – Displays Top Hosts by Potentially Insecure Shares
  • Table – Provides details on Top Hosts by Potentially Insecure Shares bar chart
  • Table – Provides details on List of Potentially Insecure Share Options
| + diff --git a/docs/accessanalyzer/11.6/solutions/unix/sharing/ux_samba.md b/docs/accessanalyzer/11.6/solutions/unix/sharing/ux_samba.md index ab70ceb89b..8586ccfdec 100644 --- a/docs/accessanalyzer/11.6/solutions/unix/sharing/ux_samba.md +++ b/docs/accessanalyzer/11.6/solutions/unix/sharing/ux_samba.md @@ -14,8 +14,11 @@ their risk level. View the analysis tasks by navigating to the **Unix** > **3.Sharing** > **UX_Samba** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the UX_Samba Job](/img/product_docs/accessanalyzer/11.6/solutions/unix/sharing/sambaanalysis.webp) @@ -29,6 +32,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis task, the UX_NFS job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ----------------------------------------------------- | --------------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Samba Shares with Potentially Insecure Configurations | This report identifies Samba shares with parameters which may lead to open access | None | This report is comprised of three elements: - Bar Chart – Displays Top Hosts by Potentially Insecure Shares - Table – Provides details on Top Hosts by Potentially Insecure Shares bar chart - Table – Provides details on List of Potentially Insecure Share Configurations | +| Report | Description | Default Tags | Report Elements | +| ----------------------------------------------------- | --------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Samba Shares with Potentially Insecure Configurations | This report identifies Samba shares with parameters which may lead to open access | None | This report is comprised of three elements:
  • Bar Chart – Displays Top Hosts by Potentially Insecure Shares
  • Table – Provides details on Top Hosts by Potentially Insecure Shares bar chart
  • Table – Provides details on List of Potentially Insecure Share Configurations
| + diff --git a/docs/accessanalyzer/11.6/solutions/unix/usersgroups/ux_duplicategroups.md b/docs/accessanalyzer/11.6/solutions/unix/usersgroups/ux_duplicategroups.md index 4e53880ab9..1455386d8e 100644 --- a/docs/accessanalyzer/11.6/solutions/unix/usersgroups/ux_duplicategroups.md +++ b/docs/accessanalyzer/11.6/solutions/unix/usersgroups/ux_duplicategroups.md @@ -15,8 +15,11 @@ cleanup. Navigate to the **Unix** > **1.Users and Groups** > **UX_DuplicateGroups** > **Configure** node and select Analysis to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the UX_DuplicateGroups Job](/img/product_docs/accessanalyzer/11.6/solutions/unix/usersgroups/duplicategroupsanalysis.webp) @@ -30,6 +33,7 @@ The default analysis tasks are: In addition to the table and views created by the analysis tasks, the UX_DuplicateGroups job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ---------------- | ------------------------------------------------------------------ | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------- | -| Duplicate Groups | This report identifies duplicate groups within the audited domains | None | This report is comprised of two elements: - Bar Chart – Displays Largest Groups with Duplicates - Table – Provides details on Duplicate Group Details | +| Report | Description | Default Tags | Report Elements | +| ---------------- | ------------------------------------------------------------------ | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Duplicate Groups | This report identifies duplicate groups within the audited domains | None | This report is comprised of two elements:
  • Bar Chart – Displays Largest Groups with Duplicates
  • Table – Provides details on Duplicate Group Details
| + diff --git a/docs/accessanalyzer/11.6/solutions/unix/usersgroups/ux_emptygroups.md b/docs/accessanalyzer/11.6/solutions/unix/usersgroups/ux_emptygroups.md index 67710c8680..f94e6dda46 100644 --- a/docs/accessanalyzer/11.6/solutions/unix/usersgroups/ux_emptygroups.md +++ b/docs/accessanalyzer/11.6/solutions/unix/usersgroups/ux_emptygroups.md @@ -14,8 +14,11 @@ These are suitable candidates for consolidation or cleanup. Navigate to the **Unix** > **1.Users and Groups** > **UX_EmptyGroups** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the UX_EmptyGroups Job](/img/product_docs/accessanalyzer/11.6/solutions/unix/usersgroups/emptygroupsanalysis.webp) @@ -29,6 +32,7 @@ The default analysis tasks are: In addition to the table and views created by the analysis tasks, the UX_EmptyGroups job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ------------ | -------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Empty Groups | This report identifies empty groups within the audited domains | None | This report is comprised of three elements: - Bar Chart – Displays Empty Groups by Type - Table – Provides details on Empty Groups by Type bar chart - Table – Provides information on Empty Group Details | +| Report | Description | Default Tags | Report Elements | +| ------------ | -------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Empty Groups | This report identifies empty groups within the audited domains | None | This report is comprised of three elements:
  • Bar Chart – Displays Empty Groups by Type
  • Table – Provides details on Empty Groups by Type bar chart
  • Table – Provides information on Empty Group Details
| + diff --git a/docs/accessanalyzer/11.6/solutions/unix/usersgroups/ux_largegroups.md b/docs/accessanalyzer/11.6/solutions/unix/usersgroups/ux_largegroups.md index d8eb6c9f4f..b811ae5cde 100644 --- a/docs/accessanalyzer/11.6/solutions/unix/usersgroups/ux_largegroups.md +++ b/docs/accessanalyzer/11.6/solutions/unix/usersgroups/ux_largegroups.md @@ -27,8 +27,11 @@ The UX_LargeGroups job has the following customizable parameter: Navigate to the **Unix** > **1.Users and Groups** > **UX_LargeGroups** > **Configure** node and select Analysis to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the UX_LargeGroups Job](/img/product_docs/accessanalyzer/11.6/solutions/unix/usersgroups/largegroupsanalysis.webp) @@ -44,6 +47,7 @@ The default analysis task is: In addition to the table and views created by the analysis tasks, the UX_LargeGroups job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ------------ | -------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------- | -| Large Groups | This report identifies large groups within the audited domains | None | This report is comprised of two elements: - Bar Chart – Displays Top 5 Large Groups - Table – Provides information on Large Group Details | +| Report | Description | Default Tags | Report Elements | +| ------------ | -------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Large Groups | This report identifies large groups within the audited domains | None | This report is comprised of two elements:
  • Bar Chart – Displays Top 5 Large Groups
  • Table – Provides information on Large Group Details
| + diff --git a/docs/accessanalyzer/11.6/solutions/unix/usersgroups/ux_localgroups.md b/docs/accessanalyzer/11.6/solutions/unix/usersgroups/ux_localgroups.md index 5d6df8187f..2a50311090 100644 --- a/docs/accessanalyzer/11.6/solutions/unix/usersgroups/ux_localgroups.md +++ b/docs/accessanalyzer/11.6/solutions/unix/usersgroups/ux_localgroups.md @@ -14,8 +14,11 @@ environments. Navigate to the **Unix** > **1.Users and Groups** > **UX_LocalGroups** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the UX_LocalGroups Job](/img/product_docs/accessanalyzer/11.6/solutions/unix/usersgroups/localgroupsanalysis.webp) @@ -29,6 +32,7 @@ The default analysis tasks are: In addition to the table and views created by the analysis tasks, the UX_LocalGroups job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------- | -| Local Groups | This report summarizes local groups in the audited environment. Hosts with large numbers of local groups are highlighted, as are local groups with large memberships. | None | This report is comprised of two elements: - Bar Chart – Displays Top Hosts by Local Group Count - Table – Provides details on All Local Groups | +| Report | Description | Default Tags | Report Elements | +| ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Local Groups | This report summarizes local groups in the audited environment. Hosts with large numbers of local groups are highlighted, as are local groups with large memberships. | None | This report is comprised of two elements:
  • Bar Chart – Displays Top Hosts by Local Group Count
  • Table – Provides details on All Local Groups
| + diff --git a/docs/accessanalyzer/11.6/solutions/unix/usersgroups/ux_localusers.md b/docs/accessanalyzer/11.6/solutions/unix/usersgroups/ux_localusers.md index b0bd051edf..311802f768 100644 --- a/docs/accessanalyzer/11.6/solutions/unix/usersgroups/ux_localusers.md +++ b/docs/accessanalyzer/11.6/solutions/unix/usersgroups/ux_localusers.md @@ -14,8 +14,11 @@ environments. Navigate to the **Unix** > **1.Users and Groups** > **UX_LocalUsers** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the UX_LocalUsers Job](/img/product_docs/accessanalyzer/11.6/solutions/unix/usersgroups/localusersanalysis.webp) @@ -29,6 +32,7 @@ The default analysis tasks are: In addition to the table and views created by the analysis tasks, the UX_LocalUsers job produces the following pre-configured report: -| Report | Description | Default Tags | Report Elements | -| ----------- | ----------------------------------------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Local Users | This report summarizes local users in the audited environment. Hosts with large numbers of local users are highlighted. | None | This report is comprised of three elements: - Bar Chart – Displays Top 5 Hosts by Local User Count - Table – Provides details on Top 5 Local User Count bar chart - Table – Provides details on All Local Users | +| Report | Description | Default Tags | Report Elements | +| ----------- | ----------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Local Users | This report summarizes local users in the audited environment. Hosts with large numbers of local users are highlighted. | None | This report is comprised of three elements:
  • Bar Chart – Displays Top 5 Hosts by Local User Count
  • Table – Provides details on Top 5 Local User Count bar chart
  • Table – Provides details on All Local Users
| + diff --git a/docs/accessanalyzer/11.6/solutions/unix/usersgroups/ux_passwordsettings.md b/docs/accessanalyzer/11.6/solutions/unix/usersgroups/ux_passwordsettings.md index 92b1591ee2..aca2c15cc6 100644 --- a/docs/accessanalyzer/11.6/solutions/unix/usersgroups/ux_passwordsettings.md +++ b/docs/accessanalyzer/11.6/solutions/unix/usersgroups/ux_passwordsettings.md @@ -14,8 +14,11 @@ configurations within audited Unix and Linux environments. Navigate to the **Unix** > **1.Users and Groups** > **UX_PasswordSettings** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the UX_PasswordSettings Job](/img/product_docs/accessanalyzer/11.6/solutions/unix/usersgroups/passwordsettingsanalysis.webp) @@ -29,7 +32,8 @@ The default analysis tasks are: In addition to the table and views created by the analysis tasks, the UX_PasswordSettings job produces the following pre-configured reports: -| Report | Description | Default Tags | Report Elements | -| ------------------------- | -------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------- | -| Local User Passwords | This report outlines password information for each local user on each host | None | This report is comprised of one element: - Table – Provides details on User Password Settings | -| Password Security Setting | This report lists password security settings for each audited host | None | This report is comprised of one element: - Table – Provides details on Password Settings | +| Report | Description | Default Tags | Report Elements | +| ------------------------- | -------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------- | +| Local User Passwords | This report outlines password information for each local user on each host | None | This report is comprised of one element:
  • Table – Provides details on User Password Settings
| +| Password Security Setting | This report lists password security settings for each audited host | None | This report is comprised of one element:
  • Table – Provides details on Password Settings
| + diff --git a/docs/accessanalyzer/11.6/solutions/unix/usersgroups/ux_usersandgroups.md b/docs/accessanalyzer/11.6/solutions/unix/usersgroups/ux_usersandgroups.md index 697312a74b..f7d4014b2b 100644 --- a/docs/accessanalyzer/11.6/solutions/unix/usersgroups/ux_usersandgroups.md +++ b/docs/accessanalyzer/11.6/solutions/unix/usersgroups/ux_usersandgroups.md @@ -18,7 +18,10 @@ The UX_UsersAndGroups job is located in the 0.Collection job group. The UX_UsersandGroups job uses the Unix Data Collector for the following queries: -**CAUTION:** The queries are preconfigured for this job. Never modify the queries. +:::warning +The queries are preconfigured for this job. Never modify the queries. +::: + ![Queries for the UX_UsersAndGroups Job](/img/product_docs/accessanalyzer/11.6/solutions/unix/usersgroups/usersandgroupsqueries.webp) @@ -40,8 +43,11 @@ The queries for the UX_UsersAndGroups job are: Navigate to the **Unix** > **1.Users and Groups** > **0.Collection** > **UX_UsersAndGroups** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the UX_UsersAndGroups Job](/img/product_docs/accessanalyzer/11.6/solutions/unix/usersgroups/usersandgroupsanalysis.webp) diff --git a/docs/accessanalyzer/11.6/solutions/windows/applications/recommended.md b/docs/accessanalyzer/11.6/solutions/windows/applications/recommended.md index 297ebc80f5..e684177bf2 100644 --- a/docs/accessanalyzer/11.6/solutions/windows/applications/recommended.md +++ b/docs/accessanalyzer/11.6/solutions/windows/applications/recommended.md @@ -6,19 +6,19 @@ sidebar_position: 10 # Recommended Configurations for the Applications Job Group -Dependencies +**Dependencies** None -Targeted Hosts +**Targeted Hosts** All Windows Hosts -Schedule Frequency +**Schedule Frequency** This job group can be scheduled to run as desired. -Workflow +**Workflow** **Step 1 –** Ensure that the configured Connection Profile has local administrator privileges. diff --git a/docs/accessanalyzer/11.6/solutions/windows/applications/sg_installedapplications.md b/docs/accessanalyzer/11.6/solutions/windows/applications/sg_installedapplications.md index c5bc53c5fa..ffda229e6c 100644 --- a/docs/accessanalyzer/11.6/solutions/windows/applications/sg_installedapplications.md +++ b/docs/accessanalyzer/11.6/solutions/windows/applications/sg_installedapplications.md @@ -12,7 +12,10 @@ The SG_InstalledApplications job identifies installed applications on all target The SG_InstalledApplications job uses the WMICollector Data Collector for the following query: -**CAUTION:** The query is preconfigured for this job. Never modify the query. +:::warning +The query is preconfigured for this job. Never modify the query. +::: + ![Queries for the SG_InstalledApplications Job](/img/product_docs/accessanalyzer/11.6/solutions/windows/applications/installedapplicationsquery.webp) @@ -26,8 +29,11 @@ The query for the SG_InstalledApplications job are: Navigate to the **Windows** > **Applications** > **SG_InstalledApplications** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the SG_InstalledApplications Job](/img/product_docs/accessanalyzer/11.6/solutions/windows/applications/installedapplicationsanalysis.webp) @@ -43,7 +49,8 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the SG_InstalledApplications job produces the following pre-configured reports. -| Report | Description | Default Tags | Report Elements | -| -------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------ | -| All Installed Applications | This report details all installed applications, and highlights the most common installed applications across the audited environment. | None | This report is comprised of two elements: - Bar Chart – Displays top installed applications - Table – Provides details on installed applications | -| MS Office Applications | This report provides host-level details on which Microsoft Office applications are installed. | None | This report is comprised of two elements: - Bar Chart – Displays top MS Office applications - Table – Provides details on MS Office applications | +| Report | Description | Default Tags | Report Elements | +| -------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| All Installed Applications | This report details all installed applications, and highlights the most common installed applications across the audited environment. | None | This report is comprised of two elements:
  • Bar Chart – Displays top installed applications
  • Table – Provides details on installed applications
| +| MS Office Applications | This report provides host-level details on which Microsoft Office applications are installed. | None | This report is comprised of two elements:
  • Bar Chart – Displays top MS Office applications
  • Table – Provides details on MS Office applications
| + diff --git a/docs/accessanalyzer/11.6/solutions/windows/applications/sg_runatboot.md b/docs/accessanalyzer/11.6/solutions/windows/applications/sg_runatboot.md index 3555ddf17d..5d37eaff65 100644 --- a/docs/accessanalyzer/11.6/solutions/windows/applications/sg_runatboot.md +++ b/docs/accessanalyzer/11.6/solutions/windows/applications/sg_runatboot.md @@ -13,7 +13,10 @@ hosts. The SG_RunAtBoot job uses the Registry Data Collector for the following queries: -**CAUTION:** The queries are preconfigured for this job. Never modify the queries. +:::warning +The queries are preconfigured for this job. Never modify the queries. +::: + ![Queries for the SG_RunAtBoot Job](/img/product_docs/accessanalyzer/11.6/solutions/windows/applications/runatbootqueries.webp) @@ -28,8 +31,11 @@ The queries for the SG_RunAtBoot job are: Navigate to the **Windows** > **Applications** > **SG_RunAtBoot** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the SG_RunAtBoot Job](/img/product_docs/accessanalyzer/11.6/solutions/windows/applications/runatbootanalysis.webp) @@ -47,6 +53,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the SG_RunAtBoot job produces the following pre-configured reports. -| Report | Description | Default Tags | Report Elements | -| ----------- | ------------------------------------------------------------------------------------------------ | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Run at Boot | This report enumerates applications which are set to run at boot across the audited environment. | None | This report is comprised of three elements: - Bar Chart – Displays Top Hosts by Applications Run at Boot - Table – Provides details on Top Hosts by Applications Run at Boot bar chart - Table – Provides details on Run / Run Once Applications | +| Report | Description | Default Tags | Report Elements | +| ----------- | ------------------------------------------------------------------------------------------------ | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Run at Boot | This report enumerates applications which are set to run at boot across the audited environment. | None | This report is comprised of three elements:
  • Bar Chart – Displays Top Hosts by Applications Run at Boot
  • Table – Provides details on Top Hosts by Applications Run at Boot bar chart
  • Table – Provides details on Run / Run Once Applications
| + diff --git a/docs/accessanalyzer/11.6/solutions/windows/applications/sg_scheduledtasks.md b/docs/accessanalyzer/11.6/solutions/windows/applications/sg_scheduledtasks.md index 273accf4c2..dac71054fe 100644 --- a/docs/accessanalyzer/11.6/solutions/windows/applications/sg_scheduledtasks.md +++ b/docs/accessanalyzer/11.6/solutions/windows/applications/sg_scheduledtasks.md @@ -12,7 +12,10 @@ The SG_ScheduledTasks job lists scheduled task details on all targeted hosts. The SG_ScheduledTasks job uses the SystemInfo Data Collector for the following query: -**CAUTION:** The query is preconfigured for this job. Never modify the query. +:::warning +The query is preconfigured for this job. Never modify the query. +::: + ![Queries for the SG_ScheduledTasks Job](/img/product_docs/accessanalyzer/11.6/solutions/windows/applications/scheduledtasksquery.webp) @@ -26,8 +29,11 @@ The query for the SG_ScheduledTasks job is: Navigate to the **Windows** > **Applications** > **SG_ScheduledTasks** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the SG_ScheduledTasks Job](/img/product_docs/accessanalyzer/11.6/solutions/windows/applications/scheduledtasksanalysis.webp) @@ -45,6 +51,7 @@ The default analysis tasks are: In addition to the tables and views created by the analysis tasks, the SG_ScheduledTasks job produces the following pre-configured reports. -| Report | Description | Default Tags | Report Elements | -| --------------- | ---------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Scheduled Tasks | This report highlights scheduled tasks across the audited environment. | None | This report is comprised of three elements: - Bar Chart – Displays Hosts with Most Scheduled Tasks - Table – Provides details on Hosts with Most Scheduled Tasks bar chart - Table – Provides details on Scheduled Tasks | +| Report | Description | Default Tags | Report Elements | +| --------------- | ---------------------------------------------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Scheduled Tasks | This report highlights scheduled tasks across the audited environment. | None | This report is comprised of three elements:
  • Bar Chart – Displays Hosts with Most Scheduled Tasks
  • Table – Provides details on Hosts with Most Scheduled Tasks bar chart
  • Table – Provides details on Scheduled Tasks
| + diff --git a/docs/accessanalyzer/11.6/solutions/windows/authentication/recommended.md b/docs/accessanalyzer/11.6/solutions/windows/authentication/recommended.md index baf86d6f78..e9754e1f49 100644 --- a/docs/accessanalyzer/11.6/solutions/windows/authentication/recommended.md +++ b/docs/accessanalyzer/11.6/solutions/windows/authentication/recommended.md @@ -6,19 +6,19 @@ sidebar_position: 10 # Recommended Configurations for the Authentication Job Group -Dependencies +**Dependencies** None -Targeted Hosts +**Targeted Hosts** All Windows Hosts -Schedule Frequency +**Schedule Frequency** This job group can be scheduled to run as desired. -Workflow +**Workflow** **Step 1 –** Ensure that the configured Connection Profile has local administrator privileges. diff --git a/docs/accessanalyzer/11.6/solutions/windows/authentication/sg_lsasettings.md b/docs/accessanalyzer/11.6/solutions/windows/authentication/sg_lsasettings.md index cea3b19680..e3ab45cae7 100644 --- a/docs/accessanalyzer/11.6/solutions/windows/authentication/sg_lsasettings.md +++ b/docs/accessanalyzer/11.6/solutions/windows/authentication/sg_lsasettings.md @@ -16,7 +16,10 @@ article for additional information. The SG_LSASettings job uses the Registry Data Collector for the following queries: -**CAUTION:** The queries are preconfigured for this job. Never modify the queries. +:::warning +The queries are preconfigured for this job. Never modify the queries. +::: + ![Queries for the SG_LSASettings Job](/img/product_docs/accessanalyzer/11.6/solutions/windows/authentication/lsasettingsqueries.webp) @@ -30,8 +33,11 @@ The queries for the SG_LSASettings Job are: Navigate to the **Windows** > **Authentication** > **SG_LSASettings** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the SG_LSASettings Job](/img/product_docs/accessanalyzer/11.6/solutions/windows/authentication/lsasettingsanalysis.webp) @@ -54,8 +60,9 @@ The default analysis tasks are: In addition to the tables created by the data collector, the SG_LSASettings job produces the following pre-configured reports. -| Report | Description | Default Tags | Report Elements | -| ------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Additional LSA Protection | This report summarizes RunAsPPL registry settings on targeted hosts. This key governs whether or not additional LSA protection is enabled. See the Microsoft [Configuring Additional LSA Protection](https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn408187(v=ws.11)) article for additional information. | None | This report is comprised of two elements: - Pie Chart – Displays additional LSA protection by host - Table – Provides additional LSA Protection Details | -| PAC Validation | This report indicates whether or not PAC Validation is enabled on all targeted hosts. This is governed by the ValidateKdcPacSignature key. Default behavior in the event of this key's absence depends on the Windows version installed. See the Microsoft [Understanding Microsoft Kerberos PAC Validation](https://learn.microsoft.com/en-gb/archive/blogs/openspecification/understanding-microsoft-kerberos-pac-validation) article for additional information. | None | This report is comprised of two elements: - Pie Chart – Displays PAC validation status - Table – Provides PAC validation details | -| Restrict Anonymous Access | This report summarizes RestrictAnonymous registry settings on targeted hosts. This key governs whether or not access over anonymous connections is enabled. See the Microsoft [Restrict Anonymous check](https://learn.microsoft.com/en-us/previous-versions/tn-archive/bb418944(v=technet.10)) article for additional information. | None | This report is comprised of two elements: - Pie Chart – Displays anonymous access by host - Table – Provides anonymous access details | +| Report | Description | Default Tags | Report Elements | +| ------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Additional LSA Protection | This report summarizes RunAsPPL registry settings on targeted hosts. This key governs whether or not additional LSA protection is enabled. See the Microsoft [Configuring Additional LSA Protection](https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn408187(v=ws.11)) article for additional information. | None | This report is comprised of two elements:
  • Pie Chart – Displays additional LSA protection by host
  • Table – Provides additional LSA Protection Details
| +| PAC Validation | This report indicates whether or not PAC Validation is enabled on all targeted hosts. This is governed by the ValidateKdcPacSignature key. Default behavior in the event of this key's absence depends on the Windows version installed. See the Microsoft [Understanding Microsoft Kerberos PAC Validation](https://learn.microsoft.com/en-gb/archive/blogs/openspecification/understanding-microsoft-kerberos-pac-validation) article for additional information. | None | This report is comprised of two elements:
  • Pie Chart – Displays PAC validation status
  • Table – Provides PAC validation details
| +| Restrict Anonymous Access | This report summarizes RestrictAnonymous registry settings on targeted hosts. This key governs whether or not access over anonymous connections is enabled. See the Microsoft [Restrict Anonymous check](https://learn.microsoft.com/en-us/previous-versions/tn-archive/bb418944(v=technet.10)) article for additional information. | None | This report is comprised of two elements:
  • Pie Chart – Displays anonymous access by host
  • Table – Provides anonymous access details
| + diff --git a/docs/accessanalyzer/11.6/solutions/windows/authentication/sg_securitysupportproviders.md b/docs/accessanalyzer/11.6/solutions/windows/authentication/sg_securitysupportproviders.md index 512792064f..7b2b3070ad 100644 --- a/docs/accessanalyzer/11.6/solutions/windows/authentication/sg_securitysupportproviders.md +++ b/docs/accessanalyzer/11.6/solutions/windows/authentication/sg_securitysupportproviders.md @@ -13,7 +13,10 @@ highlighting potentially malicious SSPs. The SG_SecuritySupportProviders job uses the Registry Data Collector for the following queries: -**CAUTION:** The queries are preconfigured for this job. Never modify the queries. +:::warning +The queries are preconfigured for this job. Never modify the queries. +::: + ![Queries for the SG_SecuritySupportProviders Job](/img/product_docs/accessanalyzer/11.6/solutions/windows/authentication/securitysupportprovidersqueries.webp) @@ -27,8 +30,11 @@ The queries for the SG_SecuritySupportProviders job are: Navigate to the **Windows** > **Authentication** > **SG_SecuritySupportProviders** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the SG_SecuritySupportProviders Job](/img/product_docs/accessanalyzer/11.6/solutions/windows/authentication/securitysupportprovidersanalysis.webp) @@ -51,6 +57,7 @@ The optional analysis tasks are: In addition to the tables created by the data collector, the SG_SecuritySupportProviders job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| -------------------------- | ------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Security Support Providers | This report lists non-standard security support providers in the audited environment. | None | This report is comprised of two elements: - Pie Chart – Displays malicious security support providers by host - Table – Provides malicious security support providers details | +| Report | Description | Default Tags | Report Elements | +| -------------------------- | ------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Security Support Providers | This report lists non-standard security support providers in the audited environment. | None | This report is comprised of two elements:
  • Pie Chart – Displays malicious security support providers by host
  • Table – Provides malicious security support providers details
| + diff --git a/docs/accessanalyzer/11.6/solutions/windows/authentication/sg_wdigestsettings.md b/docs/accessanalyzer/11.6/solutions/windows/authentication/sg_wdigestsettings.md index 1408b61af5..102834a920 100644 --- a/docs/accessanalyzer/11.6/solutions/windows/authentication/sg_wdigestsettings.md +++ b/docs/accessanalyzer/11.6/solutions/windows/authentication/sg_wdigestsettings.md @@ -17,7 +17,10 @@ article for more information. The SG_WDigestSettings job uses the Registry and WMICollector Data Collectors for the following queries: -**CAUTION:** The queries are preconfigured for this job. Never modify the queries. +:::warning +The queries are preconfigured for this job. Never modify the queries. +::: + ![Queries for the SG_WDigestSettings Job](/img/product_docs/accessanalyzer/11.6/solutions/windows/authentication/wdigestsettingsqueries.webp) @@ -32,8 +35,11 @@ The queries for the SG_WDigestSettings job are: Navigate to the **Windows** > **Authentication** > **SG_WDigestSettings** > **Configure** node and select **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the SG_WDigestSettings Job](/img/product_docs/accessanalyzer/11.6/solutions/windows/authentication/wdigestsettingsanalysis.webp) @@ -49,6 +55,7 @@ The default analysis tasks are: In addition to the tables created by the data collector, the SG_WDigestSettings job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ---------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------ | ------------------------------------------------------------------------------------------------------------------------------------ | -| WDigest Settings | This report summarizes WDigest registry settings on targeted hosts. See the [Microsoft Security Advisory](https://support.microsoft.com/en-us/help/2871997/microsoft-security-advisory-update-to-improve-credentials-protection-a) article for additional details. | None | This report is comprised of two elements: - Pie Chart – Displays WDigest settings by host - Table – Provides WDigest setting details | +| Report | Description | Default Tags | Report Elements | +| ---------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------- | +| WDigest Settings | This report summarizes WDigest registry settings on targeted hosts. See the [Microsoft Security Advisory](https://support.microsoft.com/en-us/help/2871997/microsoft-security-advisory-update-to-improve-credentials-protection-a) article for additional details. | None | This report is comprised of two elements:
  • Pie Chart – Displays WDigest settings by host
  • Table – Provides WDigest setting details
| + diff --git a/docs/accessanalyzer/11.6/solutions/windows/openaccess/recommended.md b/docs/accessanalyzer/11.6/solutions/windows/openaccess/recommended.md index f5bbb74aeb..43a1433e24 100644 --- a/docs/accessanalyzer/11.6/solutions/windows/openaccess/recommended.md +++ b/docs/accessanalyzer/11.6/solutions/windows/openaccess/recommended.md @@ -6,24 +6,24 @@ sidebar_position: 10 # Recommended Configurations for the Open Access Job Group -Dependencies +**Dependencies** None -Targeted Hosts +**Targeted Hosts** All Windows Servers -Connection Profile +**Connection Profile** Configure a Connection Profile that is not part of the Domain Admin group. The report should be run with a non-privileged user account. -Schedule Frequency +**Schedule Frequency** This job in this job group should be scheduled to run daily. -Workflow +**Workflow** **Step 1 –** Configure a Connection Profile that is not part of the Domain Admin group. diff --git a/docs/accessanalyzer/11.6/solutions/windows/openaccess/sg_openfolders.md b/docs/accessanalyzer/11.6/solutions/windows/openaccess/sg_openfolders.md index e18f16a83b..3d840a1579 100644 --- a/docs/accessanalyzer/11.6/solutions/windows/openaccess/sg_openfolders.md +++ b/docs/accessanalyzer/11.6/solutions/windows/openaccess/sg_openfolders.md @@ -56,8 +56,11 @@ The subfolders depth is now saved to the configured level. Navigate to the **Windows** > **OpenAccess** > **SG_OpenFolders** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the SG_OpenFolders Job](/img/product_docs/accessanalyzer/11.6/solutions/windows/openaccess/openfoldersanalysis.webp) @@ -71,7 +74,8 @@ The default analysis tasks are: In addition to the tables created by the analysis tasks, the SG_OpenFolders job produces the following pre-configured reports. -| Report | Description | Default Tags | Report Elements | -| ------------------- | ------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------- | -| Open Access By Host | This report enumerates hosts with openly accessible folders. | None | This report is comprised of two elements: - Line Chart – Displays hosts with open folders - Table – Provides an open folder count by host | -| Open Folders | This report enumerates folders with open access across the audited environment. | None | This report is comprised of two elements: - Line Chart – Displays open folders over time - Table – Provides details on all open folders | +| Report | Description | Default Tags | Report Elements | +| ------------------- | ------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Open Access By Host | This report enumerates hosts with openly accessible folders. | None | This report is comprised of two elements:
  • Line Chart – Displays hosts with open folders
  • Table – Provides an open folder count by host
| +| Open Folders | This report enumerates folders with open access across the audited environment. | None | This report is comprised of two elements:
  • Line Chart – Displays open folders over time
  • Table – Provides details on all open folders
| + diff --git a/docs/accessanalyzer/11.6/solutions/windows/overview.md b/docs/accessanalyzer/11.6/solutions/windows/overview.md index fa31ddd3e7..910f28fd1a 100644 --- a/docs/accessanalyzer/11.6/solutions/windows/overview.md +++ b/docs/accessanalyzer/11.6/solutions/windows/overview.md @@ -14,18 +14,18 @@ server infrastructure from a central location. Key capabilities include privileg discovery, security configuration and vulnerability assessment, compliance reporting, and asset inventory. -Supported Platforms +**Supported Platforms** - Windows 7 and higher - Windows Server 2016 and later -Requirements, Permissions, and Ports +**Requirements, Permissions, and Ports** See the -[Target Windows Server and Desktop Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/windows/windows_1.md) +[Target Windows Server and Desktop Requirements, Permissions, and Ports](/docs/accessanalyzer/11.6/requirements/windows/target.md) topic for additional information. -Location +**Location** The Windows Solution requires a special Enterprise Auditor license. It can be installed from the Instant Job Wizard. See the diff --git a/docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/localadministrators/sg_localadmins.md b/docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/localadministrators/sg_localadmins.md index f57ec19743..47489941c9 100644 --- a/docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/localadministrators/sg_localadmins.md +++ b/docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/localadministrators/sg_localadmins.md @@ -14,7 +14,10 @@ privileged and should be monitored closely. The SG_LocalAdmins job uses the UsersGroups Data Collector for the following query: -**CAUTION:** The query is preconfigured for this job. Never modify the query. +:::warning +The query is preconfigured for this job. Never modify the query. +::: + ![Queries for the SG_LocalAdmins Job](/img/product_docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/localadministrators/localadminsquery.webp) @@ -27,8 +30,11 @@ The query for the SG_LocalAdmins job is: Navigate to the **Windows** > **Privileged Accounts** > **Local Administrators** > **SG_LocalAdmins** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the SG_LocalAdmins Job](/img/product_docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/localadministrators/localadminsanalysis.webp) @@ -46,11 +52,12 @@ The default analysis tasks are: In addition to the tables created by the analysis tasks, the SG_LocalAdmins job produces the following pre-configured reports. -| Report | Description | Default Tags | Report Elements | -| -------------------- | ---------------------------------------------------------------------------------------------- | ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Local Administrators | This report identifies servers with the largest local administrator groups in the environment. | GDPR, SOX, HIPAA, PCI-DSS, GLBA, ITAR, FERPA, FISMA, ISO27001 | This report is comprised of three elements: - Stacked Chart – Displays largest local administrator groups - Table – Provides membership details - Table – Provides a local administrator groups summary | -| Membership Changes | This report identifies changes in effective membership between two scans of the environment. | None | This report is comprised of one element: - Table – Displays membership changes | -| Privileged Accounts | This report highlights user accounts with a large number of local administrator rights. | None | This report is comprised of two elements: - Stacked Chart – Displays top trustees by administrator rights - Table – Provides details on privileged accounts | +| Report | Description | Default Tags | Report Elements | +| -------------------- | ---------------------------------------------------------------------------------------------- | ------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Local Administrators | This report identifies servers with the largest local administrator groups in the environment. | GDPR, SOX, HIPAA, PCI-DSS, GLBA, ITAR, FERPA, FISMA, ISO27001 | This report is comprised of three elements:
  • Stacked Chart – Displays largest local administrator groups
  • Table – Provides membership details
  • Table – Provides a local administrator groups summary
| +| Membership Changes | This report identifies changes in effective membership between two scans of the environment. | None | This report is comprised of one element:
  • Table – Displays membership changes
| +| Privileged Accounts | This report highlights user accounts with a large number of local administrator rights. | None | This report is comprised of two elements:
  • Stacked Chart – Displays top trustees by administrator rights
  • Table – Provides details on privileged accounts
| + ## Least Privilege Model diff --git a/docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/localadministrators/sg_microsoftlaps.md b/docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/localadministrators/sg_microsoftlaps.md index 12a64f1668..9d78266f62 100644 --- a/docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/localadministrators/sg_microsoftlaps.md +++ b/docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/localadministrators/sg_microsoftlaps.md @@ -17,7 +17,10 @@ article for additional information. The SG_MicrosoftLAPS job uses the Registry Data Collector for the following query: -**CAUTION:** The query is preconfigured for this job. Never modify the query. +:::warning +The query is preconfigured for this job. Never modify the query. +::: + ![Queries for the SG_MicrosoftLAPS Job](/img/product_docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/localadministrators/microsoftlapsquery.webp) @@ -30,8 +33,11 @@ The query for the SG_MicrosoftLAPS job is: Navigate to the **Windows** > **Privileged Accounts** > **Local Administrators** > **SG_MicrosoftLAPS** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the SG_MicrosoftLAPS Job](/img/product_docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/localadministrators/microsoftlapsanalysis.webp) @@ -43,6 +49,7 @@ The default analysis task is: In addition to the tables created by the analysis tasks, the SG_MicrosoftLAPS job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ----------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------- | -| Microsoft LAPS Overview | This report gives an overview of LAPS policies in the audited environment. LAPS allows for centralized local administrator password management within Active Directory. | None | This report is comprised of two elements: - Pie Chart – Displays LAPS status by host - Table – Provides LAPS policy details | +| Report | Description | Default Tags | Report Elements | +| ----------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------- | +| Microsoft LAPS Overview | This report gives an overview of LAPS policies in the audited environment. LAPS allows for centralized local administrator password management within Active Directory. | None | This report is comprised of two elements:
  • Pie Chart – Displays LAPS status by host
  • Table – Provides LAPS policy details
| + diff --git a/docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/localadministrators/sg_sessions.md b/docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/localadministrators/sg_sessions.md index c566db54e2..fa68759af3 100644 --- a/docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/localadministrators/sg_sessions.md +++ b/docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/localadministrators/sg_sessions.md @@ -14,7 +14,10 @@ could be leveraged in a Pass the Hash attack. The SG_Sessions job uses the SystemInfo Data Collector for the following queries: -**CAUTION:** The queries) are preconfigured for this job. Never modify the queries. +:::warning +The queries) are preconfigured for this job. Never modify the queries. +::: + ![Queries for the SG_Sessions Job](/img/product_docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/localadministrators/sessionsqueries.webp) @@ -45,6 +48,7 @@ The default analysis tasks are: In addition to the tables created by the analysis tasks, the SG_Sessions job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| -------- | --------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Sessions | This report identifies domain administrators that may have credentials in memory on member servers. | CCPA, GDPR, SOX, HIPAA, PCI-DSS, GLBA, ITAR, FERPA, FISMA, ISO27001 | This report is comprised of four elements: - Table – Details the scope of the SG_Sessions job - Pie Chart – Displays LAPS status by host - Table – Provides LAPS policy details - Table – Provides details on all sessions | +| Report | Description | Default Tags | Report Elements | +| -------- | --------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Sessions | This report identifies domain administrators that may have credentials in memory on member servers. | CCPA, GDPR, SOX, HIPAA, PCI-DSS, GLBA, ITAR, FERPA, FISMA, ISO27001 | This report is comprised of four elements:
  • Table – Details the scope of the SG_Sessions job
  • Pie Chart – Displays LAPS status by host
  • Table – Provides LAPS policy details
  • Table – Provides details on all sessions
| + diff --git a/docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/logonrights/collection/sg_grouppolicy.md b/docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/logonrights/collection/sg_grouppolicy.md index 58087836e8..02067fdfca 100644 --- a/docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/logonrights/collection/sg_grouppolicy.md +++ b/docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/logonrights/collection/sg_grouppolicy.md @@ -18,7 +18,10 @@ assignments are audited: The SG_GroupPolicy job uses the GroupPolicy Data Collector for the following query: -**CAUTION:** The query is preconfigured for this job. Never modify the query. +:::warning +The query is preconfigured for this job. Never modify the query. +::: + ![Queries for the SG_GroupPolicy Job](/img/product_docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/logonrights/collection/grouppolicyquery.webp) diff --git a/docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/logonrights/collection/sg_localmembership.md b/docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/logonrights/collection/sg_localmembership.md index 46a6e21d85..782c7cb28b 100644 --- a/docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/logonrights/collection/sg_localmembership.md +++ b/docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/logonrights/collection/sg_localmembership.md @@ -12,7 +12,10 @@ The SG_LocalMembership job collects local group membership from all targeted ser The SG_LocalMembership job uses the UsersGroups Data Collector for the following query: -**CAUTION:** The query is preconfigured for this job. Never modify the query. +:::warning +The query is preconfigured for this job. Never modify the query. +::: + ![Queries for the SG_LocalMembership Job](/img/product_docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/logonrights/collection/localmembershipquery.webp) @@ -25,8 +28,11 @@ The query for the SG_LocalMembership job is: Navigate to the **Windows** > **Privileged Accounts** > **Logon Rights** > **Collection** > **SG_LocalMembership** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the SG_LocalMembership Job](/img/product_docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/logonrights/collection/localmembershipanalysis.webp) diff --git a/docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/logonrights/collection/sg_localusers.md b/docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/logonrights/collection/sg_localusers.md index a9f35557fe..f2c40ce951 100644 --- a/docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/logonrights/collection/sg_localusers.md +++ b/docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/logonrights/collection/sg_localusers.md @@ -12,7 +12,10 @@ The SG_LocalUsers job audits local user accounts from all targeted hosts. The SG_LocalMembership job uses the UsersGroups Data Collector for the following query: -**CAUTION:** The query is preconfigured for this job. Never modify the query. +:::warning +The query is preconfigured for this job. Never modify the query. +::: + ![Queries for the SG_LocalUsers Job](/img/product_docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/logonrights/collection/localusersquery.webp) @@ -25,8 +28,11 @@ The query for the SG_LocalUsers job is: Navigate to the **Windows** > **Privileged Accounts** > **Logon Rights** > **Collection** > **SG_LocalUsers** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the SG_LocalUsers Job](/img/product_docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/logonrights/collection/localusersanalysis.webp) diff --git a/docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/logonrights/sg_accountprivileges.md b/docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/logonrights/sg_accountprivileges.md index 10a38622f8..c4180dd4ff 100644 --- a/docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/logonrights/sg_accountprivileges.md +++ b/docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/logonrights/sg_accountprivileges.md @@ -8,7 +8,7 @@ sidebar_position: 20 The SG_AccountPrivileges job identifies accounts privileges on hosts in the targeted environment. -Targeted Hosts +**Targeted Hosts** All Windows Hosts @@ -16,7 +16,10 @@ All Windows Hosts The SG_AccountPrivileges job uses the PowerShell Data Collector for the following query: -**CAUTION:** The query is preconfigured for this job. Never modify the query. +:::warning +The query is preconfigured for this job. Never modify the query. +::: + ![Queries for the SG_AccountPrivileges Job](/img/product_docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/logonrights/accountprivilegesquery.webp) @@ -29,8 +32,11 @@ The query for the SG_AccountPrivileges job is: Navigate to the **Windows** > **Privileged Accounts** > **Logon Rights** > **SG_AccountPrivileges** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the SG_AccountPrivileges Job](/img/product_docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/logonrights/accountprivilegesanalysis.webp) @@ -42,6 +48,7 @@ The default analysis task is: In addition to the tables created by the analysis tasks, the SG_AccountPrivileges job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------- | -| Account Privilege Details | This report highlights account privileges on hosts in the targeted environment. Default privileges present on all Windows hosts have been filtered. | None | This report is comprised of one element: - Table – Provides account privilege details | +| Report | Description | Default Tags | Report Elements | +| ------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------- | +| Account Privilege Details | This report highlights account privileges on hosts in the targeted environment. Default privileges present on all Windows hosts have been filtered. | None | This report is comprised of one element:
  • Table – Provides account privilege details
| + diff --git a/docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/logonrights/sg_localpolicies.md b/docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/logonrights/sg_localpolicies.md index 810795bd23..161dcd1488 100644 --- a/docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/logonrights/sg_localpolicies.md +++ b/docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/logonrights/sg_localpolicies.md @@ -13,8 +13,11 @@ The SG_LocalPolicies job identifies privileged accounts with high levels of serv Navigate to the **Windows** > **Privileged Accounts** > **Logon Rights** > **SG_LocalPolicies** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the SG_LocalPolicies Job](/img/product_docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/logonrights/localpoliciesanalysis.webp) @@ -34,8 +37,9 @@ The default analysis tasks are: In addition to the tables created by the analysis tasks, the SG_LocalPolicies job produces the following pre-configured reports. -| Report | Description | Default Tags | Report Elements | -| ---------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Local Account Network Access | This report highlights whether or not the **Local accounts** and **Local account and member of Administrators group** principals can be used to access a given host across the network. | None | This report is comprised of two elements: - Stacked Bar Chart – Displays a local accounts access enterprise summary - Table – Provides local account network access details | -| Local Security Policies | This report identifies effective local security policy assignments. In particular, **Allow log on locally**, **Log on as a batch job**, **Allow log on through Remote Desktop Services**, and **Log on as a service** are considered. Special attention is paid to policies with a large number of trustee assignments. It displays Largest Policies by Number of Domain User Accounts in a graph format, and Trustee Details in a table format. | GDPR, SOX, HIPAA, PCI-DSS, GLBA, ITAR, FERPA, FISMA, ISO27001 | This report is comprised of three elements: - Stacked Bar Chart – Displays largest policies by number of domain user accounts - Table – Provides details largest policies by number of domain user accounts - Table – Provides trustee details | -| Privileged Accounts | This report highlights user accounts with a large number of rights. | None | This report is comprised of two elements: - Stacked Bar Chart – Displays top trustees by logon rights - Table – Provides details on all trustees | +| Report | Description | Default Tags | Report Elements | +| ---------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Local Account Network Access | This report highlights whether or not the **Local accounts** and **Local account and member of Administrators group** principals can be used to access a given host across the network. | None | This report is comprised of two elements:
  • Stacked Bar Chart – Displays a local accounts access enterprise summary
  • Table – Provides local account network access details
| +| Local Security Policies | This report identifies effective local security policy assignments. In particular, **Allow log on locally**, **Log on as a batch job**, **Allow log on through Remote Desktop Services**, and **Log on as a service** are considered. Special attention is paid to policies with a large number of trustee assignments. It displays Largest Policies by Number of Domain User Accounts in a graph format, and Trustee Details in a table format. | GDPR, SOX, HIPAA, PCI-DSS, GLBA, ITAR, FERPA, FISMA, ISO27001 | This report is comprised of three elements:
  • Stacked Bar Chart – Displays largest policies by number of domain user accounts
  • Table – Provides details largest policies by number of domain user accounts
  • Table – Provides trustee details
| +| Privileged Accounts | This report highlights user accounts with a large number of rights. | None | This report is comprised of two elements:
  • Stacked Bar Chart – Displays top trustees by logon rights
  • Table – Provides details on all trustees
| + diff --git a/docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/recommended.md b/docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/recommended.md index 961eaa59ab..ff4d781aa5 100644 --- a/docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/recommended.md +++ b/docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/recommended.md @@ -6,14 +6,14 @@ sidebar_position: 10 # Recommended Configurations for the Privileged Accounts Job Group -Dependencies +**Dependencies** - SG_AccountPrivileges – To populate the Local Administrator column, which is hidden by default, the SG_LocalAdmins job must be run prior to running this job - The **Logon Rights** > **Collection** job group must be run prior to running the SG_LocalPolicies job -Targeted Hosts +**Targeted Hosts** All Windows Servers (No DCs) for: @@ -24,11 +24,11 @@ All Window Hosts for: - Service Accounts job group -Schedule Frequency +**Schedule Frequency** This job group can be scheduled to run as desired. -Workflow +**Workflow** **Step 1 –** Ensure that the configured Connection Profile has local administrator privileges and Domain Admin privileges if targeting domain controllers. diff --git a/docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/sg_serviceaccounts.md b/docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/sg_serviceaccounts.md index 874825db98..4a445e51db 100644 --- a/docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/sg_serviceaccounts.md +++ b/docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/sg_serviceaccounts.md @@ -17,7 +17,10 @@ The SG_ServiceAccounts job is located in the Service Account job group. The SG_ServiceAccounts job uses the Services Data Collector for the following query: -**CAUTION:** The query is preconfigured for this job. Never modify the query. +:::warning +The query is preconfigured for this job. Never modify the query. +::: + ![Queries for the SG_ServiceAccounts Job](/img/product_docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/serviceaccountsquery.webp) @@ -34,8 +37,11 @@ topic for additional information. Navigate to the **Jobs** > **Windows** > **Privileged Accounts** > **Service Accounts** > **SG_ServiceAccounts** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the SG_ServiceAccounts Job](/img/product_docs/accessanalyzer/11.6/solutions/windows/privilegedaccounts/serviceaccountsanalysis.webp) @@ -49,6 +55,7 @@ The default analysis tasks are: In addition to the tables created by the analysis tasks, the SG_ServiceAccounts job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ---------------- | --------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Service Accounts | This report identifies domain accounts being used for services. | None | This report is comprised of three elements: - Bar Chart – Displays domains by service accounts found - Table – Provides domains by service accounts found - Table – Provides service details | +| Report | Description | Default Tags | Report Elements | +| ---------------- | --------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Service Accounts | This report identifies domain accounts being used for services. | None | This report is comprised of three elements:
  • Bar Chart – Displays domains by service accounts found
  • Table – Provides domains by service accounts found
  • Table – Provides service details
| + diff --git a/docs/accessanalyzer/11.6/solutions/windows/recommended.md b/docs/accessanalyzer/11.6/solutions/windows/recommended.md index a0c58f7f49..ce0faf0913 100644 --- a/docs/accessanalyzer/11.6/solutions/windows/recommended.md +++ b/docs/accessanalyzer/11.6/solutions/windows/recommended.md @@ -6,18 +6,18 @@ sidebar_position: 10 # Recommended Configurations for the Windows Solution -Dependencies +**Dependencies** The .Active Directory Inventory job group needs to be executed prior to running the Windows Solution. See individual sub-groups and jobs for the dependencies. -Target Hosts +**Target Hosts** See individual sub-groups and jobs for host list designations. -Connection Profile +**Connection Profile** The Connection Profile used for this job needs to have local administrator privileges. By default, this job group's Connection Profile is set to **Use Default Profile (Inherit from the parent group, @@ -25,12 +25,12 @@ if any, or the global Default setting)**. See the [Connection](/docs/accessanalyzer/11.6/admin/settings/connection/overview.md) topic for additional information. -History Retention +**History Retention** See individual sub-groups and jobs for history support. Use Default Settings unless instructed otherwise. -Additional Notes +**Additional Notes** Some jobs in the Windows Job Group use custom SQL scripts to render views on collected data. SQL views are used to populate report element tables and graphs. Changing or modifying the group, job, diff --git a/docs/accessanalyzer/11.6/solutions/windows/securityutilities/openportscan/overview.md b/docs/accessanalyzer/11.6/solutions/windows/securityutilities/openportscan/overview.md index f53d7113e9..c140303a91 100644 --- a/docs/accessanalyzer/11.6/solutions/windows/securityutilities/openportscan/overview.md +++ b/docs/accessanalyzer/11.6/solutions/windows/securityutilities/openportscan/overview.md @@ -12,8 +12,11 @@ executing a netstat command on the target hosts and collecting the results for r ![OpenPortScan Job Group in the Jobs Tree](/img/product_docs/accessanalyzer/11.6/solutions/windows/securityutilities/openportscan/openportscanjobstree.webp) -_Remember,_ both jobs need to be assigned the same host list under the Host List Assignments node in +:::tip +Remember, both jobs need to be assigned the same host list under the Host List Assignments node in the OpenPortScan job group’s settings. +::: + The jobs in the OpenPortScan job group are: diff --git a/docs/accessanalyzer/11.6/solutions/windows/securityutilities/openportscan/remoteopenport.md b/docs/accessanalyzer/11.6/solutions/windows/securityutilities/openportscan/remoteopenport.md index faf5637bd1..cccc93940d 100644 --- a/docs/accessanalyzer/11.6/solutions/windows/securityutilities/openportscan/remoteopenport.md +++ b/docs/accessanalyzer/11.6/solutions/windows/securityutilities/openportscan/remoteopenport.md @@ -13,7 +13,10 @@ the available ports on the targeted hosts. The RemoteOpenPort job uses the Script Data Collector for the following query: -**CAUTION:** The query is preconfigured for this job. Never modify the query. +:::warning +The query is preconfigured for this job. Never modify the query. +::: + ![Queries for the RemoteOpenPort Job](/img/product_docs/accessanalyzer/11.6/solutions/windows/securityutilities/openportscan/remoteopenportquery.webp) @@ -27,11 +30,14 @@ The query for the RemoteOpenPort job is: Navigate to the **Windows** > **Security Utilities** > **OpenPortScan** > **RemoteOpenPort** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the RemoteOpenPort Job](/img/product_docs/accessanalyzer/11.6/solutions/windows/securityutilities/openportscan/remoteopenportanalysis.webp) The default analysis task is: -- 1. Impose 30 Second Wait Timer – Slows processing down to allow remote command to complete +- **1. Impose 30 Second Wait Timer** – Slows processing down to allow remote command to complete diff --git a/docs/accessanalyzer/11.6/solutions/windows/securityutilities/openportscan/retrievenetstat.md b/docs/accessanalyzer/11.6/solutions/windows/securityutilities/openportscan/retrievenetstat.md index 0657b6e0b2..9e10e21643 100644 --- a/docs/accessanalyzer/11.6/solutions/windows/securityutilities/openportscan/retrievenetstat.md +++ b/docs/accessanalyzer/11.6/solutions/windows/securityutilities/openportscan/retrievenetstat.md @@ -13,7 +13,10 @@ systems. The RetrieveNetstat job is uses the TextSearch Data Collector for the following query: -**CAUTION:** The query is preconfigured for this job. Never modify the query. +:::warning +The query is preconfigured for this job. Never modify the query. +::: + ![Queries for the RetrieveNetstat Job](/img/product_docs/accessanalyzer/11.6/solutions/windows/securityutilities/openportscan/remoteopenportquery.webp) @@ -27,19 +30,23 @@ The query for the RetrieveNetstat job is: Navigate to the **Windows** > **Security Utilities** > **OpenPortScan** > **RetrieveNetstat** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the RetrieveNetstat Job](/img/product_docs/accessanalyzer/11.6/solutions/windows/securityutilities/openportscan/retrievenetstatanalysis.webp) The default analysis tasks are: -- 1. NETSTAT Result – Creates the SA_RetrieveNetstat_NETSTAT table accessible under the job’s +- **1. NETSTAT Result** – Creates the SA_RetrieveNetstat_NETSTAT table accessible under the job’s Results node In addition to the tables and views created by the analysis tasks, the EX_DeliveryTimes job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| --------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------- | -| Network Ports (Open Ports Report) | This job is designed to report on all available ports on the targeted host. It will bring back the results of a `Netstat -b -a`. | None | This report is comprised of one element: - Table – Provides details on open ports | +| Report | Description | Default Tags | Report Elements | +| --------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------- | +| Network Ports (Open Ports Report) | This job is designed to report on all available ports on the targeted host. It will bring back the results of a `Netstat -b -a`. | None | This report is comprised of one element:
  • Table – Provides details on open ports
| + diff --git a/docs/accessanalyzer/11.6/solutions/windows/securityutilities/recommended.md b/docs/accessanalyzer/11.6/solutions/windows/securityutilities/recommended.md index a800bb3e8c..53cdc89888 100644 --- a/docs/accessanalyzer/11.6/solutions/windows/securityutilities/recommended.md +++ b/docs/accessanalyzer/11.6/solutions/windows/securityutilities/recommended.md @@ -6,26 +6,26 @@ sidebar_position: 10 # Recommended Configurations for the Security Utilities Job Group -Dependencies +**Dependencies** The RemoteOpenPort job must be must be successfully run prior to running the RetrieveNetstat job. -Targeted Hosts +**Targeted Hosts** - OpenPortScan Job Group – There is no assigned host list for this job group. Configure a host list with any desired systems to be audited prior to running this job group. Both jobs in the OpenPortScan job group need to be assigned the same target host list. - SG_PowerShellCommands – All Windows Servers (No DCs) -Schedule Frequency +**Schedule Frequency** This job group can be scheduled to run as desired. -History Retention +**History Retention** - SG_PowerShellCommands job – History is required and is turned on by default -Workflow +**Workflow** **Step 1 –** Ensure that the configured Connection Profile has local administrator privileges and Domain Admin privileges if targeting domain controllers. diff --git a/docs/accessanalyzer/11.6/solutions/windows/securityutilities/sg_powershellcommands.md b/docs/accessanalyzer/11.6/solutions/windows/securityutilities/sg_powershellcommands.md index 350b0ed494..a31f820f45 100644 --- a/docs/accessanalyzer/11.6/solutions/windows/securityutilities/sg_powershellcommands.md +++ b/docs/accessanalyzer/11.6/solutions/windows/securityutilities/sg_powershellcommands.md @@ -13,8 +13,11 @@ of commands considered can be customized by configuring the Check PowerShell Log The SG_PowerShellCommands job uses the SmartLog Data Collector for the following queries: -**CAUTION:** The Check PowerShell Operations log query is preconfigured for this job. Never modify +:::warning +The Check PowerShell Operations log query is preconfigured for this job. Never modify the query. +::: + ![Queries for the SG_PowerShellCommands Job](/img/product_docs/accessanalyzer/11.6/solutions/windows/securityutilities/powershellcommandsqueries.webp) @@ -61,8 +64,11 @@ The Check PowerShell log query has now been saved with the new conditions. View the analysis tasks by navigating to the **Windows** > **Security Utilities** > **SG_PowerShellCommands** > **Configure** node and selecting **Analysis**. -**CAUTION:** Do not modify or deselect the selected analysis tasks. The analysis tasks are +:::warning +Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job. +::: + ![Analysis Tasks for the SG_PowerShellCommands Job](/img/product_docs/accessanalyzer/11.6/solutions/windows/securityutilities/powershellcommandsanalysis.webp) @@ -84,9 +90,10 @@ The optional analysis tasks is: In addition to the tables and views created by the analysis tasks, the EX_DeliveryTimes job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| ------------------------------ | ----------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Suspicious PowerShell Commands | This report highlights instances where suspicious PowerShell commands have been found in a host's PowerShell log. | None | This report is comprised of three elements: - Bar Chart – Displays suspicious commands by host - Table – Provides details on suspicious commands by host - Table – Provides command details | +| Report | Description | Default Tags | Report Elements | +| ------------------------------ | ----------------------------------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Suspicious PowerShell Commands | This report highlights instances where suspicious PowerShell commands have been found in a host's PowerShell log. | None | This report is comprised of three elements:
  • Bar Chart – Displays suspicious commands by host
  • Table – Provides details on suspicious commands by host
  • Table – Provides command details
| + ### Configure the Notify on Suspicious Commands Analysis Task diff --git a/docs/accessanalyzer/11.6/solutions/windows/sg_securityassessment.md b/docs/accessanalyzer/11.6/solutions/windows/sg_securityassessment.md index 0d18482e4e..2727ef451f 100644 --- a/docs/accessanalyzer/11.6/solutions/windows/sg_securityassessment.md +++ b/docs/accessanalyzer/11.6/solutions/windows/sg_securityassessment.md @@ -15,7 +15,7 @@ corresponding details that can be used to prioritize and remediate security issu ## Recommended Configurations for the SG_SecurityAssessment Job -Dependencies +**Dependencies** One or more of the following jobs must be run to generate data for the report: @@ -42,15 +42,15 @@ One or more of the following jobs must be run to generate data for the report: - Security Utilities > **SG_PowerShellCommands** -Targeted Hosts +**Targeted Hosts** None -Schedule Frequency +**Schedule Frequency** This job can be scheduled to run as desired. -Workflow +**Workflow** **Step 1 –** Run one or more of the jobs needed to generate data for this report. @@ -63,8 +63,11 @@ Workflow Navigate to the **Windows** > **SG_SecurityAssessment** > **Configure** node and select **Analysis** to view the analysis tasks. -**CAUTION:** Do not modify or deselect the selected analysis task. The analysis task is +:::warning +Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job. +::: + ![Analysis Tasks for the SG_SecurityAssessment Job](/img/product_docs/accessanalyzer/11.6/solutions/windows/securityassessmentanalysis.webp) @@ -76,6 +79,7 @@ The default analysis task is: In addition to the tables and views created by the analysis tasks, the SG_SecurityAssessment job produces the following pre-configured report. -| Report | Description | Default Tags | Report Elements | -| --------------------------- | ------------------------------------------------------------------------------ | --------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Systems Security Assessment | This report summarizes security related results from the Windows solution set. | GDPR, SOX, PCI, HIPAA | This report is comprised of four elements: - Pie Chart – Displays a findings by severity - Table – Provides scope of audit details - Table – Displays details on security assessment results - Table – Provides details on findings by category | +| Report | Description | Default Tags | Report Elements | +| --------------------------- | ------------------------------------------------------------------------------ | --------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Systems Security Assessment | This report summarizes security related results from the Windows solution set. | GDPR, SOX, PCI, HIPAA | This report is comprised of four elements:
  • Pie Chart – Displays a findings by severity
  • Table – Provides scope of audit details
  • Table – Displays details on security assessment results
  • Table – Provides details on findings by category
| + diff --git a/docs/accessanalyzer/11.6/whatsnew.md b/docs/accessanalyzer/11.6/whatsnew.md index 351413fd2c..309b15e82c 100644 --- a/docs/accessanalyzer/11.6/whatsnew.md +++ b/docs/accessanalyzer/11.6/whatsnew.md @@ -18,7 +18,7 @@ Enterprise Auditor version. ## Enterprise Auditor v11.6 -New: Qumulo and Nutanix Servers Auditing +**New: Qumulo and Nutanix Servers Auditing** Reduce the risk of data breaches by identifying sensitive data and getting insights into permissions and activity around this data. @@ -30,21 +30,21 @@ and activity around this data. - **Spot suspicious activity** – Monitor activity around your sensitive data stored in Qumulo or Nutanix servers so you can spot threats in time to prevent real damage -New: Rebranding to Netwrix Enterprise Auditor +**New: Rebranding to Netwrix Enterprise Auditor** Netwrix StealthAUDIT is now Netwrix Enterprise Auditor. The UI has also been updated to reflect the Netwrix brand. -Enhancement: Enhanced AD Security Assessment +**Enhancement: Enhanced AD Security Assessment** Netwrix Enterprise Auditor now has 50 new AD security checks to identify potential vulnerabilities. -Enhancement: Revised Credentials and Data Security Assessment (CDSA) +**Enhancement: Revised Credentials and Data Security Assessment (CDSA)** We've enhanced CDSA by incorporating more security indicators, offering a more comprehensive and trustworthy security evaluation. -Enhancement: Single Reports Across Multiple Databases +**Enhancement: Single Reports Across Multiple Databases** Netwrix Enterprise Auditor now generates combined reports for all monitored databases, including sensitive data, security assessments, and database sizing. @@ -55,6 +55,6 @@ Azure AD) Scans We've significantly boosted the efficiency of SharePoint, File Systems, and Microsoft Entra ID scans, ensuring quicker and more streamlined scan results. -Enhancement: Improved administration experience and performance +**Enhancement: Improved administration experience and performance** Numerous enhancements have been made to improve administration experience and performance. diff --git a/docs/accessanalyzer/12.0/admin/datacollector/fsaa/scansettings.md b/docs/accessanalyzer/12.0/admin/datacollector/fsaa/scansettings.md index 74db3a9f07..ef8a965522 100644 --- a/docs/accessanalyzer/12.0/admin/datacollector/fsaa/scansettings.md +++ b/docs/accessanalyzer/12.0/admin/datacollector/fsaa/scansettings.md @@ -12,7 +12,7 @@ wizard page for the categories of: - System Access/Permission Auditing Scan - Sensitive Data -![FSAA Data Collector Wizard Scan Settings page](/img/product_docs/accessanalyzer/12.0/admin/datacollector/fsaa/scansettings.webp) +![FSAA Data Collector Wizard Scan Settings page](/img/product_docs/accessanalyzer/12.0/admin/datacollector/fsaa/scansettings_1.webp) In the Scan Protocols section, select the desired checkboxes for including certain types of shared folders: diff --git a/docs/accessanalyzer/12.0/admin/datacollector/fsaa/workflows.md b/docs/accessanalyzer/12.0/admin/datacollector/fsaa/workflows.md index 7c759b9051..ec9f70c79c 100644 --- a/docs/accessanalyzer/12.0/admin/datacollector/fsaa/workflows.md +++ b/docs/accessanalyzer/12.0/admin/datacollector/fsaa/workflows.md @@ -252,14 +252,14 @@ Applying these analysis tasks result in the deletion of collected data. ![FS_DropTables Job Analysis Selection page](/img/product_docs/accessanalyzer/12.0/admin/datacollector/fsaa/droptablesanalysistasks.webp) -- 1. Drop FSAA functions – Removes all functions and views from previous runs of the File System +- **1. Drop FSAA functions** – Removes all functions and views from previous runs of the File System Solution -- 2. Drop FSAC tables – Drops the File System Activity Auditing tables imported from the previous +- **2. Drop FSAC tables** – Drops the File System Activity Auditing tables imported from the previous runs -- 3. Drop FSDLP Tables – Drops the File System Sensitive Data Discovery Auditing tables imported +- **3. Drop FSDLP Tables** – Drops the File System Sensitive Data Discovery Auditing tables imported from the previous runs -- 4. Drop FSDFS Tables – Drops the File System DFS Auditing tables imported from the previous runs -- 5. Drop FSAA Tables – Drops File System Access Auditing tables imported from the previous runs +- **4. Drop FSDFS Tables** – Drops the File System DFS Auditing tables imported from the previous runs +- **5. Drop FSAA Tables** – Drops File System Access Auditing tables imported from the previous runs Do not try to run these tasks separately, as they are designed to work together. Follow these steps to run the analysis tasks: diff --git a/docs/accessanalyzer/12.0/admin/datacollector/permissionmatrix.md b/docs/accessanalyzer/12.0/admin/datacollector/permissionmatrix.md index 7797165421..41d3ccb41c 100644 --- a/docs/accessanalyzer/12.0/admin/datacollector/permissionmatrix.md +++ b/docs/accessanalyzer/12.0/admin/datacollector/permissionmatrix.md @@ -52,7 +52,7 @@ license features. The following table provides a quick reference for each data c | Services | The Services Data Collector enumerates status and settings from remote services. |
  • RPC
  • WMI
|
  • TCP 135-139
  • Randomly allocated high TCP ports
|
  • Member of the Local Administrators group
| | SharePointAccess (SPAA) _\*requires license_ | The SharePointAccess (SPAA) Data Collector audits access, group membership, and content within a SharePoint on-premises and SharePoint Online environment. The SPAA Data Collector has been preconfigured within the SharePoint Solution. |
  • MS SQL
  • Remote Registry
  • SP CSOM (Web Services via HTTP & HTTPS)
  • SP Server API
  • WCF AUTH via TCP (configurable)
|
  • Ports vary based on the Scan Mode selected and target environment. See the [SharePoint Scan Options](/docs/accessanalyzer/12.0/requirements/sharepoint/scanoptions/scanoptions.md) topic for additional information.
|
  • Permissions vary based on the Scan Mode selected and target environment. See the [SharePoint Support](/docs/accessanalyzer/12.0/requirements/sharepoint/sharepoint/sharepoint.md) topic for additional information.
| | SMARTLog | The SMARTLog Data Collector provides search and extraction of details from Windows Event Logs (online or offline) and Microsoft Exchange Internet Information Server (IIS) logs. |
  • Log
  • Remote Event
  • RPC
|
  • TCP 135
  • TCP 445
  • Randomly allocated high TCP ports
|
  • Member of the Domain Administrators group (if targeting domain controllers)
  • Member of the local Administrators group
| -| SQL _\*requires license_ | The SQL Data Collector provides information on database configuration, permissions, data extraction, application name of the application responsible for activity events, an IP Address or Host name of the client server, and sensitive data reports. This data collector also provides information on Oracle databases including infrastructure and operations. | TCP | For Db2 Target:
  • Specified by Instances table (default is 5000) For MySQL Target:
  • Specified by Instances table (default is 3306) For Oracle Target:
  • Specified by Instances table (default is 1521) For PostgreSQL Target:
  • Specified by Instances table (default is 5432) For SQL Target:
  • Specified by Instances table (default is 1433)
| **For MySQL Target:**
  • Read access to MySQL instance to include all databases contained within each instance
  • Windows Only — Domain Admin or Local Admin privilege
**For Oracle Target:**
  • User with SYSDBA role
  • Local Administrator on the target servers – Only applies to Windows Servers and not on Linux or Unix operating systems
**For PostgreSQL Target:**
  • Read access to all the databases in PostgreSQL cluster or instance
  • Windows Only — Domain Admin or Local Admin privilege
**For Redshift Target:**
  • Read-access to the following tables:
  • pg_tables
  • pg_user
**For SQL Target:**
For Instance Discovery, local rights on the target SQL Servers:
  • Local group membership to Remote Management Users
  • Permissions on the following WMI NameSpaces: `root\Microsoft\SQLServer, root\interop`
For permissions for data collection:
  • Read access to SQL instance
  • Requires SQL Full-Text and Semantic Extractions for Search feature to be installed on the target SQL instance(s) when using the **Scan full rows for sensitive data** option on the Options wizard page
  • Grant Authenticate Server to [DOMAIN\USER]
  • Grant Connect SQL to [DOMAIN\USER]
  • Grant View any database to [DOMAIN\USER]
  • Grant View any definition to [DOMAIN\USER]
  • Grant View server state to [DOMAIN\USER]
  • Grant Control Server to [DOMAIN\USER] (specifically required for the Weak Passwords Job)
| +| SQL _\*requires license_ | The SQL Data Collector provides information on database configuration, permissions, data extraction, application name of the application responsible for activity events, an IP Address or Host name of the client server, and sensitive data reports. This data collector also provides information on Oracle databases including infrastructure and operations. | TCP | For Db2 Target:
  • Specified by Instances table (default is 5000)
For MySQL Target:
  • Specified by Instances table (default is 3306)
For Oracle Target:
  • Specified by Instances table (default is 1521)
For PostgreSQL Target:
  • Specified by Instances table (default is 5432)
For SQL Target:
  • Specified by Instances table (default is 1433)
| **For MySQL Target:**
  • Read access to MySQL instance to include all databases contained within each instance
  • Windows Only — Domain Admin or Local Admin privilege
**For Oracle Target:**
  • User with SYSDBA role
  • Local Administrator on the target servers – Only applies to Windows Servers and not on Linux or Unix operating systems
**For PostgreSQL Target:**
  • Read access to all the databases in PostgreSQL cluster or instance
  • Windows Only — Domain Admin or Local Admin privilege
**For Redshift Target:**
  • Read-access to the following tables:
  • pg_tables
  • pg_user
**For SQL Target:**
For Instance Discovery, local rights on the target SQL Servers:
  • Local group membership to Remote Management Users
  • Permissions on the following WMI NameSpaces: `root\Microsoft\SQLServer, root\interop`
For permissions for data collection:
  • Read access to SQL instance
  • Requires SQL Full-Text and Semantic Extractions for Search feature to be installed on the target SQL instance(s) when using the **Scan full rows for sensitive data** option on the Options wizard page
  • Grant Authenticate Server to [DOMAIN\USER]
  • Grant Connect SQL to [DOMAIN\USER]
  • Grant View any database to [DOMAIN\USER]
  • Grant View any definition to [DOMAIN\USER]
  • Grant View server state to [DOMAIN\USER]
  • Grant Control Server to [DOMAIN\USER] (specifically required for the Weak Passwords Job)
| | SystemInfo | The SystemInfo Data Collector extracts information from the target system based on the selected category. |
  • Remote Registry
  • RPC
  • WMI
|
  • TCP 135-139
  • Randomly allocated high TCP ports
|
  • Member of the Local Administrators group
| | TextSearch | The TextSearch Data Collector enables searches through text based log files. |
  • RPC
|
  • TCP 135-139
  • Randomly allocated high TCP ports
|
  • Member of the Local Administrators group
| | Unix _\*requires license_ | The Unix Data collector provides host inventory, software inventory, and logical volume inventory on UNIX & Linux platforms. |
  • SSH
|
  • TCP 22
  • User configurable
|
  • Root permissions in Unix/Linux
| diff --git a/docs/accessanalyzer/12.0/admin/datacollector/spaa/droptables.md b/docs/accessanalyzer/12.0/admin/datacollector/spaa/droptables.md index bd81dbd830..b06f04b185 100644 --- a/docs/accessanalyzer/12.0/admin/datacollector/spaa/droptables.md +++ b/docs/accessanalyzer/12.0/admin/datacollector/spaa/droptables.md @@ -28,13 +28,13 @@ Applying these analysis tasks will result in the deletion of collected data. The default analysis tasks are: -- 1. Drop SPAA functions – Removes all functions and views from previous runs of the SharePoint +- **1. Drop SPAA functions** – Removes all functions and views from previous runs of the SharePoint Solution -- 2. Drop SPAC imports – Drops the SharePoint Activity Auditing tables imported from the previous +- **2. Drop SPAC imports** – Drops the SharePoint Activity Auditing tables imported from the previous runs -- 3. Drop SPDLP Tables – Drops the SharePoint Sensitive Data Discovery Auditing (SEEK) tables +- **3. Drop SPDLP Tables** – Drops the SharePoint Sensitive Data Discovery Auditing (SEEK) tables imported from the previous runs -- 4. Drop SPAA Tables – Drops the SharePoint Access Auditing tables imported from the previous +- **4. Drop SPAA Tables** – Drops the SharePoint Access Auditing tables imported from the previous runs Do not try to run these tasks separately, as they are designed to work together. Follow these steps diff --git a/docs/accessanalyzer/12.0/admin/jobs/instantjobs/ad_passwordexpirationnotification.md b/docs/accessanalyzer/12.0/admin/jobs/instantjobs/ad_passwordexpirationnotification.md index c0a8c2189d..f9a4fd5a31 100644 --- a/docs/accessanalyzer/12.0/admin/jobs/instantjobs/ad_passwordexpirationnotification.md +++ b/docs/accessanalyzer/12.0/admin/jobs/instantjobs/ad_passwordexpirationnotification.md @@ -35,7 +35,7 @@ action task). Navigate to the **Jobs** > **AD_PasswordExpirationNotification** > **Configure** node and select **Analysis** to view the analysis tasks. -![Default Analysis Tasks for the Job](/img/product_docs/accessanalyzer/12.0/admin/jobs/instantjobs/analysistasks.webp) +![Default Analysis Tasks for the Job](/img/product_docs/accessanalyzer/12.0/admin/jobs/instantjobs/analysistasks_2.webp) The default analysis tasks are: @@ -69,7 +69,7 @@ This action is enabled by default. ::: -![Default Action Tasks for the Job](/img/product_docs/accessanalyzer/12.0/admin/jobs/instantjobs/actiontasks.webp) +![Default Action Tasks for the Job](/img/product_docs/accessanalyzer/12.0/admin/jobs/instantjobs/actiontasks_1.webp) The default actions are: diff --git a/docs/accessanalyzer/12.0/admin/jobs/instantjobs/fs_defend_sdd.md b/docs/accessanalyzer/12.0/admin/jobs/instantjobs/fs_defend_sdd.md index 935ca62e95..8f0f4a303f 100644 --- a/docs/accessanalyzer/12.0/admin/jobs/instantjobs/fs_defend_sdd.md +++ b/docs/accessanalyzer/12.0/admin/jobs/instantjobs/fs_defend_sdd.md @@ -54,7 +54,7 @@ Request Action Module to send the data to Threat Manager. Navigate to the **Jobs** > **FS_DEFEND_SDD** > **Configure** node and select **Analysis** to view the analysis tasks. -![Default Analysis tasks for the job](/img/product_docs/accessanalyzer/12.0/admin/jobs/instantjobs/analysistasks.webp) +![Default Analysis tasks for the job](/img/product_docs/accessanalyzer/12.0/admin/jobs/instantjobs/analysistasks_1.webp) The default analysis tasks are: diff --git a/docs/accessanalyzer/12.0/admin/jobs/instantjobs/sas_executionstatistics.md b/docs/accessanalyzer/12.0/admin/jobs/instantjobs/sas_executionstatistics.md index 44d0a13616..bac9843f99 100644 --- a/docs/accessanalyzer/12.0/admin/jobs/instantjobs/sas_executionstatistics.md +++ b/docs/accessanalyzer/12.0/admin/jobs/instantjobs/sas_executionstatistics.md @@ -44,7 +44,7 @@ preconfigured for this job. ::: -![Default Analysis tasks for the job](/img/product_docs/accessanalyzer/12.0/admin/jobs/instantjobs/analysistasks.webp) +![Default Analysis tasks for the job](/img/product_docs/accessanalyzer/12.0/admin/jobs/instantjobs/analysistasks_3.webp) The default analysis tasks are: diff --git a/docs/accessanalyzer/12.0/admin/jobs/instantjobs/sp_removehost.md b/docs/accessanalyzer/12.0/admin/jobs/instantjobs/sp_removehost.md index f242df8b59..47d0a2f9d3 100644 --- a/docs/accessanalyzer/12.0/admin/jobs/instantjobs/sp_removehost.md +++ b/docs/accessanalyzer/12.0/admin/jobs/instantjobs/sp_removehost.md @@ -35,7 +35,7 @@ preconfigured for this job. ::: -![Default Analysis tasks for the job](/img/product_docs/accessanalyzer/12.0/admin/jobs/instantjobs/analysistasks.webp) +![Default Analysis tasks for the job](/img/product_docs/accessanalyzer/12.0/admin/jobs/instantjobs/analysistasks_1.webp) The default analysis tasks are: diff --git a/docs/accessanalyzer/12.0/solutions/exchange/casmetrics/ex_owatraffic.md b/docs/accessanalyzer/12.0/solutions/exchange/casmetrics/ex_owatraffic.md index 947d0be8ef..2006285ee2 100644 --- a/docs/accessanalyzer/12.0/solutions/exchange/casmetrics/ex_owatraffic.md +++ b/docs/accessanalyzer/12.0/solutions/exchange/casmetrics/ex_owatraffic.md @@ -51,7 +51,7 @@ troubleshooting and cleanup only. Data will be deleted from the database. ::: -- 0. Deletes all History - LEAVE UNCHECKED – Clears all historical data +- **0. Deletes all History - LEAVE UNCHECKED** – Clears all historical data - See the [Troubleshooting Data Collection](/docs/accessanalyzer/12.0/solutions/exchange/hubmetrics/collection/ex_metricscollection.md#troubleshooting-data-collection) topic for additional information diff --git a/docs/accessanalyzer/12.0/solutions/exchange/casmetrics/ex_rpctraffic.md b/docs/accessanalyzer/12.0/solutions/exchange/casmetrics/ex_rpctraffic.md index 21aec056c7..dd62c48708 100644 --- a/docs/accessanalyzer/12.0/solutions/exchange/casmetrics/ex_rpctraffic.md +++ b/docs/accessanalyzer/12.0/solutions/exchange/casmetrics/ex_rpctraffic.md @@ -52,7 +52,7 @@ troubleshooting and cleanup only. Data will be deleted from the database. ::: -- 0. Delete all History - LEAVE UNCHECKED – Clears all historical data +- **0. Delete all History - LEAVE UNCHECKED** – Clears all historical data - See the [Troubleshooting Data Collection](/docs/accessanalyzer/12.0/solutions/exchange/hubmetrics/collection/ex_metricscollection.md#troubleshooting-data-collection) diff --git a/docs/accessinformationcenter/11.6/accessrequests/interface/cancel.md b/docs/accessinformationcenter/11.6/accessrequests/interface/cancel.md index b64ced32f0..028df03c64 100644 --- a/docs/accessinformationcenter/11.6/accessrequests/interface/cancel.md +++ b/docs/accessinformationcenter/11.6/accessrequests/interface/cancel.md @@ -14,7 +14,7 @@ of the Access Requests interface. It contains one page: -- 1. Add Notes — Allows Request Administrator to enter a note explaining why the request is being +- **1. Add Notes** — Allows Request Administrator to enter a note explaining why the request is being canceled See the [Cancel an Access Request](#cancel-an-access-request) topic for additional information. diff --git a/docs/accessinformationcenter/11.6/accessrequests/interface/changes.md b/docs/accessinformationcenter/11.6/accessrequests/interface/changes.md index bbb87a9154..cceae0d781 100644 --- a/docs/accessinformationcenter/11.6/accessrequests/interface/changes.md +++ b/docs/accessinformationcenter/11.6/accessrequests/interface/changes.md @@ -25,9 +25,12 @@ The table displays the following information for selected trustee: - Update Type – Indicates if group membership was added or removed to process the change - Member Name – sAMAccountName associated with the domain user whose membership was being changed -**NOTE:** The table data grid functions the same way as other Access Information Center table grids. +:::note +The table data grid functions the same way as other Access Information Center table grids. See the [Data Grid Features](/docs/accessinformationcenter/11.6/admin/navigate/datagrid.md) topic for additional information. +::: + Click **OK** to close the window. diff --git a/docs/accessinformationcenter/11.6/accessrequests/overview.md b/docs/accessinformationcenter/11.6/accessrequests/overview.md index 85c94623a5..8c4280a654 100644 --- a/docs/accessinformationcenter/11.6/accessrequests/overview.md +++ b/docs/accessinformationcenter/11.6/accessrequests/overview.md @@ -18,15 +18,21 @@ folders, SharePoint sites, Active Directory (AD) groups, AD distribution lists, Administrators groups.All data available within the Access Information Center is collected by Netwrix Enterprise Auditor according to the targeted environments. -_Remember,_ owners are assigned to resources in the Resource Owners interface. Only resources with +:::tip +Remember, owners are assigned to resources in the Resource Owners interface. Only resources with assigned owners can be included in the Self-Service Access Requests workflow. These resources must also have the Allow access requests option selected. +::: -**_RECOMMENDED:_** When deploying the Access Information Center in an organization to enable + +:::info +When deploying the Access Information Center in an organization to enable Self-Service Access Requests, notifications should be sent to assigned owners as well as domain users. See the [Owner Confirmation Request Email](/docs/accessinformationcenter/11.6/owneroverview/confirmationrequest.md) topic for additional information. +::: + The Your Access portal provides domain users with the ability to view current access to managed resources, request access to resources, and view the request status for pending and processed @@ -40,12 +46,12 @@ to the Your Access portal at login. See the [Your Access Portal Overview](/docs/accessinformationcenter/11.6/youraccessportal/overview.md) topic for additional information. -Who Can Manage Self-Service Access Requests (Request Administrators)? +**Who Can Manage Self-Service Access Requests (Request Administrators)?** - Access Information Center Administrators - Access Information Center Security Team Members -Who Participates in Self-Service Access Requests? +**Who Participates in Self-Service Access Requests?** - Domain Users — Submit requests for access to resources or membership in groups - Owners — Approve or deny access requests @@ -64,11 +70,14 @@ Prerequisites: [Notifications Page](/docs/accessinformationcenter/11.6/admin/configuration/notifications.md) topic for additional information. - **NOTE:** By default, the Access Information Center is configured to send notifications only to + :::note + By default, the Access Information Center is configured to send notifications only to the primary owner. However, this can be customized to send notifications to all assigned owners. See the [Notifications Page](/docs/accessinformationcenter/11.6/admin/configuration/notifications.md) topic for additional information. + ::: + - Access Information Center configured to commit AD changes - Resources and groups must be known to the Access Information Center, having been audited by diff --git a/docs/accessinformationcenter/11.6/admin/additionalconfig/aliasserver.md b/docs/accessinformationcenter/11.6/admin/additionalconfig/aliasserver.md index 27ab214b9d..7b6bded5a0 100644 --- a/docs/accessinformationcenter/11.6/admin/additionalconfig/aliasserver.md +++ b/docs/accessinformationcenter/11.6/admin/additionalconfig/aliasserver.md @@ -17,7 +17,7 @@ The Response Server Host Name parameter can be modified in the `AccessInformationCenter.Service.exe.config` file, which is located in the Access Information Center installation directory: -…\STEALTHbits\Access Information Center +**…\STEALTHbits\Access Information Center** Follow the steps to supply an alias server host name for notification hyperlinks. diff --git a/docs/accessinformationcenter/11.6/admin/additionalconfig/commitchanges.md b/docs/accessinformationcenter/11.6/admin/additionalconfig/commitchanges.md index a7c3646b8a..5570039f76 100644 --- a/docs/accessinformationcenter/11.6/admin/additionalconfig/commitchanges.md +++ b/docs/accessinformationcenter/11.6/admin/additionalconfig/commitchanges.md @@ -24,12 +24,15 @@ of the following access levels to a specific resource: Read, Modify, or Full Con [Access Groups](/docs/accessinformationcenter/11.6/resourceowners/accessgroups.md) topic for additional information. -**NOTE:** The Access Information Center can only commit group membership changes to domains it has +:::note +The Access Information Center can only commit group membership changes to domains it has access to, that is the domain where it resides or domains with a trust that are known to it. Also, the Active Directory service account must have the required permissions for all applicable domains. See the [Multiple Domains](/docs/accessinformationcenter/11.6/admin/configuration/activedirectory.md#multiple-domains) topic for additional information. +::: + ## Best Practice for Least Privilege @@ -50,8 +53,11 @@ two options for assigning the Active Directory service account: [Active Directory Page](/docs/accessinformationcenter/11.6/admin/configuration/activedirectory.md) topic for additional information. -**_RECOMMENDED:_** The best practice is to create at least two OUs for ease of organization: a +:::info +The best practice is to create at least two OUs for ease of organization: a security group OU and a distribution list group OU. +::: + **Step 3 –** Apply delegation to these OUs to grant the minimal rights of **Allow Read Members** and **Allow Write Members** to the Active Directory service account. diff --git a/docs/accessinformationcenter/11.6/admin/additionalconfig/emailtemplates.md b/docs/accessinformationcenter/11.6/admin/additionalconfig/emailtemplates.md index 15df43e2cd..2a24920c85 100644 --- a/docs/accessinformationcenter/11.6/admin/additionalconfig/emailtemplates.md +++ b/docs/accessinformationcenter/11.6/admin/additionalconfig/emailtemplates.md @@ -32,47 +32,54 @@ Substitution Tokens are only valid for certain Notification message templates. B the Substitution Tokens, the value or string they represent, and the message templates in which they may be used. -| Substitution Token | Description | Applicable Template(s) | -| --------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------- | -| @AccessName@ | Descriptive name of the type of access being requested (Read, Modify, etc.) to a resource | AccessRequestConfirm AccessRequestExpired AccessRequestStatus | -| @Changes@ | Number of review changes | EntitlementReviewUpdates | -| @LoginUrl@ | URL that allows a user to access the default (login) page | AccessRequestConfirm AccessRequestReminder OwnershipChangeNotification ReminderDigest | -| @RequestCount@ | Numerically formatted count of pending access requests | ReminderDigest | -| @ResourceDescription@ | Description of resource - To use the resource's description in emails instead of the path, replace @ResourcePath@ with @ResourceDescription@ | AccessRequestConfirm AccessRequestStatus OwnershipConfirm ReminderDigest | -| @ResourcePath@ | Path of the current resource - To use the resources’ description in emails instead of the path, replace @ResourcePath@ with @ResourceDescription@ | AccessRequestConfirm AccessRequestExpired AccessRequestStatus EntitlementReviewUpdates OwnershipConfirm ReminderDigest | -| @ResourceType@ | Type of resource | AccessRequestConfirm AccessRequestExpired AccessRequestStatus EntitlementReviewUpdates OwnershipConfirm ReminderDigest | -| @ResourceUrl@ | URL specifically created to respond to a request | AccessRequestConfirm EntitlementReviewReminder OwnershipConfirm | -| @ResponseCount@ | Numerically formatted count of pending reviews or access requests | AccessRequestReminder ReminderDigest | -| @ReviewCount@ | Numerically formatted count of pending reviews | ReminderDigest | -| @ReviewName@ | Name of the resource review | EntitlementReviewUpdates | -| @ReviewType@ | Type of resource review | EntitlementReviewUpdates | -| @StatusText@ | Status of an access request (Confirmed, Declined, Waiting) | AccessRequestStatus | -| @UserName@ | Name of the user who submitted the access request | AccessRequestConfirm AccessRequestStatus EntitlementReviewUpdates | -| @UserNotes@ | Any notes the user submitted as part of the access request | AccessRequestConfirm AccessRequestStatus | +| Substitution Token | Description | Applicable Template(s) | +| --------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------- | +| @AccessName@ | Descriptive name of the type of access being requested (Read, Modify, etc.) to a resource | AccessRequestConfirm
AccessRequestExpired
AccessRequestStatus | +| @Changes@ | Number of review changes | EntitlementReviewUpdates | +| @LoginUrl@ | URL that allows a user to access the default (login) page | AccessRequestConfirm
AccessRequestReminder
OwnershipChangeNotification
ReminderDigest | +| @RequestCount@ | Numerically formatted count of pending access requests | ReminderDigest | +| @ResourceDescription@ | Description of resource
  • To use the resource's description in emails instead of the path, replace @ResourcePath@ with @ResourceDescription@
| AccessRequestConfirm
AccessRequestStatus
OwnershipConfirm
ReminderDigest | +| @ResourcePath@ | Path of the current resource
  • To use the resources’ description in emails instead of the path, replace @ResourcePath@ with @ResourceDescription@
| AccessRequestConfirm
AccessRequestExpired
AccessRequestStatus
EntitlementReviewUpdates
OwnershipConfirm
ReminderDigest | +| @ResourceType@ | Type of resource | AccessRequestConfirm
AccessRequestExpired
AccessRequestStatus
EntitlementReviewUpdates
OwnershipConfirm
ReminderDigest | +| @ResourceUrl@ | URL specifically created to respond to a request | AccessRequestConfirm
EntitlementReviewReminder
OwnershipConfirm | +| @ResponseCount@ | Numerically formatted count of pending reviews or access requests | AccessRequestReminder
ReminderDigest | +| @ReviewCount@ | Numerically formatted count of pending reviews | ReminderDigest | +| @ReviewName@ | Name of the resource review | EntitlementReviewUpdates | +| @ReviewType@ | Type of resource review | EntitlementReviewUpdates | +| @StatusText@ | Status of an access request (Confirmed, Declined, Waiting) | AccessRequestStatus | +| @UserName@ | Name of the user who submitted the access request | AccessRequestConfirm
AccessRequestStatus
EntitlementReviewUpdates | +| @UserNotes@ | Any notes the user submitted as part of the access request | AccessRequestConfirm
AccessRequestStatus | + ## Customize Email Templates Email templates are shipped in a ZIP file and stored in the Access Information Center installation directory: -…\STEALTHbits\Access Information Center +**…\STEALTHbits\Access Information Center** Follow the steps to customize the email templates. -**NOTE:** To successfully modify these Notifications email templates, a familiarity with basic HTML +:::note +To successfully modify these Notifications email templates, a familiarity with basic HTML is necessary. +::: + ![Templates Zip file in the Installation Directory](/img/product_docs/accessinformationcenter/11.6/admin/additionalconfig/emailtemplateszipfile.webp) **Step 1 –** Navigate to the Access Information Center installation directory: -…\STEALTHbits\Access Information Center +**…\STEALTHbits\Access Information Center** **Step 2 –** Unzip the `Templates.zip` file and save the contents to a folder within this directory named `Templates`. -**CAUTION:** The customized email templates must be in the `Templates` folder within the +:::warning +The customized email templates must be in the `Templates` folder within the installation directory to be preserved during future application upgrades. +::: + ![Unzipped Email Templates in Templates Folder](/img/product_docs/accessinformationcenter/11.6/admin/additionalconfig/emailtemplatesunzipped.webp) @@ -80,8 +87,11 @@ installation directory to be preserved during future application upgrades. **Step 4 –** Open the file with a text editor, e.g. Notepad, and customize the email body. -**NOTE:** Using a tool other than a text editor to edit HTML files, such as a WYSIWYG web page +:::note +Using a tool other than a text editor to edit HTML files, such as a WYSIWYG web page editor which may drastically alter the underlying HTML code, is not supported. +::: + **Step 5 –** Email subject lines can be edited by changing the text between the opening `` tag and the closing `` tag. diff --git a/docs/accessinformationcenter/11.6/admin/additionalconfig/entraidsso.md b/docs/accessinformationcenter/11.6/admin/additionalconfig/entraidsso.md index 581a4afbef..2492d179ce 100644 --- a/docs/accessinformationcenter/11.6/admin/additionalconfig/entraidsso.md +++ b/docs/accessinformationcenter/11.6/admin/additionalconfig/entraidsso.md @@ -10,8 +10,11 @@ The Access Information Center can be configured to use Microsoft Entra ID Single configured, users are directed to the Microsoft Entra ID login page, and can log in using their existing Entra credentials. -**NOTE:** If enabled, only Microsoft Entra ID SSO can be used for logging in. Other accounts, +:::note +If enabled, only Microsoft Entra ID SSO can be used for logging in. Other accounts, including the default administrator account, cannot be used. +::: + The following is required to use Microsoft Entra ID SSO: @@ -81,15 +84,18 @@ Microsoft Entra ID SSO in the Access Information Center config file. To enable Microsoft Entra ID SSO for the Access Information Center, the config file needs to be updated with values from Microsoft Entra ID. Follow the steps to enable the SSO. -_Remember,_ Enabling Entra ID SSO requires SSL to be enabled. If this was not done during the +:::tip +Remember, Enabling Entra ID SSO requires SSL to be enabled. If this was not done during the installation, then you must manually configure it. See the [Securing the Access Information Center](/docs/accessinformationcenter/11.6/installation/secure.md) topic for additional information. +::: + **Step 1 –** Open the `AccessInformationCenter.Service.exe.config` file in a text editor, such as Notepad. The file is located in the Access Information Center installation directory: -…\Program Files\STEALTHbits\Access Information Center +**…\Program Files\STEALTHbits\Access Information Center** ![Parameters in the config file](/img/product_docs/accessinformationcenter/11.6/admin/additionalconfig/configfileentrasso.webp) @@ -103,9 +109,12 @@ as follows:      ``` -**NOTE:** For new installations of the Access Information Center these parameters are already in the +:::note +For new installations of the Access Information Center these parameters are already in the config file. If you have upgraded from a previous version, then you need to manually add them as the config file is retained during an upgrade to maintain the existing settings. +::: + **Step 3 –** Add the required values for the parameters from your Microsoft Entra ID application: diff --git a/docs/accessinformationcenter/11.6/admin/additionalconfig/recommendations.md b/docs/accessinformationcenter/11.6/admin/additionalconfig/recommendations.md index 532163c80b..153efdedb5 100644 --- a/docs/accessinformationcenter/11.6/admin/additionalconfig/recommendations.md +++ b/docs/accessinformationcenter/11.6/admin/additionalconfig/recommendations.md @@ -12,7 +12,7 @@ data). By default, these recommendations are based on a 90-day sample of activit configuration can be changed by editing the `AccessInformationCenter.Service.exe.config` file in the Access Information Center installation directory: -…\STEALTHbits\Access Information Center +**…\STEALTHbits\Access Information Center** Follow the steps to modify the activity days parameter. diff --git a/docs/accessinformationcenter/11.6/admin/additionalconfig/timeoutparameter.md b/docs/accessinformationcenter/11.6/admin/additionalconfig/timeoutparameter.md index 33c7831e2f..c93eb45cb2 100644 --- a/docs/accessinformationcenter/11.6/admin/additionalconfig/timeoutparameter.md +++ b/docs/accessinformationcenter/11.6/admin/additionalconfig/timeoutparameter.md @@ -9,16 +9,19 @@ sidebar_position: 50 A user session will end when the timeout parameter for inactivity has been reached, and the user will be logged out. By default this is set to 15 minutes. -**NOTE:** When accessing the Access Information Center through the Web Console, its timeout +:::note +When accessing the Access Information Center through the Web Console, its timeout parameter value takes precedence over the Access Information Center timeout parameter value. See the Timeout Parameter for the Web Console topic of the [Netwrix Enterprise Auditor Documentation](https://helpcenter.netwrix.com/category/accessanalyzer) for instructions on modifying its timeout parameter value. +::: + The timeout parameter is configured within the `AccessInformationCenter.Service.exe.config` file in the Access Information Center installation directory: -…\STEALTHbits\Access Information Center +**…\STEALTHbits\Access Information Center** Follow the steps to modify the timeout parameter. diff --git a/docs/accessinformationcenter/11.6/admin/configuration/activedirectory.md b/docs/accessinformationcenter/11.6/admin/configuration/activedirectory.md index 065de3e52e..217b1daba4 100644 --- a/docs/accessinformationcenter/11.6/admin/configuration/activedirectory.md +++ b/docs/accessinformationcenter/11.6/admin/configuration/activedirectory.md @@ -52,8 +52,11 @@ the [Netwrix Enterprise Auditor Documentation](https://helpcenter.netwrix.com/category/accessanalyzer) for additional information. -**NOTE:** All domains enabled to access the Access Information Center must also have data collected +:::note +All domains enabled to access the Access Information Center must also have data collected by the **.Active Directory Inventory** solution of Enterprise Auditor. +::: + ## Commit Group Membership changes @@ -68,7 +71,10 @@ Directory service account to commit group membership changes. See the topic for additional information on provisioning the Active Directory service account and best practices for group and resource management through the Access Information Center -_Remember,_ click **Save** when any changes are made to this page. +:::tip +Remember, click **Save** when any changes are made to this page. +::: + ## Update the Active Directory Service Account Password diff --git a/docs/accessinformationcenter/11.6/admin/configuration/consoleaccess.md b/docs/accessinformationcenter/11.6/admin/configuration/consoleaccess.md index 50d67f5c7d..8ba83b6b43 100644 --- a/docs/accessinformationcenter/11.6/admin/configuration/consoleaccess.md +++ b/docs/accessinformationcenter/11.6/admin/configuration/consoleaccess.md @@ -27,9 +27,12 @@ There are five levels of access, or Roles, which can be granted to domain users access to any other interface within the Access Information Center. This role also does not have rights to modify the Builtin Administrator account or their own access. -**NOTE:** If Netwrix Enterprise Auditor is storing discovered sensitive data, the Sensitive Data +:::note +If Netwrix Enterprise Auditor is storing discovered sensitive data, the Sensitive Data reports will only display the sensitive data matches for users with the Security Team and Administrator roles. +::: + A user granted either the Reader or Security Team role can also be further restricted to accessing information for either: @@ -37,12 +40,15 @@ information for either: - Specific resource types (File System, SharePoint, or Active Directory) - Specific servers -**CAUTION:** Before disabling the Builtin Administrator account, it is necessary to first assign at +:::warning +Before disabling the Builtin Administrator account, it is necessary to first assign at least one domain user account to the Administrator role. Login with another Administrator account to disable the Builtin Administrator. Failure to do this could result in being locked-out of the Configuration interface. As an alternative to disabling this account, the password can be changed. See the [Modify the Builtin Administrator Account](#modify-the-builtin-administrator-account) topic for additional information. +::: + Once users have been granted console access, they can login with their domain credentials. Console access is not a requirement for participation as owners or domain users in the Resource Reviews and @@ -103,10 +109,13 @@ additional information. Follow the steps to modify a user’s console access. -**NOTE:** These steps are for modifying domain users with console access roles and do not apply to +:::note +These steps are for modifying domain users with console access roles and do not apply to the Builtin Administrator account. See the [Modify the Builtin Administrator Account](#modify-the-builtin-administrator-account) topic for additional information. +::: + **Step 1 –** In the Configuration interface on the Console Access page, select the user to be modified and click Modify. The Console Access wizard opens to the Select Access page. @@ -134,9 +143,12 @@ Any modifications to the user’s role are visible in the list on the Console Ac ## Delete Console Users -**CAUTION:** Confirmation is not requested when deleting users. An alternative to deleting a console +:::warning +Confirmation is not requested when deleting users. An alternative to deleting a console user is to disable their access. See the [Modify Console Users](#modify-console-users) topic for additional information. +::: + Follow the steps to remove a user’s configured console access. @@ -153,7 +165,7 @@ The user is removed from the list on the Console Access page. The Builtin Administrator account can be disabled or its password can be changed. Follow the steps to modify this account. -![modifybuiltinadministrator](/img/product_docs/auditor/10.6/access/reviews/admin/configuration/modifybuiltinadministrator.webp) +![modifybuiltinadministrator](/img/product_docs/accessinformationcenter/11.6/admin/configuration/modifybuiltinadministrator.webp) **Step 1 –** In the Configuration interface on the Console Access page, select the Builtin Administrator account and click **Modify**. The Builtin Administrator window opens. @@ -167,7 +179,10 @@ Administrator account and click **Modify**. The Builtin Administrator window ope The modifications to the Builtin Administrator are processed. -**NOTE:** The new password is encrypted in the `AccessInformationCenter.Service.exe.config` file, in +:::note +The new password is encrypted in the `AccessInformationCenter.Service.exe.config` file, in the `AuthBuiltinAdminPassword` parameter. If you forget the Admin password, you can clear the `AuthBuiltinAdminPassword` value in the `AccessInformationCenter.Service.exe.config` file. Then use the default first launch login credentials to set a new password. + +::: diff --git a/docs/accessinformationcenter/11.6/admin/configuration/database.md b/docs/accessinformationcenter/11.6/admin/configuration/database.md index 7e87944be7..db2b45d3a2 100644 --- a/docs/accessinformationcenter/11.6/admin/configuration/database.md +++ b/docs/accessinformationcenter/11.6/admin/configuration/database.md @@ -47,7 +47,10 @@ Database service account information: - Use the following SQL account – Uses SQL Authentication to the database. Provide the properly provisioned SQL credentials for the database -_Remember,_ click **Save** when any changes are made to this page. +:::tip +Remember, click **Save** when any changes are made to this page. +::: + ## Update the Database Service Account Password diff --git a/docs/accessinformationcenter/11.6/admin/configuration/license.md b/docs/accessinformationcenter/11.6/admin/configuration/license.md index d3ddef9e77..328895f8f8 100644 --- a/docs/accessinformationcenter/11.6/admin/configuration/license.md +++ b/docs/accessinformationcenter/11.6/admin/configuration/license.md @@ -44,8 +44,11 @@ third-party data into reports. Follow the steps to update the license key. -**NOTE:** The LIC file must be named to `StealthAUDIT.lic`. If it has another name, rename it before +:::note +The LIC file must be named to `StealthAUDIT.lic`. If it has another name, rename it before completing the steps. +::: + ![Configuration interface showing the License page with unlicensed features](/img/product_docs/accessinformationcenter/11.6/admin/configuration/licenseunlicensedfeatures.webp) diff --git a/docs/accessinformationcenter/11.6/admin/configuration/notifications.md b/docs/accessinformationcenter/11.6/admin/configuration/notifications.md index 8655fc9e0a..fe7fefd11b 100644 --- a/docs/accessinformationcenter/11.6/admin/configuration/notifications.md +++ b/docs/accessinformationcenter/11.6/admin/configuration/notifications.md @@ -66,12 +66,12 @@ email/messaging administrator who will know the proper value for the SMTP port. - Select this radio button to specify either domain account or a traditional SMTP account and password to authenticate to the SMTP server. -![Test Settings window](/img/product_docs/auditor/10.6/access/reviews/admin/configuration/notificationstestsettings.webp) +![Test Settings window](/img/product_docs/accessinformationcenter/11.6/admin/configuration/notificationstestsettings.webp) **Step 5 –** Click **Test Settings** to ensure a connection to the SMTP server. The Test Settings window opens. Enter a valid email address and click **OK**. -![Testing your settings window](/img/product_docs/auditor/10.6/access/reviews/admin/configuration/notificationstestconfirm.webp) +![Testing your settings window](/img/product_docs/accessinformationcenter/11.6/admin/configuration/notificationstestconfirm.webp) **Step 6 –** If the SMTP settings are configured correctly, you receive a successful message. Click **OK** to close the Testing your settings window. The test recipient should have recieved a test @@ -79,8 +79,11 @@ email. **Step 7 –** Click **Save**. Then click **OK** to confirm. -**NOTE:** After the settings are saved, a re-authentication is required to continue using the Access +:::note +After the settings are saved, a re-authentication is required to continue using the Access Information Center. +::: + The Access Information Center is now configured to send email. See the following topics for additional Notification options. @@ -106,8 +109,11 @@ populated: - This option is part of the Resources Reviews and Self-Service Access Requests workflows. -_Remember,_ click **Save** after making modifications to the Notification settings. After the +:::tip +Remember, click **Save** after making modifications to the Notification settings. After the settings are saved, a re-authentication is required to continue using the Access Information Center. +::: + ## Reminders @@ -115,7 +121,7 @@ Resource Owners receive notification email when there are new pending tasks asso resources. You can also set up automated weekly reminders for outstanding pending tasks. Follow the steps to configure weekly reminders to resource owners. -![Notifications page showing the Reminders section](/img/product_docs/auditor/10.6/access/reviews/admin/configuration/notificationsreminders.webp) +![Notifications page showing the Reminders section](/img/product_docs/accessinformationcenter/11.6/admin/configuration/notificationsreminders.webp) **Step 1 –** In the Configuration interface, select the Notifications page and scroll down to the Reminders section. diff --git a/docs/accessinformationcenter/11.6/admin/gettingstarted.md b/docs/accessinformationcenter/11.6/admin/gettingstarted.md index 074de290fb..dac8f020a8 100644 --- a/docs/accessinformationcenter/11.6/admin/gettingstarted.md +++ b/docs/accessinformationcenter/11.6/admin/gettingstarted.md @@ -39,7 +39,10 @@ Next, configure the Access Information Center for your environment: Access Information Center users granted one of the available roles should be notified. -**_RECOMMENDED:_** The notification should include: +:::info +The notification should include: +::: + - Why your organization is using the Access Information Center - What they will be doing in the Access Information Center @@ -97,7 +100,10 @@ workflow consists of: - Owner Performs Review — Owners process the review, potentially recommending changes - Review Administrator Approval — Review and process owner recommended changes -**_RECOMMENDED:_** Set expectations for response time from owners. +:::info +Set expectations for response time from owners. +::: + Reviews can be run multiple times, maintaining a historical record for each instance. See the [Resource Reviews Overview](/docs/accessinformationcenter/11.6/resourcereviews/overview.md) diff --git a/docs/accessinformationcenter/11.6/admin/login/login.md b/docs/accessinformationcenter/11.6/admin/login/login.md index dbb0905f79..d2de7249d0 100644 --- a/docs/accessinformationcenter/11.6/admin/login/login.md +++ b/docs/accessinformationcenter/11.6/admin/login/login.md @@ -8,24 +8,24 @@ sidebar_position: 60 The Access Information Center can be accessed through a supported browser from a machine within your company's network. The URL is the hosting machine's name and the -port, http://[HOSTNAME.DOMAIN.COM]:81. For example, if the application was installed on a server +port, `http://[HOSTNAME.DOMAIN.COM]:81`. For example, if the application was installed on a server named NEWYORKSRV10.NWXTech.com with the default port of 81, the URL would be -http://NEWYORKSRV10.NWXTech.com:81. +`http://NEWYORKSRV10.NWXTech.com:81`. -Administrators +**Administrators** Administrators with access to the server hosting the application can use the desktop icon to launch the application in their default browser. Alternatively, the localhost URL can be used: - HTTP URL - - http://localhost:81 + - `http://localhost:81` - HTTPS URL - - https://localhost:481 + - `https://localhost:481` -Enterprise Auditor Web Console +**Enterprise Auditor Web Console** On the server hosting Netwrix Enterprise Auditor, the Published Reports icon can be used to launch the Web Console. This provides access to both Netwrix Enterprise Auditor published reports and the @@ -33,13 +33,13 @@ Access Information Center in a browser with a default port of 8082, which can al Alternatively, the URL can be used: - HTTP URL - - (on hosting server) http://localhost:8082 - - (remote access) http://[HOSTNAME.DOMAIN.COM]:8082 + - (on hosting server) `http://localhost:8082` + - (remote access) `http://[HOSTNAME.DOMAIN.COM]:8082` - HTTPS URL - - (on hosting server) https://localhost:8082 - - (remote access) https://[HOSTNAME.DOMAIN.COM]:8082 + - (on hosting server) `https://localhost:8082` + - (remote access) `https://[HOSTNAME.DOMAIN.COM]:8082` -Remote Access +**Remote Access** Since the Access Information Center is a browser-based application, it is possible to access the web interface remotely. It is up to the Administrator to provide users with the correct URL for access. @@ -59,7 +59,10 @@ Users login with their domain credentials. If only one domain is known to the Ac Center, the credentials need only be username and password. If multiple domains are known to the Access Information Center, then the username needs to be entered in the `domain\username` format. -**NOTE:** The URL may need to be added to the browser’s list of trusted sites. +:::note +The URL may need to be added to the browser’s list of trusted sites. +::: + ![AIC Login page](/img/product_docs/accessinformationcenter/11.6/admin/loginpage.webp) diff --git a/docs/accessinformationcenter/11.6/admin/login/userlanding.md b/docs/accessinformationcenter/11.6/admin/login/userlanding.md index 98f8cb65d0..02631945f9 100644 --- a/docs/accessinformationcenter/11.6/admin/login/userlanding.md +++ b/docs/accessinformationcenter/11.6/admin/login/userlanding.md @@ -8,11 +8,14 @@ sidebar_position: 10 Role based access controls what interfaces users can see and where each user is directed upon login. -**_RECOMMENDED:_** Send an email to your users. Let them know why you are implementing use of the +:::info +Send an email to your users. Let them know why you are implementing use of the application, provide the URL, and explain how to login with their domain credentials and the username format. See the [Enable Console Users](/docs/accessinformationcenter/11.6/admin/gettingstarted.md#enable-console-users) topic for additional information. +::: + ## Administrator Role diff --git a/docs/accessinformationcenter/11.6/admin/navigate/datagrid.md b/docs/accessinformationcenter/11.6/admin/navigate/datagrid.md index 2044a34d7b..2d3c27c372 100644 --- a/docs/accessinformationcenter/11.6/admin/navigate/datagrid.md +++ b/docs/accessinformationcenter/11.6/admin/navigate/datagrid.md @@ -12,7 +12,7 @@ The data grids within various tables have several features to improve your exper There is a Search box above a table's header row that can be used to filter the table data. -![Search box above a table header row](/img/product_docs/auditor/10.6/access/general/tablesearch.webp) +![Search box above a table header row](/img/product_docs/accessinformationcenter/11.6/general/tablesearch.webp) Begin typing in the Search box. The filter acts as a wildcard, filtering the table data as you type. @@ -21,15 +21,18 @@ Begin typing in the Search box. The filter acts as a wildcard, filtering the tab There is a filter icon to the right of each column name that can be used to apply a column specific filter. You can apply filters to multiple columns simultaneously. -![tablecolumnfilter](/img/product_docs/auditor/10.6/access/general/tablecolumnfilter.webp) +![tablecolumnfilter](/img/product_docs/accessinformationcenter/11.6/general/tablecolumnfilter.webp) Click the filter icon for the column you want to filter. Select the values you want to filter for from the list, and click **Apply**. -**NOTE:** Hold the **Shift** key and click the first and last values to select a group of adjacent +:::note +Hold the **Shift** key and click the first and last values to select a group of adjacent values, or hold the **Ctrl** key and click each value to select multiple values individually. +::: -![tablecolumnfilterclear](/img/product_docs/auditor/10.6/access/general/tablecolumnfilterclear.webp) + +![tablecolumnfilterclear](/img/product_docs/accessinformationcenter/11.6/general/tablecolumnfilterclear.webp) The filter icon is highlighted orange for a column where a filter is applied. To clear an applied filter, click the filter icon and click **Clear**. @@ -38,7 +41,7 @@ filter, click the filter icon and click **Clear**. Table column widths can be resized to change the width. -![Table header showing column line to be used to resize the column](/img/product_docs/auditor/10.6/access/general/tableresize.webp) +![Table header showing column line to be used to resize the column](/img/product_docs/accessinformationcenter/11.6/general/tableresize.webp) Simply select the edges of the column headers and drag to the desired width. @@ -46,7 +49,7 @@ Simply select the edges of the column headers and drag to the desired width. Data within a table can be sorted alphanumerically for a column. -![Table column header showing arrow indicating ascending sort](/img/product_docs/auditor/10.6/access/general/tablesort.webp) +![Table column header showing arrow indicating ascending sort](/img/product_docs/accessinformationcenter/11.6/general/tablesort.webp) Click on any column header. An arrow will appear next to the column name indicating the sort to be ascending or descending order. @@ -56,7 +59,7 @@ ascending or descending order. Columns can be hidden or unhidden. Available columns for a table are listed in the column selector menu that appears when you right-click on a column header. -![Column selector menu showing a hidden column](/img/product_docs/auditor/10.6/access/general/tablecolumns.webp) +![Column selector menu showing a hidden column](/img/product_docs/accessinformationcenter/11.6/general/tablecolumns.webp) The column selector menu shows all available columns for the table. Check columns are visible. Unchecked columns are hidden. @@ -66,7 +69,7 @@ Unchecked columns are hidden. There are two export buttons above a table's header row that can be used to export the data currently displayed within the table. -![Export buttons at the top of a table](/img/product_docs/auditor/10.6/access/general/tableexports.webp) +![Export buttons at the top of a table](/img/product_docs/accessinformationcenter/11.6/general/tableexports.webp) - CSV Export – Downloads the data within the table in a CSV file format - Excel Export – Downloads the data within the table in an Excel file format diff --git a/docs/accessinformationcenter/11.6/admin/navigate/editnotes.md b/docs/accessinformationcenter/11.6/admin/navigate/editnotes.md index 5cd061fb3a..9ac4ef14ac 100644 --- a/docs/accessinformationcenter/11.6/admin/navigate/editnotes.md +++ b/docs/accessinformationcenter/11.6/admin/navigate/editnotes.md @@ -11,7 +11,7 @@ note. **Step 1 –** Select the item in the interface and click Edit Notes. The Edit Notes window opens. -![Edit Notes window showing note entry field](/img/product_docs/auditor/10.6/access/general/editnotes.webp) +![Edit Notes window showing note entry field](/img/product_docs/accessinformationcenter/11.6/general/editnotes.webp) **Step 2 –** Type or edit the note in the textbox. diff --git a/docs/accessinformationcenter/11.6/admin/navigate/navigate.md b/docs/accessinformationcenter/11.6/admin/navigate/navigate.md index 5abe863f13..d5ccbd0ea0 100644 --- a/docs/accessinformationcenter/11.6/admin/navigate/navigate.md +++ b/docs/accessinformationcenter/11.6/admin/navigate/navigate.md @@ -15,7 +15,7 @@ The signed in user is displayed in the upper-right corner, along with the **Sign options enabled on the Home page change according to what components are licensed as well as the role assigned to the user. -For Administrator Only +**For Administrator Only** The **Configure Console** link opens the Configuration interface. Configure console access, Active Directory service account, notification settings, database access, and diagnostic logging level. @@ -25,10 +25,13 @@ This interface is available only to users with the Administrator role. See the [Configuration Interface Overview](/docs/accessinformationcenter/11.6/admin/configuration/overview.md) topic for additional information. -**NOTE:** Users with the User Access Administrator role have access only to the Console Access page +:::note +Users with the User Access Administrator role have access only to the Console Access page of the Configuration interface. +::: -For Security Team & Administrator + +**For Security Team & Administrator** The **Resource Owners** button opens the Resource Owners interface. Manage resource ownership by assigning owners to resources and requesting ownership confirmation. Assigned owners can manage @@ -40,8 +43,11 @@ within the Resource Owners interface. In order for Owners to make ad hoc changes Access Information Center must be configured to commit changes in Active Directory. The **Resource Owners** button is associated to the Access Requests and Entitlement Reviews license features. -**_RECOMMENDED:_** Enable notifications when managing resources through the Access Information +:::info +Enable notifications when managing resources through the Access Information Center. +::: + This interface is available only to users with either the Security Team or Administrator role. See the @@ -54,8 +60,11 @@ membership, permissions, and sensitive data. This requires the Access Informatio configured to send notifications. The **Resource Reviews** button is associated to the Entitlement Reviews license feature. -**_RECOMMENDED:_** While not required, enabling the Access Information Center to commit changes in +:::info +While not required, enabling the Access Information Center to commit changes in Active Directory is an optional component of the Resource Reviews workflow. +::: + This interface is available only to users with either the Security Team or Administrator role. See the @@ -74,7 +83,7 @@ the [Access Requests Interface](/docs/accessinformationcenter/11.6/accessrequests/interface/interface.md) topic for additional information. -For Reader, Data Privacy, Security Team, & Administrator +**For Reader, Data Privacy, Security Team, & Administrator** The **Resource Audit** button opens the Resource Audit interface. View reports for resources, users, groups, computers, and sensitive content. Reports are available for resources scanned by Netwrix @@ -90,7 +99,7 @@ sensitive content. These features are available to all users with an assigned us [Search Features](/docs/accessinformationcenter/11.6/resourceaudit/navigate/search.md) topic for additional information. -For Assigned Owner +**For Assigned Owner** The **Manage Your Resources** link opens the Owner portal. It is only visible on the Home page if the logged in user is also an assigned owner of at least one resource. Assigned owners without a @@ -106,7 +115,7 @@ group within the Access Information Center. See the [Owner Portal Overview](/docs/accessinformationcenter/11.6/owneroverview/ownerportal/overview.md) topic for additional information. -For All Domain Users +**For All Domain Users** The **Manage Your Access** link opens the Your Access portal. Domain users without a user role who have not been assigned ownership are directed to the Your Access portal at login. Users can request @@ -122,12 +131,13 @@ topic for additional information. The table below is a quick reference aligning each interface with its purpose, how to access it, who has access to it, and the require license: -| Interface | Purpose | Opened By | Accessible To | License | -| -------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------ | ----------------------------------------------- | -| Configuration Interface | Configure console access, Active Directory service account, notification settings, database access, and diagnostic logging level. Additionally you can view license details and upload a new license. | **Configure Console** link on the Home page | Administrator role | Any license feature | -| Resource Audit Interfaces | View reports for resources, users, groups, computers, and sensitive content. | **Resource Audit** button on the Home page Search bar on the Home page Recent Searched box on the Home page Owner Portal (access only to owned resources or groups) | All roles: - Administrator - Security Team - Readers - Data Privacy Assigned resource Owners with no role assigned | Active Directory File System SharePoint Windows | -| Resource Owners Interface | Manage resource ownership by assigning owners to resources and requesting ownership confirmation. Optionally enable resources for owner ad hoc changes and/or the Self-Service Access Requests workflow. | **Resource Owners** button on the Home page | Administrator role Security Team role | Entitlement Reviews Access Requests | -| Resource Reviews Interface | Create and manage reviews. | **Resource Reviews** button on the Home page | Administrator role Security Team role | Entitlement Reviews | -| Access Requests Interface | View pending and historical access requests and send reminders to owners. | **Access Requests** button on the Home page | Administrator role Security Team role | Access Requests | -| Owner Portal | View a list of scanned resources that the logged-in domain user is the assigned owner, access resource reports, access pending and historical access requests, and access resource review information. When enabled for a resource, the owner can make ad hoc access changes. The Owner portal also grants access to the Your Access portal. | **Manage Your Resources** link on the Home page Direct from login for owners without a role | Assigned Resource Owners | Entitlement Reviews Access Requests | -| Your Access Portal | Users can request access to resources managed through the Access Information Center, view their own entitlements to resources, and view access request history. | **Manage Your Access** link on the Home page **Access** and **History** links in the My Access section of the Owner Portal Direct from login for domain users without a role and are not assigned owners | Domain User | Access Requests | +| Interface | Purpose | Opened By | Accessible To | License | +| -------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------- | +| Configuration Interface | Configure console access, Active Directory service account, notification settings, database access, and diagnostic logging level. Additionally you can view license details and upload a new license. | **Configure Console** link on the Home page | Administrator role | Any license feature | +| Resource Audit Interfaces | View reports for resources, users, groups, computers, and sensitive content. | **Resource Audit** button on the Home page

Search bar on the Home page

Recent Searched box on the Home page

Owner Portal (access only to owned resources or groups) | All roles:
  • Administrator
  • Security Team
  • Readers
  • Data Privacy

Assigned resource Owners with no role assigned | Active Directory
File System
SharePoint
Windows | +| Resource Owners Interface | Manage resource ownership by assigning owners to resources and requesting ownership confirmation. Optionally enable resources for owner ad hoc changes and/or the Self-Service Access Requests workflow. | **Resource Owners** button on the Home page | Administrator role Security Team role | Entitlement Reviews
Access Requests | +| Resource Reviews Interface | Create and manage reviews. | **Resource Reviews** button on the Home page | Administrator role Security Team role | Entitlement Reviews | +| Access Requests Interface | View pending and historical access requests and send reminders to owners. | **Access Requests** button on the Home page | Administrator role Security Team role | Access Requests | +| Owner Portal | View a list of scanned resources that the logged-in domain user is the assigned owner, access resource reports, access pending and historical access requests, and access resource review information. When enabled for a resource, the owner can make ad hoc access changes. The Owner portal also grants access to the Your Access portal. | **Manage Your Resources** link on the Home page

Direct from login for owners without a role | Assigned Resource Owners | Entitlement Reviews
Access Requests | +| Your Access Portal | Users can request access to resources managed through the Access Information Center, view their own entitlements to resources, and view access request history. | **Manage Your Access** link on the Home page

**Access** and **History** links in the My Access section of the Owner Portal

Direct from login for domain users without a role and are not assigned owners | Domain User | Access Requests | + diff --git a/docs/accessinformationcenter/11.6/admin/troubleshooting/loglevel.md b/docs/accessinformationcenter/11.6/admin/troubleshooting/loglevel.md index 0c6f8e0dbe..174158a726 100644 --- a/docs/accessinformationcenter/11.6/admin/troubleshooting/loglevel.md +++ b/docs/accessinformationcenter/11.6/admin/troubleshooting/loglevel.md @@ -9,7 +9,7 @@ sidebar_position: 20 The `AccessInformationCenter.Service.exe.config` file is located in the Access Information Center installation directory: -…\STEALTHbits\Access Information Center +**…\STEALTHbits\Access Information Center** Follow the steps to modify the log level. diff --git a/docs/accessinformationcenter/11.6/admin/troubleshooting/overview.md b/docs/accessinformationcenter/11.6/admin/troubleshooting/overview.md index 5787aaca42..bdd284c79b 100644 --- a/docs/accessinformationcenter/11.6/admin/troubleshooting/overview.md +++ b/docs/accessinformationcenter/11.6/admin/troubleshooting/overview.md @@ -10,14 +10,14 @@ The following are several troubleshooting tips which can assist with diagnosing Access Information Center. If engaging with [Netwrix Support](https://www.netwrix.com/support.html), it will be useful to be aware of these. -Service Account Delegation +**Service Account Delegation** Delegation can be used to grant the Active Directory service account the minimal rights necessary to allow the Access Information Center to commit changes in Active Directory. See the [Service Account Delegation](/docs/accessinformationcenter/11.6/admin/troubleshooting/delegation.md) topic for additional information. -Log File +**Log File** By default the Access Information Center is configured to log at the Error level. When requested by Netwrix Support, you can enable Debug level from the Diagnostics page of the Configuration @@ -29,7 +29,7 @@ If a different log level is needed or desired, the `aic.log` file can be modifie [Change Log Level](/docs/accessinformationcenter/11.6/admin/troubleshooting/loglevel.md) topic for additional information. -Credential Password Changes +**Credential Password Changes** The Access Information Center uses several different types of service accounts. If a credential password for one of these accounts is no longer valid, it will impact application functionality. diff --git a/docs/accessinformationcenter/11.6/installation/install.md b/docs/accessinformationcenter/11.6/installation/install.md index 2a1690ee94..2142383ca7 100644 --- a/docs/accessinformationcenter/11.6/installation/install.md +++ b/docs/accessinformationcenter/11.6/installation/install.md @@ -26,8 +26,11 @@ Agreement** box and click **Next**. and a custom folder. Click Change to browse for a different location. When the destination is set as desired, click **Next**. -**NOTE:** The default location is `C:\Program Files\STEALTHbits\Access Information Center\`. There +:::note +The default location is `C:\Program Files\STEALTHbits\Access Information Center\`. There are no specific requirements for changing the path. +::: + ![AIC Setup Wizard SQL Server Connection page](/img/product_docs/accessinformationcenter/11.6/installation/sqlserver.webp) @@ -51,12 +54,15 @@ open. - For Windows Authentication — **User Name** format must be [DOMAIN]\[username] , e.g. NWXTECH\ad.bruce -**NOTE:** The Server and Database information are available in the Enterprise Auditor Console in the +:::note +The Server and Database information are available in the Enterprise Auditor Console in the **Settings** > **Storage** node, and will be auto-populated if installing the Access Information Center on the same server as Enterprise Auditor. The Database settings can be modified after installation. See the [Database Page](/docs/accessinformationcenter/11.6/admin/configuration/database.md) topic for additional information. +::: + ![AIC Setup Wizard Configure Web Server page](/img/product_docs/accessinformationcenter/11.6/installation/webserver.webp) diff --git a/docs/accessinformationcenter/11.6/installation/overview.md b/docs/accessinformationcenter/11.6/installation/overview.md index dac8dabca9..0bbc5fa5f8 100644 --- a/docs/accessinformationcenter/11.6/installation/overview.md +++ b/docs/accessinformationcenter/11.6/installation/overview.md @@ -22,8 +22,11 @@ information. The .Active Directory Inventory Solution must be successfully executed prior to installing the Access Information Center. -**_RECOMMENDED:_** Successfully execute other solutions, like File System or SharePoint, which +:::info +Successfully execute other solutions, like File System or SharePoint, which supply the data for Resource Audits. +::: + ### Permissions @@ -48,7 +51,7 @@ these will be referred to as the Database service account and the Active Directo [Active Directory Page](/docs/accessinformationcenter/11.6/admin/configuration/activedirectory.md) topic for additional information. -Commit Active Directory Changes +**Commit Active Directory Changes** If configured and enabled, the Access Information Center can commit group membership changes within Active Directory. This is an optional component of change modeling, resource owner ad hoc changes, @@ -81,8 +84,11 @@ Auditor Console, the following minimal server requirements are needed for Access - 20+ GB Disk Space - .NET Framework 4.7.2+ -**NOTE:** If utilizing any of the Access Information Center workflows (Resource Reviews or +:::note +If utilizing any of the Access Information Center workflows (Resource Reviews or Self-Service Access Requests), additional CPU cores, memory, and disk space may be needed. +::: + ## Software Compatibility & Versions @@ -91,7 +97,7 @@ compatible with the existing Enterprise Auditor installation. If necessary, [Netwrix Support](https://www.netwrix.com/support.html) can confirm whether the two product versions are compatible. -Latest Version Compatibility +**Latest Version Compatibility** | Component | Current Version | | --------------------------------- | --------------- | diff --git a/docs/accessinformationcenter/11.6/installation/secure.md b/docs/accessinformationcenter/11.6/installation/secure.md index 2efb013064..c7364bb03a 100644 --- a/docs/accessinformationcenter/11.6/installation/secure.md +++ b/docs/accessinformationcenter/11.6/installation/secure.md @@ -26,10 +26,13 @@ for additional information. Enable Secure Sockets Layer (SSL) for secure, remote connections to the application web server. -**NOTE:** Organizations typically have one or more system administrators responsible for Public Key +:::note +Organizations typically have one or more system administrators responsible for Public Key Infrastructure (PKI) and certificates. To continue with this configuration, it will first be necessary to confer with the PKI administrator to determine which certificate method will conform to the organization’s security policies. +::: + Follow the steps to enable SSL. @@ -83,7 +86,7 @@ HTTPS. **Step 1 –** Open the `AccessInformationCenter.Service.exeWeb.config` file in a text editor, such as Notepad. The file is located in the Access Information Center installation directory: -…\Program Files\STEALTHbits\Access Information Center +**…\Program Files\STEALTHbits\Access Information Center** ![AccessInformationCenter.Service.exe config file](/img/product_docs/accessinformationcenter/11.6/installation/configfilessl.webp) @@ -125,10 +128,13 @@ configured for the Web Console. See the Enable Single Sign-On topic of the [Netwrix Enterprise Auditor Documentation](https://helpcenter.netwrix.com/category/accessanalyzer) for additional information. -**NOTE:** The Access Information Center also supports using Microsoft Entra ID single sign-on. See +:::note +The Access Information Center also supports using Microsoft Entra ID single sign-on. See the [Microsoft Entra ID Single Sign-On](/docs/accessinformationcenter/11.6/admin/additionalconfig/entraidsso.md) topic for additional information. +::: + Follow the steps to enable SSO for accessing the Access Information Center website directly. @@ -137,7 +143,7 @@ Follow the steps to enable SSO for accessing the Access Information Center webs **Step 1 –** Open the `AccessInformationCenter.Service.exe.config` file in a text editor, such as Notepad. The file is located in the Access Information Center installation directory: -…\Program Files\STEALTHbits\Access Information Center +**…\Program Files\STEALTHbits\Access Information Center** ![AccessInformationCenter.Service.exe config file](/img/product_docs/accessinformationcenter/11.6/installation/configfilesso.webp) @@ -193,5 +199,8 @@ qualified domain name is in the following format: `https://..com Authentication will now pass through Windows Authentication and bypass SSO configuration Prompts for credentials via Browser pop-up -**NOTE:** A list of allowed authentication servers can also be configured using the +:::note +A list of allowed authentication servers can also be configured using the AuthServerAllowList policy. + +::: diff --git a/docs/accessinformationcenter/11.6/owneroverview/owneroverview.md b/docs/accessinformationcenter/11.6/owneroverview/owneroverview.md index 4fecf8ce05..81204d94b1 100644 --- a/docs/accessinformationcenter/11.6/owneroverview/owneroverview.md +++ b/docs/accessinformationcenter/11.6/owneroverview/owneroverview.md @@ -14,9 +14,12 @@ the ability to make ad hoc changes to access of your resources. If your organiza Resource Review attestations, you will be expected to complete reviews. If your organization enables Self-Service Access Requests, you will be expected to process requests for your resource. -**NOTE:** For the Access Information Center, a “resource” refers to the file system shared folders, +:::note +For the Access Information Center, a “resource” refers to the file system shared folders, SharePoint sites, Active Directory (AD) groups, AD distribution lists, and/or local Administrators groups. +::: + Your Access Information Center Administrator will let you know what URL to use for logging in as well as what credentials to use. The URL will require you to be connected to your organization's diff --git a/docs/accessinformationcenter/11.6/owneroverview/ownerportal/actionspanel.md b/docs/accessinformationcenter/11.6/owneroverview/ownerportal/actionspanel.md index 981da53b64..91755f6717 100644 --- a/docs/accessinformationcenter/11.6/owneroverview/ownerportal/actionspanel.md +++ b/docs/accessinformationcenter/11.6/owneroverview/ownerportal/actionspanel.md @@ -11,7 +11,7 @@ workflow features. ![Actions panel section of the Owner portal](/img/product_docs/accessinformationcenter/11.6/resourceowners/ownerportal/actionspanel.webp) -Resource Review Workflow Features +**Resource Review Workflow Features** The Reviews link in the Actions panel is part of the Resource Review feature. @@ -21,7 +21,7 @@ The Reviews link in the Actions panel is part of the Resource Review feature. [Owners & Resource Reviews](/docs/accessinformationcenter/11.6/owneroverview/pendingreviews/pendingreviews.md) topic for additional information. -Self-Service Access Requests Workflow Features +**Self-Service Access Requests Workflow Features** The Access Requests and My Access links in the Actions panel are part of the Self-Service Access Requests feature. @@ -36,5 +36,8 @@ Requests feature. [Your Access Portal Overview](/docs/accessinformationcenter/11.6/youraccessportal/overview.md) topic for additional information. - **NOTE:** If you have an assigned user role, you can access the Your Access portal with the + :::note + If you have an assigned user role, you can access the Your Access portal with the **Manage Your Access** link on the Home page. + + ::: diff --git a/docs/accessinformationcenter/11.6/owneroverview/ownerportal/assignedresources/changeaccess.md b/docs/accessinformationcenter/11.6/owneroverview/ownerportal/assignedresources/changeaccess.md index 77782a7d95..ba97a3b5ee 100644 --- a/docs/accessinformationcenter/11.6/owneroverview/ownerportal/assignedresources/changeaccess.md +++ b/docs/accessinformationcenter/11.6/owneroverview/ownerportal/assignedresources/changeaccess.md @@ -15,17 +15,17 @@ the resource by the Ownership Administrators. This wizard has four pages, but you will only be directed to the pages applicable to your selection on the first page: -- 1. Select Change — Choose between adding access for a new user and changing access for an +- **1. Select Change** — Choose between adding access for a new user and changing access for an existing user -- 2. Add Access — Select new user and identify access level. See the [Add Access](#add-access) +- **2. Add Access** — Select new user and identify access level. See the [Add Access](#add-access) topic for additional information. - New users can be imported in bulk from a CSV file. See the [Import Users CSV File](#import-users-csv-file) topic for additional information. -- 3. Change Access — Select users and indicate a new access level. See the +- **3. Change Access** — Select users and indicate a new access level. See the [Change Access](#change-access) topic for additional information. -- 4. Add Notes — Enter notes that will be included in the notification sent to the user (if +- **4. Add Notes** — Enter notes that will be included in the notification sent to the user (if selected) and recorded with the historical record of this change ## Add Access @@ -49,8 +49,11 @@ you type. You can also import a list of users by clicking **Import**, navigating and clicking **Open** to select the file. See the [Import Users CSV File](#import-users-csv-file) topic for additional information. -**NOTE:** All users in the list will be given the same level of access. Use the **Remove** button to +:::note +All users in the list will be given the same level of access. Use the **Remove** button to remove a selected user from the list. +::: + **Step 4 –** When the user list is complete, select the desired access level from the drop-down menu. @@ -74,18 +77,24 @@ menu. **Step 7 –** Click **Next**. The Access Information Center will begin to process the updates. -_Remember,_ Notes are included in the notification sent to the user (if selected) and recorded with +:::tip +Remember, Notes are included in the notification sent to the user (if selected) and recorded with the historical record of this change. +::: + ![Change Resource Access wizard completed updates message](/img/product_docs/accessinformationcenter/11.6/resourceowners/ownerportal/completed.webp) **Step 8 –** The action status displays on the page. When the update has completed (100%), click **Finish**. The Change Resource Access wizard closes. -**NOTE:** If an error is reported on the Commit page, it indicates the access changes could not be +:::note +If an error is reported on the Commit page, it indicates the access changes could not be made. Reach out to the Ownership Administrator. If an existing request is pending, approve the request on the Pending Requests tab of the Access Requests page via the **Access Requests** link on the Actions panel. +::: + The access changes that completed successfully can be viewed in the History tab of the Access Requests page via the **Access Requests** link on the Actions panel. @@ -134,18 +143,24 @@ drop-down menu. explaining the reason for the change. Click **Next**. The Access Information Center will begin to process the updates. -_Remember,_ Notes are included in the notification sent to the user (if selected) and recorded with +:::tip +Remember, Notes are included in the notification sent to the user (if selected) and recorded with the historical record of this change. +::: + ![Change Resource Access wizard completed updates message](/img/product_docs/accessinformationcenter/11.6/resourceowners/ownerportal/completed.webp) **Step 7 –** The action status displays on the page. When the update has completed (100%), click **Finish**. The Change Resource Access wizard closes. -**NOTE:** If an error is reported on the Commit page, it indicates the access changes could not be +:::note +If an error is reported on the Commit page, it indicates the access changes could not be made. Reach out to the Ownership Administrator. If an existing request is pending, process the request on the Pending Requests tab of the Access Requests page via the **Access Requests** link on the Actions panel. +::: + The access changes that completed successfully can be viewed in the History tab of the Access Requests page via the **Access Requests** link on the Actions panel. diff --git a/docs/accessinformationcenter/11.6/owneroverview/owners/pendingrequests/declineaccess.md b/docs/accessinformationcenter/11.6/owneroverview/owners/pendingrequests/declineaccess.md index 0e89a5a5e8..0c2bb5c599 100644 --- a/docs/accessinformationcenter/11.6/owneroverview/owners/pendingrequests/declineaccess.md +++ b/docs/accessinformationcenter/11.6/owneroverview/owners/pendingrequests/declineaccess.md @@ -21,7 +21,10 @@ notification sent to the requester. **Step 3 –** Click **Decline** to cancel the request. -**NOTE:** You can click **Cancel** to close the window without denying the request. +:::note +You can click **Cancel** to close the window without denying the request. +::: + ![Saving Request window](/img/product_docs/accessinformationcenter/11.6/accessrequests/window/savingrequest.webp) diff --git a/docs/accessinformationcenter/11.6/owneroverview/owners/pendingrequests/selectaccess.md b/docs/accessinformationcenter/11.6/owneroverview/owners/pendingrequests/selectaccess.md index 4ea027623d..06a91a76b6 100644 --- a/docs/accessinformationcenter/11.6/owneroverview/owners/pendingrequests/selectaccess.md +++ b/docs/accessinformationcenter/11.6/owneroverview/owners/pendingrequests/selectaccess.md @@ -19,8 +19,11 @@ click **More Options**. The Select Access window opens. **Step 2 –** The drop-down menu provides alternative access levels. Options vary based on how the resource was configured for self-service. Select the desired Access Level. -_Remember,_ this is only applicable to file system and SharePoint resources. Group membership only +:::tip +Remember, this is only applicable to file system and SharePoint resources. Group membership only has one access level, Membership. +::: + **Step 3 –** Optionally select to only grant temporary access, or change a requested expiration date: @@ -32,8 +35,11 @@ date: **Step 4 –** Click **Accept** to approve the request with the modified Access Level. -**NOTE:** You can click **Cancel** to close the window without changing the Access Level or +:::note +You can click **Cancel** to close the window without changing the Access Level or approving the request. +::: + ![Saving Request window](/img/product_docs/accessinformationcenter/11.6/accessrequests/window/savingrequest.webp) diff --git a/docs/accessinformationcenter/11.6/owneroverview/pendingreviews/access.md b/docs/accessinformationcenter/11.6/owneroverview/pendingreviews/access.md index a1708ce817..59e096a5d3 100644 --- a/docs/accessinformationcenter/11.6/owneroverview/pendingreviews/access.md +++ b/docs/accessinformationcenter/11.6/owneroverview/pendingreviews/access.md @@ -38,8 +38,11 @@ access you are recommending. Access** button or by clicking on a checkmark icon. A blank yellow icon indicates you are recommending all access be removed; it appears in the column for the current level of access. -_Remember,_ at any time you can save your recommendations and exit the review. It will remain +:::tip +Remember, at any time you can save your recommendations and exit the review. It will remain pending until you submit all recommendations for this resource. +::: + **Step 4 –** When the recommended changes are set as desired, click **Next**. The 2 Review changes tab opens in the Resource Review page. @@ -50,8 +53,11 @@ tab opens in the Resource Review page. recommendations and optionally add notes to the Review Administrator. Owners are encouraged to leave notes explaining why the change is recommended. -**NOTE:** To make changes to your recommendations, you must return to the first tab. Click +:::note +To make changes to your recommendations, you must return to the first tab. Click **Previous**. +::: + **Step 6 –** When all recommendations are confirmed and the desire notes added, click **Submit**. A message displays stating that the review is complete. Click **OK** to close the message window. diff --git a/docs/accessinformationcenter/11.6/owneroverview/pendingreviews/groupmembership.md b/docs/accessinformationcenter/11.6/owneroverview/pendingreviews/groupmembership.md index d5f2ebbef6..ce1b190b82 100644 --- a/docs/accessinformationcenter/11.6/owneroverview/pendingreviews/groupmembership.md +++ b/docs/accessinformationcenter/11.6/owneroverview/pendingreviews/groupmembership.md @@ -9,7 +9,7 @@ sidebar_position: 60 When a group trustee appears in the Trustee Name column of a review, it appears as a blue hyperlink in addition to the group icon displayed in front of the name. -![Resource Reviews page showing the Group Membership window](/img/product_docs/accessanalyzer/11.6/admin/action/activedirectory/operations/groupmembership.webp) +![Resource Reviews page showing the Group Membership window](/img/product_docs/accessinformationcenter/11.6/general/groupmembership.webp) Click the hyperlink to open the Group Membership window. The group’s direct membership is listed for review. Click **Close** to return to the review. diff --git a/docs/accessinformationcenter/11.6/owneroverview/pendingreviews/membership.md b/docs/accessinformationcenter/11.6/owneroverview/pendingreviews/membership.md index 5f53dfefe6..722cbb0189 100644 --- a/docs/accessinformationcenter/11.6/owneroverview/pendingreviews/membership.md +++ b/docs/accessinformationcenter/11.6/owneroverview/pendingreviews/membership.md @@ -34,8 +34,11 @@ The table displays membership information for the group being reviewed: **Remove Access** button or by clicking on a checkmark icon. A blank yellow icon indicates you are recommending the trustee be removed from the group. -_Remember,_ at any time you can save your recommendations and exit the review. It will remain +:::tip +Remember, at any time you can save your recommendations and exit the review. It will remain pending until you submit all recommendations for this resource. +::: + **Step 3 –** When the recommended changes are set as desired, click **Next**. The 2 Review changes tab opens in the Resource Review page. @@ -46,8 +49,11 @@ tab opens in the Resource Review page. recommendations and optionally add notes to the Review Administrator. Owners are encouraged to leave notes explaining why the change is recommended. -**NOTE:** To make changes to your recommendations, you must return to the first tab. Click +:::note +To make changes to your recommendations, you must return to the first tab. Click **Previous**. +::: + **Step 5 –** When all recommendations are confirmed and the desire notes added, click **Submit**. A message displays stating that the review is complete. Click **OK** to close the message window. diff --git a/docs/accessinformationcenter/11.6/owneroverview/pendingreviews/pendingreviews.md b/docs/accessinformationcenter/11.6/owneroverview/pendingreviews/pendingreviews.md index 396712fd13..f604c3366a 100644 --- a/docs/accessinformationcenter/11.6/owneroverview/pendingreviews/pendingreviews.md +++ b/docs/accessinformationcenter/11.6/owneroverview/pendingreviews/pendingreviews.md @@ -16,7 +16,10 @@ your pending reviews. Use the **Sign in** link at the bottom to open the Owner portal in the Access Information Center. -_Remember,_ Your company domain credentials are used to log in. +:::tip +Remember, Your company domain credentials are used to log in. +::: + ![Reviews link on the Ownership portal](/img/product_docs/accessinformationcenter/11.6/resourcereviews/ownershipportal.webp) @@ -64,8 +67,11 @@ make recommendations for changes. Consider the following examples: be removed from its current location, or indicate that the file is not sensitive and flag it as a false positive. -_Remember,_ any proposed changes are not committed until the Review Administrator approves the +:::tip +Remember, any proposed changes are not committed until the Review Administrator approves the recommendation and processes those changes. +::: + ## Resource Review Page diff --git a/docs/accessinformationcenter/11.6/owneroverview/pendingreviews/permissions.md b/docs/accessinformationcenter/11.6/owneroverview/pendingreviews/permissions.md index 3915ac7ecc..4ad2a7ba55 100644 --- a/docs/accessinformationcenter/11.6/owneroverview/pendingreviews/permissions.md +++ b/docs/accessinformationcenter/11.6/owneroverview/pendingreviews/permissions.md @@ -41,8 +41,11 @@ level of permission you are recommending. **Remove Access** button or by clicking on a checkmark icon. A blank yellow icon indicates you are recommending all permissions be removed; it appears in the column for the current level of access. -_Remember,_ at any time you can save your recommendations and exit the review. It will remain +:::tip +Remember, at any time you can save your recommendations and exit the review. It will remain pending until you submit all recommendations for this resource. +::: + **Step 4 –** When the recommended changes are set as desired, click **Next**. The 2 Review changes tab opens in the Resource Review page. @@ -53,8 +56,11 @@ tab opens in the Resource Review page. recommendations and optionally add notes to the Review Administrator. Owners are encouraged to leave notes explaining why the change is recommended. -**NOTE:** To make changes to your recommendations, you must return to the first tab. Click +:::note +To make changes to your recommendations, you must return to the first tab. Click **Previous**. +::: + **Step 6 –** When all recommendations are confirmed and the desire notes added, click **Submit**. A message displays stating that the review is complete. Click **OK** to close the message window. diff --git a/docs/accessinformationcenter/11.6/owneroverview/pendingreviews/reviewhistory.md b/docs/accessinformationcenter/11.6/owneroverview/pendingreviews/reviewhistory.md index cd984750c6..7ece3acda3 100644 --- a/docs/accessinformationcenter/11.6/owneroverview/pendingreviews/reviewhistory.md +++ b/docs/accessinformationcenter/11.6/owneroverview/pendingreviews/reviewhistory.md @@ -37,7 +37,7 @@ for additional information. The View Details button at the bottom of the Review History page opens the Review Details window for a resource where changes were recommended. -![Review Details Window](/img/product_docs/accessinformationcenter/11.6/resourcereviews/reviewdetails.webp) +![Review Details Window](/img/product_docs/accessinformationcenter/11.6/resourcereviews/reviewdetails_1.webp) The information displayed in the table includes: diff --git a/docs/accessinformationcenter/11.6/owneroverview/pendingreviews/sensitivedata.md b/docs/accessinformationcenter/11.6/owneroverview/pendingreviews/sensitivedata.md index f17270203c..64abec5d30 100644 --- a/docs/accessinformationcenter/11.6/owneroverview/pendingreviews/sensitivedata.md +++ b/docs/accessinformationcenter/11.6/owneroverview/pendingreviews/sensitivedata.md @@ -34,8 +34,11 @@ Remove, or Not Sensitive column. Your selection is indicated by a yellow checkma - Not Sensitive – Recommend that the file does not contain sensitive data for the designated criteria -_Remember,_ at any time you can save your recommendations and exit the review. It will remain +:::tip +Remember, at any time you can save your recommendations and exit the review. It will remain pending until you submit all recommendations for this resource. +::: + **Step 3 –** When the recommended changes are set as desired, click **Next**. The 2 Review changes tab opens in the Resource Review page. @@ -46,8 +49,11 @@ tab opens in the Resource Review page. recommendations and optionally add notes to the Review Administrator. Owners are encouraged to leave notes explaining why the change is recommended. -**NOTE:** To make changes to your recommendations, you must return to the first tab. Click +:::note +To make changes to your recommendations, you must return to the first tab. Click **Previous**. +::: + **Step 5 –** When all recommendations are confirmed and the desire notes added, click **Submit**. A message displays stating that the review is complete. Click **OK** to close the message window. diff --git a/docs/accessinformationcenter/11.6/resourceaudit/changemodeling/commit.md b/docs/accessinformationcenter/11.6/resourceaudit/changemodeling/commit.md index 27923bbf80..4eb2d8a7ec 100644 --- a/docs/accessinformationcenter/11.6/resourceaudit/changemodeling/commit.md +++ b/docs/accessinformationcenter/11.6/resourceaudit/changemodeling/commit.md @@ -19,10 +19,13 @@ The following user roles can commit changes: - Security Team Members – This role can commit modeled changes, if the Access Information Center has already been configured to do so -**NOTE:** All users with access to the Resource Audit interface can model changes. The **Commit** +:::note +All users with access to the Resource Audit interface can model changes. The **Commit** button in the Group Membership Changes window is not available to users with the Reader role or owners with no assigned role. A resource owner can use the **Change Access** button in the Owner portal. +::: + Return to the Group Membership Changes window to view the modeled changes by clicking the **Change Group Membership** button on the Group Membership pane. @@ -31,7 +34,7 @@ Group Membership** button on the Group Membership pane. Additional changes can be modeled using the **Add** and **Remove** buttons. -Manually Commit Changes +**Manually Commit Changes** You can export the list of modeled changes as either a CSV or Excel file, which can be sent to your organization’s IT team. Select between the **CSV Export** and **Excel Export** buttons above the @@ -39,7 +42,7 @@ table. See the [Data Grid Features](/docs/accessinformationcenter/11.6/admin/navigate/datagrid.md) topic for additional information. -Access Information Center Automatically Commits Changes +**Access Information Center Automatically Commits Changes** If the Access Information Center has been configured to commit changes in Active Directory, then the **Commit** button is available at the bottom of the window. diff --git a/docs/accessinformationcenter/11.6/resourceaudit/changemodeling/model.md b/docs/accessinformationcenter/11.6/resourceaudit/changemodeling/model.md index 9abb2671e7..5a14ea0c7b 100644 --- a/docs/accessinformationcenter/11.6/resourceaudit/changemodeling/model.md +++ b/docs/accessinformationcenter/11.6/resourceaudit/changemodeling/model.md @@ -65,8 +65,11 @@ window. Skip to Step 12. **Step 10 –** On the Remove Members page, the existing group members are listed. Select the desired members and click **Select**. -**NOTE:** The number on the **View Removals** button changes to reflect the number of users +:::note +The number on the **View Removals** button changes to reflect the number of users selected. +::: + ![Members selected for removal window](/img/product_docs/accessinformationcenter/11.6/resourceaudit/changemodeling/membersforremoval.webp) diff --git a/docs/accessinformationcenter/11.6/resourceaudit/computer/effectiveaccess.md b/docs/accessinformationcenter/11.6/resourceaudit/computer/effectiveaccess.md index 42f4043ff6..61dcdbf8f6 100644 --- a/docs/accessinformationcenter/11.6/resourceaudit/computer/effectiveaccess.md +++ b/docs/accessinformationcenter/11.6/resourceaudit/computer/effectiveaccess.md @@ -27,9 +27,12 @@ analyzing all of the collected data available for all access points. While the r loading, there is a status bar in the upper-right corner of the Reports pane that indicates the data loading progress. After the data has loaded, the number of rows is displayed. -**NOTE:** This report continues to load while other reports are being opened and viewed. As long as +:::note +This report continues to load while other reports are being opened and viewed. As long as the Access Information Center user remains logged into the Access Information Center, it continues to load until all data has been analyzed for the audited user. +::: + The scoping options allow Access Information Center users to specifying what collected data should be analyzed in order to generate this report. Unlike other filter options, this may impact the diff --git a/docs/accessinformationcenter/11.6/resourceaudit/filesystem/nfsexports/sensitivecontent.md b/docs/accessinformationcenter/11.6/resourceaudit/filesystem/nfsexports/sensitivecontent.md index b73b227f90..60fa49d7d1 100644 --- a/docs/accessinformationcenter/11.6/resourceaudit/filesystem/nfsexports/sensitivecontent.md +++ b/docs/accessinformationcenter/11.6/resourceaudit/filesystem/nfsexports/sensitivecontent.md @@ -29,4 +29,7 @@ were found. - Suffix – Text just after the sensitive data match in the file - Sub File – File name if the sensitive data files reside in a PST file or a ZIP file -**NOTE:** Up to five matches per file can be displayed. +:::note +Up to five matches per file can be displayed. + +::: diff --git a/docs/accessinformationcenter/11.6/resourceaudit/filesystem/overview.md b/docs/accessinformationcenter/11.6/resourceaudit/filesystem/overview.md index a35f6e55f0..e09de681b7 100644 --- a/docs/accessinformationcenter/11.6/resourceaudit/filesystem/overview.md +++ b/docs/accessinformationcenter/11.6/resourceaudit/filesystem/overview.md @@ -13,11 +13,14 @@ System Solution topic in the [Netwrix Enterprise Auditor Documentation](https://helpcenter.netwrix.com/category/accessanalyzer) for additional information. -**NOTE:** In order to populate the NFS resources within the reports, the **.Active Directory +:::note +In order to populate the NFS resources within the reports, the **.Active Directory Inventory** job group must be configured to collect the `uid` and `uidNumber` attributes for user objects. See the NFS Permissions for the Access Information Center topic in the [Netwrix Enterprise Auditor Documentation](https://helpcenter.netwrix.com/category/accessanalyzer) for more information. +::: + File System resource reports identify the following information in the targeted file system environment: diff --git a/docs/accessinformationcenter/11.6/resourceaudit/filesystem/quickreference.md b/docs/accessinformationcenter/11.6/resourceaudit/filesystem/quickreference.md index 83f02dc9d0..5632d90376 100644 --- a/docs/accessinformationcenter/11.6/resourceaudit/filesystem/quickreference.md +++ b/docs/accessinformationcenter/11.6/resourceaudit/filesystem/quickreference.md @@ -12,13 +12,14 @@ The following File System reports are available for selections within the Resour The following reports are available at the File System node level: -| Report | Description | -| ------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| [Activity Summary Report](/docs/accessinformationcenter/11.6/resourceaudit/filesystem/activitysummary.md) | Provides an overview of activity performed on files and folders in each of the scanned servers. It reflects the total count of operations performed in each server, including activity in folders that are not shared. This is an activity report that does not include a date range filter, as it contains totals for all operations ever monitored by Enterprise Auditor for the targeted environment. | -| [Exceptions Report](/docs/accessinformationcenter/11.6/resourceaudit/filesystem/exceptions.md) | Provides a list of exceptions that were found across the targeted environment. This report includes a Details table. | -| [Modeled Access Changes Report](/docs/accessinformationcenter/11.6/resourceaudit/changemodeling/modeledaccesschanges.md) | Provides an enterprise wide view of modeled access changes. This report is blank if no changes have been modeled or if the modeled changes have no impact on the environment. This report includes the following tables: - Permission Source – Displays all of the ways the trustee has been granted rights to the resource - Activity – Displays additional information on recent activity performed by the trustee which would have been impacted by the modeled change | -| [Sensitive Content Summary Report](/docs/accessinformationcenter/11.6/resourceaudit/filesystem/sensitivecontentsummary.md) | Provides a count of files where criteria matches were found in the targeted environment. This report includes a Details table. | -| [Server Summary Report](/docs/accessinformationcenter/11.6/resourceaudit/filesystem/serversummary.md) | Provides a top-level view of servers that have been scanned. | +| Report | Description | +| ------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| [Activity Summary Report](/docs/accessinformationcenter/11.6/resourceaudit/filesystem/activitysummary.md) | Provides an overview of activity performed on files and folders in each of the scanned servers. It reflects the total count of operations performed in each server, including activity in folders that are not shared. This is an activity report that does not include a date range filter, as it contains totals for all operations ever monitored by Enterprise Auditor for the targeted environment. | +| [Exceptions Report](/docs/accessinformationcenter/11.6/resourceaudit/filesystem/exceptions.md) | Provides a list of exceptions that were found across the targeted environment. This report includes a Details table. | +| [Modeled Access Changes Report](/docs/accessinformationcenter/11.6/resourceaudit/changemodeling/modeledaccesschanges.md) | Provides an enterprise wide view of modeled access changes. This report is blank if no changes have been modeled or if the modeled changes have no impact on the environment. This report includes the following tables:
  • Permission Source – Displays all of the ways the trustee has been granted rights to the resource
  • Activity – Displays additional information on recent activity performed by the trustee which would have been impacted by the modeled change
| +| [Sensitive Content Summary Report](/docs/accessinformationcenter/11.6/resourceaudit/filesystem/sensitivecontentsummary.md) | Provides a count of files where criteria matches were found in the targeted environment. This report includes a Details table. | +| [Server Summary Report](/docs/accessinformationcenter/11.6/resourceaudit/filesystem/serversummary.md) | Provides a top-level view of servers that have been scanned. | + ## File System > Server Level Reports @@ -38,7 +39,10 @@ The following reports are available at the server level: The following reports are available at the local policy level: -**NOTE:** There are no reports at the Local Policies node level. +:::note +There are no reports at the Local Policies node level. +::: + | Report | Description | | ---------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------- | diff --git a/docs/accessinformationcenter/11.6/resourceaudit/flexibleimports/quickreference.md b/docs/accessinformationcenter/11.6/resourceaudit/flexibleimports/quickreference.md index d6c6ca0e28..6655108365 100644 --- a/docs/accessinformationcenter/11.6/resourceaudit/flexibleimports/quickreference.md +++ b/docs/accessinformationcenter/11.6/resourceaudit/flexibleimports/quickreference.md @@ -8,23 +8,26 @@ sidebar_position: 10 The following imported data reports are available for selections within the Resources pane. -**NOTE:** Although the reports are always displayed at the nodes and levels listed, whether they are +:::note +Although the reports are always displayed at the nodes and levels listed, whether they are populated is determined by what data is imported for the environment. +::: -Environment Node Report + +**Environment Node Report** | Report | Description | | --------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | [Sensitive Content Report](/docs/accessinformationcenter/11.6/resourceaudit/flexibleimports/sensitivecontent.md) | Provides a list of paths and a hit count per table where criteria matches were found on the selected resource. This report includes a table with criteria Matches that is visible to Access Information Center users with either Security Team Member or Administrator roles. The Matches table requires the storage of discovered sensitive data within the Enterprise Auditor database or it will be blank. | -Environment > Host Level Reports +**Environment > Host Level Reports** | Report | Description | | --------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | [Activity Report](/docs/accessinformationcenter/11.6/resourceaudit/flexibleimports/activity.md) | Provides details on activity across the resource for every activity logged during the selected date range. | | [Sensitive Content Report](/docs/accessinformationcenter/11.6/resourceaudit/flexibleimports/sensitivecontent.md) | Provides a list of paths and a hit count per table where criteria matches were found on the selected resource. This report includes a table with criteria Matches that is visible to Access Information Center users with either Security Team Member or Administrator roles . The Matches table requires the storage of discovered sensitive data within the Enterprise Auditor database or it will be blank. | -Environment > Host > Sub-level Reports +**Environment > Host > Sub-level Reports** | Report | Description | | --------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | diff --git a/docs/accessinformationcenter/11.6/resourceaudit/group/effectiveaccess_1.md b/docs/accessinformationcenter/11.6/resourceaudit/group/effectiveaccess-entra.md similarity index 97% rename from docs/accessinformationcenter/11.6/resourceaudit/group/effectiveaccess_1.md rename to docs/accessinformationcenter/11.6/resourceaudit/group/effectiveaccess-entra.md index 15cc52c798..9ac7d250d5 100644 --- a/docs/accessinformationcenter/11.6/resourceaudit/group/effectiveaccess_1.md +++ b/docs/accessinformationcenter/11.6/resourceaudit/group/effectiveaccess-entra.md @@ -27,9 +27,12 @@ analyzing all of the collected data available for all access points. While the r loading, there is a status bar in the upper-right corner of the Reports pane that indicates the data loading progress. After the data has loaded, the number of rows is displayed. -**NOTE:** This report continues to load while other reports are being opened and viewed. As long as +:::note +This report continues to load while other reports are being opened and viewed. As long as the Access Information Center user remains logged into the Access Information Center, it continues to load until all data has been analyzed for the audited group. +::: + The scoping options allow Access Information Center users to specifying what collected data should be analyzed in order to generate this report. Unlike other filter options, this can impact the diff --git a/docs/accessinformationcenter/11.6/resourceaudit/group/effectiveaccess.md b/docs/accessinformationcenter/11.6/resourceaudit/group/effectiveaccess.md index 99d59a8947..b33d6c5e10 100644 --- a/docs/accessinformationcenter/11.6/resourceaudit/group/effectiveaccess.md +++ b/docs/accessinformationcenter/11.6/resourceaudit/group/effectiveaccess.md @@ -27,9 +27,12 @@ all of the collected data available for all access points. While the report data is a status bar in the upper-right corner of the Reports pane that indicates the data loading progress. After the data has loaded, the number of rows is displayed. -**NOTE:** This report continues to load while other reports are being opened and viewed. As long as +:::note +This report continues to load while other reports are being opened and viewed. As long as the Access Information Center user remains logged into the Access Information Center, it continues to load until all data has been analyzed for the audited group. +::: + The scoping options allow Access Information Center users to specifying what collected data should be analyzed in order to generate this report. Unlike other filter options, this can impact the diff --git a/docs/accessinformationcenter/11.6/resourceaudit/group/memberof_1.md b/docs/accessinformationcenter/11.6/resourceaudit/group/memberof-entra.md similarity index 100% rename from docs/accessinformationcenter/11.6/resourceaudit/group/memberof_1.md rename to docs/accessinformationcenter/11.6/resourceaudit/group/memberof-entra.md diff --git a/docs/accessinformationcenter/11.6/resourceaudit/group/members_1.md b/docs/accessinformationcenter/11.6/resourceaudit/group/members-entra.md similarity index 100% rename from docs/accessinformationcenter/11.6/resourceaudit/group/members_1.md rename to docs/accessinformationcenter/11.6/resourceaudit/group/members-entra.md diff --git a/docs/accessinformationcenter/11.6/resourceaudit/group/members.md b/docs/accessinformationcenter/11.6/resourceaudit/group/members.md index ffe19d6544..afca0d9293 100644 --- a/docs/accessinformationcenter/11.6/resourceaudit/group/members.md +++ b/docs/accessinformationcenter/11.6/resourceaudit/group/members.md @@ -9,10 +9,13 @@ sidebar_position: 80 The Members report for a group object provides a list of all trustees, users, and groups with membership in the audited group. This report includes a Membership Paths table. -_Remember,_ the Members report for a built-in group contains different information to the other +:::tip +Remember, the Members report for a built-in group contains different information to the other group types. See the [Members Report for a Built-in Group](/docs/accessinformationcenter/11.6/resourceaudit/group/membersbuiltin.md) topic for additional information. +::: + ![Members report](/img/product_docs/accessinformationcenter/11.6/resourceaudit/group/members.webp) diff --git a/docs/accessinformationcenter/11.6/resourceaudit/group/membersbuiltin.md b/docs/accessinformationcenter/11.6/resourceaudit/group/membersbuiltin.md index 82b1a95845..7bdd4a2574 100644 --- a/docs/accessinformationcenter/11.6/resourceaudit/group/membersbuiltin.md +++ b/docs/accessinformationcenter/11.6/resourceaudit/group/membersbuiltin.md @@ -9,8 +9,11 @@ sidebar_position: 90 The Members report for a built-in group provides a list of all trustees, users, and groups with membership in the audited group. This report includes a Membership Paths table. -_Remember,_ the Members report for a built-in group contains different information than the other +:::tip +Remember, the Members report for a built-in group contains different information than the other group types. +::: + ![Members report for a built-in group](/img/product_docs/accessinformationcenter/11.6/resourceaudit/group/membersbuiltin.webp) diff --git a/docs/accessinformationcenter/11.6/resourceaudit/group/overview.md b/docs/accessinformationcenter/11.6/resourceaudit/group/overview.md index c9cfb6db7a..d3eeed322b 100644 --- a/docs/accessinformationcenter/11.6/resourceaudit/group/overview.md +++ b/docs/accessinformationcenter/11.6/resourceaudit/group/overview.md @@ -34,7 +34,10 @@ Built-in group reports are opened through a search conducted for any of the foll - Cryptographic Operators - Account Operators -**NOTE:** The Members report for a built-in group contains different information than the other +:::note +The Members report for a built-in group contains different information than the other group types. See the [Members Report for a Built-in Group](/docs/accessinformationcenter/11.6/resourceaudit/group/membersbuiltin.md) topic for additional information. + +::: diff --git a/docs/accessinformationcenter/11.6/resourceaudit/group/permissions_1.md b/docs/accessinformationcenter/11.6/resourceaudit/group/permissions-entra.md similarity index 100% rename from docs/accessinformationcenter/11.6/resourceaudit/group/permissions_1.md rename to docs/accessinformationcenter/11.6/resourceaudit/group/permissions-entra.md diff --git a/docs/accessinformationcenter/11.6/resourceaudit/group/quickreference.md b/docs/accessinformationcenter/11.6/resourceaudit/group/quickreference.md index 41f7bfee52..a284a790ac 100644 --- a/docs/accessinformationcenter/11.6/resourceaudit/group/quickreference.md +++ b/docs/accessinformationcenter/11.6/resourceaudit/group/quickreference.md @@ -27,7 +27,7 @@ The following reports are available for selection within the Group Audit interfa | Report | Description | | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| [Effective Access Report for Entra ID Group](/docs/accessinformationcenter/11.6/resourceaudit/group/effectiveaccess_1.md) | Provides insight into every resource the audited Entra ID group has access to and what level of access has been granted. Effective access is a calculation based on several variables according to the type of resource. This report includes a Permission Source table. | -| [Member Of Report for Entra ID Group](/docs/accessinformationcenter/11.6/resourceaudit/group/memberof_1.md) | Provides a list of all Entra ID groups of which the audited group is a member. This report includes a Membership Paths table. | -| [Members Report for Entra ID Group](/docs/accessinformationcenter/11.6/resourceaudit/group/members_1.md) | Provides a list of all trustees, users, and groups with membership in the audited Entra ID group. This report includes a Membership Paths table. | -| [Permissions Report for Entra ID Group](/docs/accessinformationcenter/11.6/resourceaudit/group/permissions_1.md) | Provides a list of all resources where the audited Entra ID group has been assigned permissions. | +| [Effective Access Report for Entra ID Group](/docs/accessinformationcenter/11.6/resourceaudit/group/effectiveaccess-entra.md) | Provides insight into every resource the audited Entra ID group has access to and what level of access has been granted. Effective access is a calculation based on several variables according to the type of resource. This report includes a Permission Source table. | +| [Member Of Report for Entra ID Group](/docs/accessinformationcenter/11.6/resourceaudit/group/memberof-entra.md) | Provides a list of all Entra ID groups of which the audited group is a member. This report includes a Membership Paths table. | +| [Members Report for Entra ID Group](/docs/accessinformationcenter/11.6/resourceaudit/group/members-entra.md) | Provides a list of all trustees, users, and groups with membership in the audited Entra ID group. This report includes a Membership Paths table. | +| [Permissions Report for Entra ID Group](/docs/accessinformationcenter/11.6/resourceaudit/group/permissions-entra.md) | Provides a list of all resources where the audited Entra ID group has been assigned permissions. | diff --git a/docs/accessinformationcenter/11.6/resourceaudit/navigate/overview.md b/docs/accessinformationcenter/11.6/resourceaudit/navigate/overview.md index bd743c837a..93d2221785 100644 --- a/docs/accessinformationcenter/11.6/resourceaudit/navigate/overview.md +++ b/docs/accessinformationcenter/11.6/resourceaudit/navigate/overview.md @@ -68,14 +68,14 @@ There are two checkbox options depending on the report selected: Activity reports contain the following unique features. -Date Range Filter +**Date Range Filter** Activity reports display information for a selected date range. To adjust the date range, click the **Date Range** filter to open a calendar window. The date range can be changed manually by selecting dates in the calendars, using the arrows to change the month. Once the selection is made, click **OK**. The report loads data for the new date range. -Trend Graphs +**Trend Graphs** Trend graphs are line graphs that provide a visual representation of the activity that occurred over the selected date range. @@ -106,10 +106,13 @@ See the [Change Modeling](/docs/accessinformationcenter/11.6/resourceaudit/changemodeling/overview.md) topic for additional information. -**NOTE:** If the Access Information Center has been configured to commit changes to Active +:::note +If the Access Information Center has been configured to commit changes to Active Directory, then there is a **Commit** button within the **Changes** window. Click **Commit** to commit the modeled changes to Active Directory. Only Access Information Center Administrators can configure the Access Information Center to commit changes to Active Directory. +::: + While a resource owner has access to a Resource Audit interface filtered for their resource and can model changes, only users with an Administrator or a Security Team role are able to commit modeled diff --git a/docs/accessinformationcenter/11.6/resourceaudit/navigate/resource.md b/docs/accessinformationcenter/11.6/resourceaudit/navigate/resource.md index 29d4ed3d9b..905d3f4bfc 100644 --- a/docs/accessinformationcenter/11.6/resourceaudit/navigate/resource.md +++ b/docs/accessinformationcenter/11.6/resourceaudit/navigate/resource.md @@ -64,7 +64,10 @@ pane. These icons are designed to draw attention to resources where potential security concerns may exist. -**NOTE:** The Domain Group icon is used to indicate both Active Directory groups and Entra ID +:::note +The Domain Group icon is used to indicate both Active Directory groups and Entra ID groups. See the [AIC Icons ](/docs/accessinformationcenter/11.6/resourceaudit/navigate/icons.md)topic for additional information. + +::: diff --git a/docs/accessinformationcenter/11.6/resourceaudit/sensitivecontent/overview.md b/docs/accessinformationcenter/11.6/resourceaudit/sensitivecontent/overview.md index fc57f79b68..91e933d448 100644 --- a/docs/accessinformationcenter/11.6/resourceaudit/sensitivecontent/overview.md +++ b/docs/accessinformationcenter/11.6/resourceaudit/sensitivecontent/overview.md @@ -27,9 +27,12 @@ solutions’ collection query: - SQL – Configure this option for the 3-SQL_SensitiveDataScan job on the Options page of the query configuration wizard -**NOTE:** Only Access Information Center users with either the Security Team role or the Console +:::note +Only Access Information Center users with either the Security Team role or the Console Administrator role will be able to perform Sensitive Data Discovery criteria searches. Reports are blank for Access Information Center users with the Reader role. +::: + The Sensitive Content report identifies where potentially sensitive data has been found across the scanned targeted environments. diff --git a/docs/accessinformationcenter/11.6/resourceaudit/sensitivecontent/quickreference.md b/docs/accessinformationcenter/11.6/resourceaudit/sensitivecontent/quickreference.md index 57b4c8ea0e..b4c759b7cf 100644 --- a/docs/accessinformationcenter/11.6/resourceaudit/sensitivecontent/quickreference.md +++ b/docs/accessinformationcenter/11.6/resourceaudit/sensitivecontent/quickreference.md @@ -8,6 +8,7 @@ sidebar_position: 10 The following report is available for selection within the Content Audit interface: -| Report | Description | -| ----------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| [Files Report](/docs/accessinformationcenter/11.6/resourceaudit/sensitivecontent/files.md) | Provides a list of all files for the targeted environments which have matches to the searched Sensitive Data Discovery criteria. This report includes additional tables: - Matches – Displays information on the criteria hits found on the selected file - Activity – Displays information on activity performed on the selected file during the selected date range - Permissions – Displays information on the trustees with effective access to the parent object or folder that contains the selected sensitive data file | +| Report | Description | +| ----------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| [Files Report](/docs/accessinformationcenter/11.6/resourceaudit/sensitivecontent/files.md) | Provides a list of all files for the targeted environments which have matches to the searched Sensitive Data Discovery criteria. This report includes additional tables:
  • Matches – Displays information on the criteria hits found on the selected file
  • Activity – Displays information on activity performed on the selected file during the selected date range
  • Permissions – Displays information on the trustees with effective access to the parent object or folder that contains the selected sensitive data file
| + diff --git a/docs/accessinformationcenter/11.6/resourceaudit/sharepoint/quickreference.md b/docs/accessinformationcenter/11.6/resourceaudit/sharepoint/quickreference.md index 30e14f6a5d..7388771640 100644 --- a/docs/accessinformationcenter/11.6/resourceaudit/sharepoint/quickreference.md +++ b/docs/accessinformationcenter/11.6/resourceaudit/sharepoint/quickreference.md @@ -53,14 +53,15 @@ The following report is available at the Teams node level: The following reports are available at the site collection, site, list, library, and folder levels: -| Report | Description | -| --------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| [Activity Details Report](/docs/accessinformationcenter/11.6/resourceaudit/sharepoint/sitecollections/activitydetails.md) | Provides statistical activity event information by user on the selected server during the specified date range. This report includes a line graph for Active Users Trend. | -| [Effective Access Report](/docs/accessinformationcenter/11.6/resourceaudit/sharepoint/sitecollections/effectiveaccess.md) | Provides insight into who has what level of access to this resource through a calculation that encompasses web application policies, administrative access, resource permissions, and group membership. It contains a list of all trustees with access to the selected resource and specifies the effective access level. This report includes a Permission Source table. | -| [Exceptions Report](/docs/accessinformationcenter/11.6/resourceaudit/sharepoint/sitecollections/exceptions.md) | Provides a list of all trustees with access that are causing exceptions on the selected resource. This report includes a Permissions Source table. | -| [Permissions Report](/docs/accessinformationcenter/11.6/resourceaudit/sharepoint/sitecollections/permissions.md) | Provides a list of trustees with permissions for the selected resource. This report includes a table with trustee access levels Compared to Parent. | -| [Sensitive Content Report](/docs/accessinformationcenter/11.6/resourceaudit/sharepoint/sitecollections/sensitivecontent.md) | Provides a list of files and a hit count per file where criteria matches were found on the selected resource. This report includes a Matches table. | -| [Site Collection Roles Report](/docs/accessinformationcenter/11.6/resourceaudit/sharepoint/sitecollections/sitecollectionroles.md) | Provides a list of all roles or permission levels for the selected site collection, including custom defined roles and role descriptions. It also displays a calculation of the actual rights that each role grants within the targeted SharePoint on-premise farm or SharePoint Online instance. **NOTE:** This report is only available at the site collection level. | +| Report | Description | +| --------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| [Activity Details Report](/docs/accessinformationcenter/11.6/resourceaudit/sharepoint/sitecollections/activitydetails.md) | Provides statistical activity event information by user on the selected server during the specified date range. This report includes a line graph for Active Users Trend. | +| [Effective Access Report](/docs/accessinformationcenter/11.6/resourceaudit/sharepoint/sitecollections/effectiveaccess.md) | Provides insight into who has what level of access to this resource through a calculation that encompasses web application policies, administrative access, resource permissions, and group membership. It contains a list of all trustees with access to the selected resource and specifies the effective access level. This report includes a Permission Source table. | +| [Exceptions Report](/docs/accessinformationcenter/11.6/resourceaudit/sharepoint/sitecollections/exceptions.md) | Provides a list of all trustees with access that are causing exceptions on the selected resource. This report includes a Permissions Source table. | +| [Permissions Report](/docs/accessinformationcenter/11.6/resourceaudit/sharepoint/sitecollections/permissions.md) | Provides a list of trustees with permissions for the selected resource. This report includes a table with trustee access levels Compared to Parent. | +| [Sensitive Content Report](/docs/accessinformationcenter/11.6/resourceaudit/sharepoint/sitecollections/sensitivecontent.md) | Provides a list of files and a hit count per file where criteria matches were found on the selected resource. This report includes a Matches table. | +| [Site Collection Roles Report](/docs/accessinformationcenter/11.6/resourceaudit/sharepoint/sitecollections/sitecollectionroles.md) | Provides a list of all roles or permission levels for the selected site collection, including custom defined roles and role descriptions. It also displays a calculation of the actual rights that each role grants within the targeted SharePoint on-premise farm or SharePoint Online instance.
**NOTE:** This report is only available at the site collection level. | + ## SharePoint > Farm / Instance > Exceptions Node Reports diff --git a/docs/accessinformationcenter/11.6/resourceaudit/sharepoint/sitecollections/sensitivecontent.md b/docs/accessinformationcenter/11.6/resourceaudit/sharepoint/sitecollections/sensitivecontent.md index 92a8aa347e..951fc79c07 100644 --- a/docs/accessinformationcenter/11.6/resourceaudit/sharepoint/sitecollections/sensitivecontent.md +++ b/docs/accessinformationcenter/11.6/resourceaudit/sharepoint/sitecollections/sensitivecontent.md @@ -31,4 +31,7 @@ were found: - Suffix – Text just after the sensitive data match in the file - Sub File – File name if the sensitive data files reside in a PST file or a ZIP file -**NOTE:** Up to five matches per file can be displayed. +:::note +Up to five matches per file can be displayed. + +::: diff --git a/docs/accessinformationcenter/11.6/resourceaudit/sharepoint/sitecollections/sitecollectionroles.md b/docs/accessinformationcenter/11.6/resourceaudit/sharepoint/sitecollections/sitecollectionroles.md index de882ec6e3..6a82ce3a77 100644 --- a/docs/accessinformationcenter/11.6/resourceaudit/sharepoint/sitecollections/sitecollectionroles.md +++ b/docs/accessinformationcenter/11.6/resourceaudit/sharepoint/sitecollections/sitecollectionroles.md @@ -11,7 +11,10 @@ permission levels for the selected site collection, including custom defined rol descriptions. It also displays a calculation of the actual rights that each role grants within the targeted SharePoint on-premise farm or SharePoint Online instance. -**NOTE:** This report is only available at the site collection level. +:::note +This report is only available at the site collection level. +::: + ![Site Collections Roles report](/img/product_docs/accessinformationcenter/11.6/resourceaudit/sharepoint/sitecollections/sitecollectionroles.webp) diff --git a/docs/accessinformationcenter/11.6/resourceaudit/user/activitydetails_1.md b/docs/accessinformationcenter/11.6/resourceaudit/user/activitydetails-entra.md similarity index 100% rename from docs/accessinformationcenter/11.6/resourceaudit/user/activitydetails_1.md rename to docs/accessinformationcenter/11.6/resourceaudit/user/activitydetails-entra.md diff --git a/docs/accessinformationcenter/11.6/resourceaudit/user/effectiveaccess_1.md b/docs/accessinformationcenter/11.6/resourceaudit/user/effectiveaccess-entra.md similarity index 97% rename from docs/accessinformationcenter/11.6/resourceaudit/user/effectiveaccess_1.md rename to docs/accessinformationcenter/11.6/resourceaudit/user/effectiveaccess-entra.md index 414585ebd4..27093e5431 100644 --- a/docs/accessinformationcenter/11.6/resourceaudit/user/effectiveaccess_1.md +++ b/docs/accessinformationcenter/11.6/resourceaudit/user/effectiveaccess-entra.md @@ -27,9 +27,12 @@ all of the collected data available for all access points. While the report data is a status bar in the upper-right corner of the Reports pane that indicates the data loading progress. After the data has loaded, the number of rows is displayed. -**NOTE:** This report continues to load while other reports are being opened and viewed. As long as +:::note +This report continues to load while other reports are being opened and viewed. As long as the Access Information Center user remains logged into the Access Information Center, it continues to load until all data has been analyzed for the audited user. +::: + The scoping options allow Access Information Center users to specifying what collected data should be analyzed in order to generate this report. Unlike other filter options, this can impact the diff --git a/docs/accessinformationcenter/11.6/resourceaudit/user/effectiveaccess.md b/docs/accessinformationcenter/11.6/resourceaudit/user/effectiveaccess.md index b4e95d4f9d..0bfac4eeb1 100644 --- a/docs/accessinformationcenter/11.6/resourceaudit/user/effectiveaccess.md +++ b/docs/accessinformationcenter/11.6/resourceaudit/user/effectiveaccess.md @@ -26,9 +26,12 @@ all of the collected data available for all access points. While the report data is a status bar in the upper-right corner of the Reports pane that indicates the data loading progress. After the data has loaded, the number of rows is displayed. -**NOTE:** This report continues to load while other reports are being opened and viewed. As long as +:::note +This report continues to load while other reports are being opened and viewed. As long as the Access Information Center user remains logged into the Access Information Center, it continues to load until all data has been analyzed for the audited user. +::: + The scoping options allow Access Information Center users to specifying what collected data should be analyzed in order to generate this report. Unlike other filter options, this can impact the diff --git a/docs/accessinformationcenter/11.6/resourceaudit/user/memberof_1.md b/docs/accessinformationcenter/11.6/resourceaudit/user/memberof-entra.md similarity index 100% rename from docs/accessinformationcenter/11.6/resourceaudit/user/memberof_1.md rename to docs/accessinformationcenter/11.6/resourceaudit/user/memberof-entra.md diff --git a/docs/accessinformationcenter/11.6/resourceaudit/user/permissions_1.md b/docs/accessinformationcenter/11.6/resourceaudit/user/permissions-entra.md similarity index 100% rename from docs/accessinformationcenter/11.6/resourceaudit/user/permissions_1.md rename to docs/accessinformationcenter/11.6/resourceaudit/user/permissions-entra.md diff --git a/docs/accessinformationcenter/11.6/resourceaudit/user/quickreference.md b/docs/accessinformationcenter/11.6/resourceaudit/user/quickreference.md index 1b4026ac45..535b1cb174 100644 --- a/docs/accessinformationcenter/11.6/resourceaudit/user/quickreference.md +++ b/docs/accessinformationcenter/11.6/resourceaudit/user/quickreference.md @@ -26,7 +26,7 @@ The following reports are available for selection within the User Audit interfac | Report | Description | | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| [Activity Details Report for Entra ID User](/docs/accessinformationcenter/11.6/resourceaudit/user/activitydetails_1.md) | Provides details on every activity event logged by the audited Entra ID user during the selected date range. | -| [Effective Access Report for Entra ID User](/docs/accessinformationcenter/11.6/resourceaudit/user/effectiveaccess_1.md) | Provides insight into every resource the audited Entra ID user has access to and what level of access has been granted. Effective access is a calculation based on several variables according to the type of resource. This report includes a Permission Source table. | -| [Member Of Report for Entra ID User](/docs/accessinformationcenter/11.6/resourceaudit/user/memberof_1.md) | Provides a list of all groups of which the audited Entra ID user is a member. This report includes a Membership Paths table. | -| [Permissions Report for Entra ID User](/docs/accessinformationcenter/11.6/resourceaudit/user/permissions_1.md) | Provides a list of all resources where the audited Entra ID user has been assigned permissions. | +| [Activity Details Report for Entra ID User](/docs/accessinformationcenter/11.6/resourceaudit/user/activitydetails-entra.md) | Provides details on every activity event logged by the audited Entra ID user during the selected date range. | +| [Effective Access Report for Entra ID User](/docs/accessinformationcenter/11.6/resourceaudit/user/effectiveaccess-entra.md) | Provides insight into every resource the audited Entra ID user has access to and what level of access has been granted. Effective access is a calculation based on several variables according to the type of resource. This report includes a Permission Source table. | +| [Member Of Report for Entra ID User](/docs/accessinformationcenter/11.6/resourceaudit/user/memberof-entra.md) | Provides a list of all groups of which the audited Entra ID user is a member. This report includes a Membership Paths table. | +| [Permissions Report for Entra ID User](/docs/accessinformationcenter/11.6/resourceaudit/user/permissions-entra.md) | Provides a list of all resources where the audited Entra ID user has been assigned permissions. | diff --git a/docs/accessinformationcenter/11.6/resourceowners/accessgroups.md b/docs/accessinformationcenter/11.6/resourceowners/accessgroups.md index 2472d63439..39931a8486 100644 --- a/docs/accessinformationcenter/11.6/resourceowners/accessgroups.md +++ b/docs/accessinformationcenter/11.6/resourceowners/accessgroups.md @@ -41,14 +41,20 @@ Documentation Manage group and grant it full control-access. Scan the host with These groups can now be assigned as access groups for managing the Documentation share through the Access Information Center. -_Remember,_ it is a best practice is to create at least two OUs for groups to be managed through the +:::tip +Remember, it is a best practice is to create at least two OUs for groups to be managed through the Access Information Center: a security group OU and a distribution list group OU. See the [Commit Active Directory Changes](/docs/accessinformationcenter/11.6/admin/additionalconfig/commitchanges.md) topic for additional information. +::: -**NOTE:** For SharePoint resources, the access groups must be Active Directory groups, not + +:::note +For SharePoint resources, the access groups must be Active Directory groups, not SharePoint groups. The Access Information Center will not have the necessary permissions to make changes to the SharePoint groups. +::: + Enterprise Auditor jobs that must be run to collect data on new access groups: diff --git a/docs/accessinformationcenter/11.6/resourceowners/confirmation/confirmation.md b/docs/accessinformationcenter/11.6/resourceowners/confirmation/confirmation.md index 427193c08d..6bd12f24d1 100644 --- a/docs/accessinformationcenter/11.6/resourceowners/confirmation/confirmation.md +++ b/docs/accessinformationcenter/11.6/resourceowners/confirmation/confirmation.md @@ -11,10 +11,13 @@ those resources without requiring IT Administrative privileges. In order for thi assigned owner needs to claim that ownership responsibility. Resources that do not have confirmed owners may fall through the cracks. -**NOTE:** This requires the Notification settings to be configured for the Access Information +:::note +This requires the Notification settings to be configured for the Access Information Center. See the [Notifications Page](/docs/accessinformationcenter/11.6/admin/configuration/notifications.md) topic for additional information. +::: + ![Status Column in Resource Owners interface](/img/product_docs/accessinformationcenter/11.6/resourceowners/ownershipconfirmation.webp) @@ -23,10 +26,10 @@ this column to indicate confirmation status: | Icon | Meaning | Description | | ---------------------------------------------------------------------------------------------------------------------------- | --------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| ![Yellow circle with white question mark](/img/product_docs/auditor/10.6/access/reviews/resourceowners/statusnostatus.webp) | No Status | Indicates ownership confirmation has not been requested, and there is no ownership status at this time The exception is if ownership was automatically confirmed with the [Import Owners Wizard](/docs/accessinformationcenter/11.6/resourceowners/interface/import.md). | -| ![Blue circle with white clock face](/img/product_docs/auditor/10.6/access/reviews/resourceowners/statuswaiting.webp) | Waiting | Indicates a request for confirmation has been sent, and you are waiting for a response from the assigned owner. Hover over the icon to view the date timestamp of the request. | -| ![Green circle with white checkmark](/img/product_docs/auditor/10.6/access/reviews/resourceowners/statusconfirmed.webp) | Confirmed | Indicates the assigned owner confirmed ownership of the resource. Hover over the icon to view the date timestamp of the confirmation. | -| ![Red circle with white X](/img/product_docs/auditor/10.6/access/reviews/resourceowners/statusdeclined.webp) | Declined | Indicates the assigned owner declined ownership of the resource. These individuals would have been asked to suggest an alternative owner. Check the Notes for the resource to view this information. Hover over the icon to view the date timestamp of the decline. _Remember,_ a resource with declined ownership needs to be updated to assign a new owner. See the [Update Resource Wizard](/docs/accessinformationcenter/11.6/resourceowners/interface/update.md) topic for additional information. | +| ![Yellow circle with white question mark](/img/product_docs/accessinformationcenter/11.6/resourceowners/statusnostatus.webp) | No Status | Indicates ownership confirmation has not been requested, and there is no ownership status at this time The exception is if ownership was automatically confirmed with the [Import Owners Wizard](/docs/accessinformationcenter/11.6/resourceowners/interface/import.md). | +| ![Blue circle with white clock face](/img/product_docs/accessinformationcenter/11.6/resourceowners/statuswaiting.webp) | Waiting | Indicates a request for confirmation has been sent, and you are waiting for a response from the assigned owner. Hover over the icon to view the date timestamp of the request. | +| ![Green circle with white checkmark](/img/product_docs/accessinformationcenter/11.6/resourceowners/statusconfirmed.webp) | Confirmed | Indicates the assigned owner confirmed ownership of the resource. Hover over the icon to view the date timestamp of the confirmation. | +| ![Red circle with white X](/img/product_docs/accessinformationcenter/11.6/resourceowners/statusdeclined.webp) | Declined | Indicates the assigned owner declined ownership of the resource. These individuals would have been asked to suggest an alternative owner. Check the Notes for the resource to view this information. Hover over the icon to view the date timestamp of the decline. _Remember,_ a resource with declined ownership needs to be updated to assign a new owner. See the [Update Resource Wizard](/docs/accessinformationcenter/11.6/resourceowners/interface/update.md) topic for additional information. | If multiple owners have been assigned, there is a choice for which assigned owner(s) should receive the confirmation. If multiple owners were sent the request, the column remains as a waiting symbol diff --git a/docs/accessinformationcenter/11.6/resourceowners/interface/add.md b/docs/accessinformationcenter/11.6/resourceowners/interface/add.md index 146ea1fc96..8ee5ebd52a 100644 --- a/docs/accessinformationcenter/11.6/resourceowners/interface/add.md +++ b/docs/accessinformationcenter/11.6/resourceowners/interface/add.md @@ -12,22 +12,25 @@ The Add new resource wizard is opened with the **Add** button in the Resource Ow It contains five pages: -- 1. Select Resource — Select the resource or group to be managed by the owner -- 2. Select Owners — Select Owners from Active Directory -- 3. Description — Optionally enter a note describing the resource -- 4. Access Groups — Optionally enable Access Requests and Owner Ad Hoc changes for this resource. +- **1. Select Resource** — Select the resource or group to be managed by the owner +- **2. Select Owners** — Select Owners from Active Directory +- **3. Description** — Optionally enter a note describing the resource +- **4. Access Groups** — Optionally enable Access Requests and Owner Ad Hoc changes for this resource. When File System or SharePoint resources will be managed through the AIC, it is necessary to configure access groups for those resources in the target environment. An access group provides one of the following access levels to a specific resource: Read, Modify, or Full Control. - **NOTE:** This feature requires the Access Information Center is to be configured to commit + :::note + This feature requires the Access Information Center is to be configured to commit changes in Active Directory. Additionally, resource based groups must be set up on the resource. See the [Commit Active Directory Changes](/docs/accessinformationcenter/11.6/admin/additionalconfig/commitchanges.md) topic for additional information. + ::: -- 5. Summary — This page provides a preview of the settings selected within the wizard + +- **5. Summary** — This page provides a preview of the settings selected within the wizard See the [Add a Resource](#add-a-resource) topic for additional information. @@ -80,7 +83,7 @@ the owners: **Step 5 –** On the Description page, optionally add a description for the resource in the textbox. Then click **Next**. -![Add new resource wizard showing 4. Access Groups page](/img/product_docs/accessinformationcenter/11.6/resourceowners/wizard/accessgroups.webp) +![Add new resource wizard showing 4. Access Groups page](/img/product_docs/accessinformationcenter/11.6/resourceowners/wizard/accessgroups_1.webp) **Step 6 –** On the Access Groups page, optionally enable Access Requests and Owner Ad Hoc changes for this resource: diff --git a/docs/accessinformationcenter/11.6/resourceowners/interface/addowner.md b/docs/accessinformationcenter/11.6/resourceowners/interface/addowner.md index 2486cac706..f02da90d7c 100644 --- a/docs/accessinformationcenter/11.6/resourceowners/interface/addowner.md +++ b/docs/accessinformationcenter/11.6/resourceowners/interface/addowner.md @@ -37,12 +37,15 @@ Probable owners are calculated from the available data: - Common Managers – Calculated by looking at the Manager property for the users within the selected group -**NOTE:** The Probable Owner categories may or may not be populated with options. For File System or +:::note +The Probable Owner categories may or may not be populated with options. For File System or SharePoint resources, it depends on content and activity data which has been collected by Enterprise Auditor. If no content or activity information exists, no owner will be recommended. For Active Directory resources, it depends on the Managed By property for groups and the Manager property for users to be set within Active Directory. If these properties are blank, no owner will be recommended. +::: + Select the desired owner from the list and click **OK**. The Add Owner window closes and the selected user appears in the Owner list. diff --git a/docs/accessinformationcenter/11.6/resourceowners/interface/import.md b/docs/accessinformationcenter/11.6/resourceowners/interface/import.md index 9059a4cfff..d7d21a12c7 100644 --- a/docs/accessinformationcenter/11.6/resourceowners/interface/import.md +++ b/docs/accessinformationcenter/11.6/resourceowners/interface/import.md @@ -12,10 +12,10 @@ The Import Owners wizard is opened with the **Import** button in the Resource Ow It contains two pages: -- 1. Select File — Select the CSV file with the resource or group to be managed through the Access +- **1. Select File** — Select the CSV file with the resource or group to be managed through the Access Information Center and the assigned owner. A preview of the selected file displays on this page. -- 2. Options — Provides the option for marking all imported resources as having confirmed +- **2. Options** — Provides the option for marking all imported resources as having confirmed ownership. If the CSV file only contains Groups, you can additionally select to enable Access Requests and Owner Ad Hoc changes for them. @@ -26,34 +26,25 @@ The CSV file should list one resource per row using the following format: ![Example CSV File showing file system, SharePoint, and group resource formats](/img/product_docs/accessinformationcenter/11.6/resourceowners/wizard/csvfileformat.webp) - Resource Formats: - - File System Resources – Resource path should be the UNC path to the share or folder. - - \\ExampleServer\ExampleShare,ExampleDomain\ExampleOwner - + `\\ExampleServer\ExampleShare,ExampleDomain\ExampleOwner` - SharePoint Resources – Resource path should be the URL to the site resource. - - http://ExampleFarm/ExampleSiteCollection/ExampleSite,ExampleDomain\ExampleOwner - - - Groups – Resource path should be the NTAccount [DOMAIN\NAME] for the group or distribution - list - - ExampleDomain\ExampleGroup,ExampleDomain\ExampleOwner - + `http://ExampleFarm/ExampleSiteCollection/ExampleSite,ExampleDomain\ExampleOwner` +- Groups – Resource path should be the NTAccount [DOMAIN\NAME] for the group or distribution list + `ExampleDomain\ExampleGroup,ExampleDomain\ExampleOwner` - Multiple owners can be added, separated by a semicolon (;) + `ExampleDomain\ExampleGroup,ExampleDomain\ExampleOwner1;ExampleDomain\ExampleOwner2` +- *(Optional)* A description for the resource can be added after the last owner + `ExampleDomain\ExampleGroup,ExampleDomain\ExampleOwner1;ExampleDomain\ExampleOwner2,Security group for access to the Example share` - ExampleDomain\ExampleGroup,ExampleDomain\ExampleOwner1;ExampleDomain\ExampleOwner2 - -- _(Optional)_ A description for the resource can be added after the last owner - - ExampleDomain\ExampleGroup,ExampleDomain\ExampleOwner1;ExampleDomain\ExampleOwner2,Security - group for access to the Example share - -_Remember,_ if the CSV file contains resources other than just Groups, this method only imports +:::tip +Remember, if the CSV file contains resources other than just Groups, this method only imports resources with owners. It will be necessary to update each resource to enable Access Requests and Owner Ad Hoc changes. See the [Update Resource Wizard](/docs/accessinformationcenter/11.6/resourceowners/interface/update.md) topic for additional information. +::: + See the [Import Owners](#import-owners) topic for additional information. @@ -75,10 +66,13 @@ click **Open**. whether or not there is a problem (invalid resource or owner). Ensure all resources in the table have a green tick icon in the Status column, and click **Next** to continue with the import. -**NOTE:** If a problem is indicated, additional information is displayed by hovering over the red +:::note +If a problem is indicated, additional information is displayed by hovering over the red exclamation icon. You can not continue with the import if any row contains an invalid resource or owner. To remove a resource from the table, select the row and click **Remove**. The row is removed from the table. +::: + ![Import Owners wizard 2. Options page](/img/product_docs/accessinformationcenter/11.6/resourceowners/wizard/options.webp) diff --git a/docs/accessinformationcenter/11.6/resourceowners/interface/update.md b/docs/accessinformationcenter/11.6/resourceowners/interface/update.md index f6aa5e48b8..9be681803f 100644 --- a/docs/accessinformationcenter/11.6/resourceowners/interface/update.md +++ b/docs/accessinformationcenter/11.6/resourceowners/interface/update.md @@ -12,22 +12,25 @@ The Update resource wizard is opened with the **Update** button in the Resource It contains four pages: -- 1. Select Owners — Lists the current owner(s). Modify by adding new owners, removing owners, or +- **1. Select Owners** — Lists the current owner(s). Modify by adding new owners, removing owners, or changing owner priority order (primary, secondary, etc.) -- 2. Description — Enter or modify a note describing the resource -- 3. Access Groups — Enable or disable Access Requests and Owner Ad Hoc changes for this resource. +- **2. Description** — Enter or modify a note describing the resource +- **3. Access Groups** — Enable or disable Access Requests and Owner Ad Hoc changes for this resource. When File System or SharePoint resources will be managed through the AIC, it is necessary to configure access groups for those resources in the target environment. An access group provides one of the following access levels to a specific resource: Read, Modify, or Full Control. - **NOTE:** This feature requires the Access Information Center is to be configured to commit + :::note + This feature requires the Access Information Center is to be configured to commit changes in Active Directory. Additionally, resource based groups must be set up on the resource. See the [Commit Active Directory Changes](/docs/accessinformationcenter/11.6/admin/additionalconfig/commitchanges.md) topic for additional information. + ::: -- 4. Summary — Provides a preview of the settings selected within the wizard + +- **4. Summary** — Provides a preview of the settings selected within the wizard See the [Update a Resource](#update-a-resource) topic for additional information. @@ -49,8 +52,11 @@ click **Next** to continue. - Remove an owner — Select an owner and click **Remove** - Change owner priority — Select an owner and use the arrow buttons to change the order -_Remember,_ the first owner in the list is the primary owner. The table has several columns with +:::tip +Remember, the first owner in the list is the primary owner. The table has several columns with information on the owners: +::: + - Owner Name — Name of the assigned owner - Owner Account — sAMAccountName associated with the owner, as read from Active Directory @@ -77,7 +83,8 @@ Requests or Owner Ad Hoc changes. Modify as desired and click **Next** to contin - Allow owners to change access — Enable/Disable the owner to make ad hoc access changes for this resource -**NOTE:** File System and SharePoint resources must have resource based groups configured for each +:::note +File System and SharePoint resources must have resource based groups configured for each level of access: Read, Modify, and Full Control. If either option is selected for this resource, it is necessary to set a group for at least one access level. Select the desired access level and click **Change**. The Select Group Window opens. Select the desired group and click **OK**. The Select @@ -85,6 +92,8 @@ Group window closes and the group appears in the table. Repeat this step for eac desired. See the [Select Group Window](/docs/accessinformationcenter/11.6/resourceowners/interface/selectgroup.md) topic for additional information. +::: + ![Update resource wizard showing 4. Summary page](/img/product_docs/accessinformationcenter/11.6/resourceowners/wizard/summary.webp) diff --git a/docs/accessinformationcenter/11.6/resourceowners/overview.md b/docs/accessinformationcenter/11.6/resourceowners/overview.md index 2926e597c1..4bc7531c0c 100644 --- a/docs/accessinformationcenter/11.6/resourceowners/overview.md +++ b/docs/accessinformationcenter/11.6/resourceowners/overview.md @@ -16,12 +16,18 @@ Requests workflows must first be assigned owners within the Resource Owners inte Information Center must be configured to commit changes in Active Directory in order for Owners to make ad hoc changes to access. It is also required for the Self-Service Access Requests workflow. -**_RECOMMENDED:_** The Access Information Center is configured to send Notifications. +:::info +The Access Information Center is configured to send Notifications. +::: -_Remember,_ for the purposes of the Access Information Center, a “resource” refers to the file + +:::tip +Remember, for the purposes of the Access Information Center, a “resource” refers to the file system shared folders, SharePoint sites, Active Directory (AD) groups, AD distribution lists, and/or local Administrators groups. All data available within the Access Information Center is collected by Netwrix Enterprise Auditor according to the targeted environments. +::: + “Owners” are the users who are responsible for reviewing access to the resources to which they are assigned. The Access Information Center provides the means to assign resource owners manually or @@ -37,22 +43,25 @@ the Home page. See the [Owner Portal Overview](/docs/accessinformationcenter/11.6/owneroverview/ownerportal/overview.md) topic for additional information. -Who Can Assign Ownership (Ownership Administrators)? +**Who Can Assign Ownership (Ownership Administrators)?** - Console Users with Administrator role - Can complete the Review Administrator's approval process without impacting the visibility into the review created by a Review Administrator with the Security Team role - **CAUTION:** Visibility into a review created by a Review Administrator with the Security + :::warning + Visibility into a review created by a Review Administrator with the Security Team role is blocked if a Review Administrator with the Administrator role starts a new instance. + ::: + - Console Users with Security Team role - Visibility into only those reviews personally created -What Can Resource Owners Do? +**What Can Resource Owners Do?** - View reports on their resources - Perform a resource review (when there is a pending review) @@ -61,9 +70,12 @@ What Can Resource Owners Do? - View historical access request information - Make ad hoc changes to resource access/membership (when this feature is enabled) -**NOTE:** The Sensitive Data content within reports and reviews is visible to all users and roles. +:::note +The Sensitive Data content within reports and reviews is visible to all users and roles. The Matches table in the report will only be populated for Console User with Security Team and Administrator roles. +::: + See the [Resource Owners Interface](/docs/accessinformationcenter/11.6/resourceowners/interface/interface.md) @@ -78,9 +90,12 @@ Prerequisites: [Notifications Page](/docs/accessinformationcenter/11.6/admin/configuration/notifications.md) topic for additional information. - **NOTE:** By default, the application is configured to send notifications only to the primary + :::note + By default, the application is configured to send notifications only to the primary owner. However, this can be customized on the Configuration > Notifications page to send notifications to all assigned owners. + ::: + - Optional: Access Information Center configured to commit AD changes - Owners assigned to resources must have: @@ -97,8 +112,11 @@ Prerequisites: Workflow: -**NOTE:** This workflow is not numbered because the Notification piece can occur at any time in the +:::note +This workflow is not numbered because the Notification piece can occur at any time in the workflow. +::: + - Add resources to be managed by associating a business data owner with a resource. - See the diff --git a/docs/accessinformationcenter/11.6/resourcereviews/approvalprocess/approvalprocess.md b/docs/accessinformationcenter/11.6/resourcereviews/approvalprocess/approvalprocess.md index f2a2c76785..c091e4a5f2 100644 --- a/docs/accessinformationcenter/11.6/resourcereviews/approvalprocess/approvalprocess.md +++ b/docs/accessinformationcenter/11.6/resourcereviews/approvalprocess/approvalprocess.md @@ -22,9 +22,12 @@ See the [Model Changes in the AIC](/docs/accessinformationcenter/11.6/resourceaudit/changemodeling/model.md) topic for additional information. -**CAUTION:** If the Access Information Center has been configured to commit changes to Active +:::warning +If the Access Information Center has been configured to commit changes to Active Directory and the automation prerequisites have been met for this type of review, this change will be committed when the review is complete. +::: + If the Access Information Center automatically commits the approved change, it is immediately visible in Access Information Center reports. It is not necessary to rescan with Netwrix Enterprise @@ -40,9 +43,12 @@ for instructions on how to approve, decline, or defer all owner-recommended chan Follow the steps to perform a granular review of a resource owner's recommended changes. -**CAUTION:** If the Access Information Center has been configured to commit changes to Active +:::warning +If the Access Information Center has been configured to commit changes to Active Directory and the automation prerequisites have been met for this type of review, this change will be committed when the review is complete. +::: + **Step 1 –** On the Manage Reviews page, select a review and click **View Details**. The Review Details page opens. @@ -52,10 +58,13 @@ Details page opens. **Step 2 –** Select a resource in the list and click **View Responses**. The View Responses window opens. -_Remember,_ the **Resource Audit** button opens the Resource Audit interface filtered to that +:::tip +Remember, the **Resource Audit** button opens the Resource Audit interface filtered to that resource's reports. This is where you can conduct change modeling. +::: + -![viewresponses](/img/product_docs/auditor/10.6/access/reviews/entitlementreviews/viewresponses.webp) +![viewresponses](/img/product_docs/accessinformationcenter/11.6/resourcereviews/viewresponses.webp) **Step 3 –** By default, the table displays only the recommended changes. Select an item and click the desired action button: Accept, Decline, or Defer. The Approval column icon updates. See the @@ -87,9 +96,12 @@ The review remains marked as Completed until the next instance is started. Follow the steps to perform a batch processing of a resource owner's recommended changes. -**CAUTION:** If the Access Information Center has been configured to commit changes to Active +:::warning +If the Access Information Center has been configured to commit changes to Active Directory and the automation prerequisites have been met for this type of review, this change will be committed when the review is complete. +::: + **Step 1 –** On the Manage Reviews page, select a review and click **View Details**. The Review Details page opens. @@ -100,13 +112,19 @@ Details page opens. also select multiple resources in the list to be processed at once using the **Ctrl** and **Shift** key and click combinations. -_Remember,_ the **Resource Audit** button opens the Resource Audit interface filtered to that +:::tip +Remember, the **Resource Audit** button opens the Resource Audit interface filtered to that resource's reports. This is where you can conduct change modeling. +::: + **Step 3 –** Select the desired action for all recommended changes: Accept, Decline, or Defer. -_Remember,_ all recommended changes for the selected resource will be processed with the same +:::tip +Remember, all recommended changes for the selected resource will be processed with the same resolution. +::: + **Step 4 –** Repeat Steps 2-3 for each resource included in the review. diff --git a/docs/accessinformationcenter/11.6/resourcereviews/approvalprocess/removechanges.md b/docs/accessinformationcenter/11.6/resourcereviews/approvalprocess/removechanges.md index 920ab0a7db..bae0f55e6b 100644 --- a/docs/accessinformationcenter/11.6/resourcereviews/approvalprocess/removechanges.md +++ b/docs/accessinformationcenter/11.6/resourcereviews/approvalprocess/removechanges.md @@ -9,10 +9,13 @@ sidebar_position: 20 Select the desired resource on a Review Details page and click **Remove Changes**. The Remove changes window opens to confirm the action. -![Remove changes window](/img/product_docs/auditor/10.6/access/general/removechanges.webp) +![Remove changes window](/img/product_docs/accessinformationcenter/11.6/general/removechanges.webp) -**CAUTION:** This will clear all owner-recommended changes and notes for the resource. The owner +:::warning +This will clear all owner-recommended changes and notes for the resource. The owner will be required to complete the review again. +::: + Click Yes to clear owner-recommended changes. Click No to cancel it. The Remove changes window closes. diff --git a/docs/accessinformationcenter/11.6/resourcereviews/create/create.md b/docs/accessinformationcenter/11.6/resourcereviews/create/create.md index 1576c6bae1..35f7e82dcd 100644 --- a/docs/accessinformationcenter/11.6/resourcereviews/create/create.md +++ b/docs/accessinformationcenter/11.6/resourcereviews/create/create.md @@ -15,7 +15,7 @@ topic for additional information. It contains four pages: -- 1. Review Type +- **1. Review Type** - Review Name — Visible only to Review Administrators - Select the type of review to be created: @@ -26,25 +26,31 @@ It contains four pages: - Sensitive Data – Review files containing potentially sensitive data stored within resources - **NOTE:** The Sensitive Data content within reports and reviews is visible to all users + :::note + The Sensitive Data content within reports and reviews is visible to all users and roles. The Matches table in the report will only be populated for Console User with Security Team and Administrator roles. + ::: + - Select whether to notify the review creator when the resources have been reviewed - For Access and Permissions reviews, indicate whether or not child resources with permission changes will be included. - **NOTE:** This typically occurs due to broken inheritance and permissions being explicitly + :::note + This typically occurs due to broken inheritance and permissions being explicitly set. This option allows the entire resource hierarchy to be reviewed where permissions have been changed. It is not applicable to Membership and Sensitive Data reviews. + ::: + - For Sensitive Data reviews, select if child resources that contain sensitive content should be included. -- 2. Criteria — Only applies to Sensitive Data reviews. Select the type of sensitive criteria to +- **2. Criteria** — Only applies to Sensitive Data reviews. Select the type of sensitive criteria to be reviewed. -- 3. Resources — Select resources to be included in the review -- 4. Summary — Preview of the review selections +- **3. Resources** — Select resources to be included in the review +- **4. Summary** — Preview of the review selections See the [Create a Review](#create-a-review) topic for additional information. @@ -74,8 +80,11 @@ Follow the steps to create a review. [Resource Reviewed Email](/docs/accessinformationcenter/11.6/resourcereviews/approvalprocess/resourcereviewed.md) topic for additional information. - **NOTE:** This option is not available for the Builtin Administrator account as it has no email + :::note + This option is not available for the Builtin Administrator account as it has no email to receive notifications. + ::: + - Include children with permission changes — When checked, this option automatically includes any child folders and resources in the review that have different permissions than the selected @@ -83,8 +92,11 @@ Follow the steps to create a review. - Include children with sensitive content — When checked, this option automatically includes any child folders and resources in the review that contain sensitive content. -**NOTE:** If creating a Sensitive Data review, continue to Step 3. For all other review types, skip +:::note +If creating a Sensitive Data review, continue to Step 3. For all other review types, skip to Step 5. +::: + ![Create Review wizard Criteria page](/img/product_docs/accessinformationcenter/11.6/resourcereviews/wizard/criteria.webp) @@ -94,17 +106,23 @@ together by using the **Ctrl** or **Shift** key with mouse click combinations. T is added to the Selected Criteria list. Repeat this until you have all required criteria selected. To remove a criteria, select it in the Selected Criteria list and click **Remove**. -**NOTE:** The sensitive data criteria listed is limited to what is configured to be collected by the +:::note +The sensitive data criteria listed is limited to what is configured to be collected by the Netwrix Enterprise Auditor data collection scans. +::: + **Step 4 –** Optionally check the **Reviewers are able to see the sensitive data match if available** option to allow the owner with Console Access roles of Security Team or Administrator to view potentially sensitive data within the review. Click **Next** to continue. -**CAUTION:** If this option is checked, but the data has not been collected with matches stored by +:::warning +If this option is checked, but the data has not been collected with matches stored by Netwrix Enterprise Auditor for all of the resources selected in Step 5, the One or more resources selected have not been scanned error occurs. The Create Review wizard will not allow the review to be created until those resources have been removed or the option unchecked. +::: + ![Create Review wizard Resources page](/img/product_docs/accessinformationcenter/11.6/resourcereviews/wizard/resources.webp) diff --git a/docs/accessinformationcenter/11.6/resourcereviews/create/reviewinstances.md b/docs/accessinformationcenter/11.6/resourcereviews/create/reviewinstances.md index 7a4ea56bb2..d0e63123c5 100644 --- a/docs/accessinformationcenter/11.6/resourcereviews/create/reviewinstances.md +++ b/docs/accessinformationcenter/11.6/resourcereviews/create/reviewinstances.md @@ -9,8 +9,11 @@ sidebar_position: 10 After a review has been completed, it can be run again, which creates multiple instances of the review. Each instance is identified by date timestamps indicating its start and end times. -**_RECOMMENDED:_** Prior to running another review instance, ensure the most up to date information +:::info +Prior to running another review instance, ensure the most up to date information is available to owners for review. +::: + ![Manage Reviews page with completed review selected](/img/product_docs/accessinformationcenter/11.6/resourcereviews/interfacerunagain.webp) diff --git a/docs/accessinformationcenter/11.6/resourcereviews/edit.md b/docs/accessinformationcenter/11.6/resourcereviews/edit.md index abfb995577..9d66deeb65 100644 --- a/docs/accessinformationcenter/11.6/resourcereviews/edit.md +++ b/docs/accessinformationcenter/11.6/resourcereviews/edit.md @@ -10,16 +10,16 @@ The Edit Review wizard is opened with the **Edit** button on the Resource Review [Manage Reviews Page](/docs/accessinformationcenter/11.6/resourcereviews/interface/interface.md#manage-reviews-page) topic for additional information. -![Edit Review wizard](/img/product_docs/accessinformationcenter/11.6/resourcereviews/wizard/reviewtype.webp) +![Edit Review wizard](/img/product_docs/accessinformationcenter/11.6/resourcereviews/wizard/reviewtype_1.webp) It contains four pages: -- 1. Review Type — Select whether to notify the review creator when the resources have been +- **1. Review Type** — Select whether to notify the review creator when the resources have been reviewed. The review type and name cannot be changed. -- 2. Criteria — Only applies to Sensitive Data reviews. Update the sensitive criteria to be +- **2. Criteria** — Only applies to Sensitive Data reviews. Update the sensitive criteria to be reviewed. -- 3. Resources — Modify the list of resources included in the review -- 4. Summary — Preview of the review selections +- **3. Resources** — Modify the list of resources included in the review +- **4. Summary** — Preview of the review selections See the [Edit a Review](#edit-a-review) topic for additional information. @@ -29,7 +29,7 @@ Follow the steps to edit an active review. **Step 1 –** On the Manage Reviews page, click **Edit**. The Edit Review wizard opens. -![Edit Review wizard Review Type page](/img/product_docs/accessinformationcenter/11.6/resourcereviews/wizard/reviewtype.webp) +![Edit Review wizard Review Type page](/img/product_docs/accessinformationcenter/11.6/resourcereviews/wizard/reviewtype_1.webp) **Step 2 –** On the Review Type page, configure the notify review creator option as required. The Review Name and type are shown on the page but can not be edited. For Permissions, Access, and @@ -42,8 +42,11 @@ edited. [Resource Reviewed Email](/docs/accessinformationcenter/11.6/resourcereviews/approvalprocess/resourcereviewed.md) topic for additional information. -**NOTE:** If creating a Sensitive Data review, continue to Step 3. For all other review types, skip +:::note +If creating a Sensitive Data review, continue to Step 3. For all other review types, skip to Step 5. +::: + ![Edit Review wizard Criteria page](/img/product_docs/accessinformationcenter/11.6/resourcereviews/wizard/criteria_1.webp) @@ -57,24 +60,33 @@ more resources have already been submitted you can not add or remove criteria. - To remove a criteria, select the criteria in the Selected Criteria list on the right and click **Remove** -**NOTE:** The sensitive data criteria listed is limited to what is configured to be collected by the +:::note +The sensitive data criteria listed is limited to what is configured to be collected by the Netwrix Enterprise Auditor data collection scans. +::: + **Step 4 –** Optionally edit the selection of the **Reviewers are able to see the sensitive data match if available** option to allow the owner with Console Access roles of Security Team or Administrator to view potentially sensitive data within the review. Click **Next** to continue. -**CAUTION:** If this option is checked, but the data has not been collected with matches stored by +:::warning +If this option is checked, but the data has not been collected with matches stored by Netwrix Enterprise Auditor for all of the resources selected in Step 5, the “One or more resources selected have not been scanned” error occurs. The Create Review wizard will not allow the review to be created until those resources have been removed or the option unchecked. +::: + ![Edit Review wizard Resources page](/img/product_docs/accessinformationcenter/11.6/resourcereviews/wizard/resources_1.webp) **Step 5 –** On the Resources page, modify the list of resources to be included in the review. -**NOTE:** If the include child resources option was enabled during the review creation, then adding +:::note +If the include child resources option was enabled during the review creation, then adding or removing parent resources from the review also adds or removes their children. +::: + - The table displays the following information: diff --git a/docs/accessinformationcenter/11.6/resourcereviews/interface/deletereview.md b/docs/accessinformationcenter/11.6/resourcereviews/interface/deletereview.md index e78091d87a..dd6df1f4e2 100644 --- a/docs/accessinformationcenter/11.6/resourcereviews/interface/deletereview.md +++ b/docs/accessinformationcenter/11.6/resourcereviews/interface/deletereview.md @@ -22,10 +22,13 @@ of the Resource Reviews interface: Select the desired review on the Manage Reviews page and click **Delete**. The Delete Review window opens to confirm the action. -![Delete Review window](/img/product_docs/auditor/10.6/access/reviews/entitlementreviews/window/deletereviewentire.webp) +![Delete Review window](/img/product_docs/accessinformationcenter/11.6/resourcereviews/window/deletereviewentire.webp) -**CAUTION:** This will delete all instances of the selected review and all historical data +:::warning +This will delete all instances of the selected review and all historical data associated with it. +::: + Click **Yes** to complete the deletion. Click **No** to cancel it. The Delete Review window closes. @@ -34,8 +37,11 @@ Click **Yes** to complete the deletion. Click **No** to cancel it. The Delete Re Select the desired review instance from the drop-down menu on the Review Details page and click **Delete**. The Delete Review window opens to confirm the action. -![Delete Review window](/img/product_docs/auditor/10.6/access/reviews/entitlementreviews/window/deletereviewinstance.webp) +![Delete Review window](/img/product_docs/accessinformationcenter/11.6/resourcereviews/window/deletereviewinstance.webp) + +:::warning +This will delete all historical data associated to the selected review instance. +::: -**CAUTION:** This will delete all historical data associated to the selected review instance. Click **Yes** to complete the deletion. Click **No** to cancel it. The Delete Review window closes. diff --git a/docs/accessinformationcenter/11.6/resourcereviews/interface/interface.md b/docs/accessinformationcenter/11.6/resourcereviews/interface/interface.md index 37b24cbb3f..e6634a2a43 100644 --- a/docs/accessinformationcenter/11.6/resourcereviews/interface/interface.md +++ b/docs/accessinformationcenter/11.6/resourcereviews/interface/interface.md @@ -73,15 +73,16 @@ The buttons at the bottom enable you to conduct the following actions: | Button | Description | | -------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Create | Launches the Create Review wizard for creating a new review. See the [Create Review Wizard](/docs/accessinformationcenter/11.6/resourcereviews/create/create.md) topic for additional information. | -| Rename | Opens the Rename Review window for modifying the review name. See the [Rename Review Window](/docs/accessinformationcenter/11.6/resourcereviews/interface/renamereview.md) topic for additional information. | -| Edit | Opens the Edit Review wizard for the selected review. This allows you to edit some options for an in progress review. See the [Edit Review Wizard](/docs/accessinformationcenter/11.6/resourcereviews/edit.md) for additional information. | -| Delete | Opens the Delete Review window to delete review and its instance history, which asks for confirmation of the action. See the [Delete Review Window](/docs/accessinformationcenter/11.6/resourcereviews/interface/deletereview.md) topic for additional information. | -| Stop | Opens the Stop Review window, which asks for confirmation of the action. See the [Stop Review Window](/docs/accessinformationcenter/11.6/resourcereviews/interface/stopreview.md) topic for additional information. | -| Mark Completed | Closes the selected review as-is and marks it as completed. Requires the owner(s) to have responded. **CAUTION:** No confirmation is requested for this action. | -| Run Again | Opens the Create Review wizard for the selected review without the option to change the review type. Modify as desired and relaunch the review. See the [Review Instances](/docs/accessinformationcenter/11.6/resourcereviews/create/reviewinstances.md) topic for additional information. | +| Create | Launches the Create Review wizard for creating a new review. See the [Create Review Wizard](/docs/accessinformationcenter/11.6/resourcereviews/create/create.md) topic for additional information. | +| Rename | Opens the Rename Review window for modifying the review name. See the [Rename Review Window](/docs/accessinformationcenter/11.6/resourcereviews/interface/renamereview.md) topic for additional information. | +| Edit | Opens the Edit Review wizard for the selected review. This allows you to edit some options for an in progress review. See the [Edit Review Wizard](/docs/accessinformationcenter/11.6/resourcereviews/edit.md) for additional information. | +| Delete | Opens the Delete Review window to delete review and its instance history, which asks for confirmation of the action. See the [Delete Review Window](/docs/accessinformationcenter/11.6/resourcereviews/interface/deletereview.md) topic for additional information. | +| Stop | Opens the Stop Review window, which asks for confirmation of the action. See the [Stop Review Window](/docs/accessinformationcenter/11.6/resourcereviews/interface/stopreview.md) topic for additional information. | +| Mark Completed | Closes the selected review as-is and marks it as completed. Requires the owner(s) to have responded.
**CAUTION:** No confirmation is requested for this action. | +| Run Again | Opens the Create Review wizard for the selected review without the option to change the review type. Modify as desired and relaunch the review. See the [Review Instances](/docs/accessinformationcenter/11.6/resourcereviews/create/reviewinstances.md) topic for additional information. | | View Details | Opens the Review Details page for the selected review. See the [Review Details Page](#review-details-page) topic for additional information. | -| Send Reminders | Sends a notification email to the assigned owner(s), reminding of the pending review. Opens the Send Reminders window, which indicates an action status. See the [Send Reminders Window](/docs/accessinformationcenter/11.6/resourcereviews/interface/sendreminders.md) topic for additional information. | +| Send Reminders | Sends a notification email to the assigned owner(s), reminding of the pending review. Opens the Send Reminders window, which indicates an action status. See the [Send Reminders Window](/docs/accessinformationcenter/11.6/resourcereviews/interface/sendreminders.md) topic for additional information. | + ## Review Details Page @@ -134,13 +135,14 @@ The buttons at the top and bottom enable you to conduct the following actions: ![Action buttons on the Review Details page](/img/product_docs/accessinformationcenter/11.6/resourcereviews/reviewdetailsbuttons.webp) -| Button | Description | -| --------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Delete | Opens the Delete Review window to delete selected review instance, which asks for confirmation of the action. See the [Delete Review Window](/docs/accessinformationcenter/11.6/resourcereviews/interface/deletereview.md) topic for additional information. | -| Export Excel | Exports the selected review instance information to an Excel spreadsheet. This automatically downloads the spreadsheet. See the [Data Grid Features](/docs/accessinformationcenter/11.6/admin/navigate/datagrid.md) topic for additional information. | -| Export CSV | Exports the selected review instance information to a CSV file. This automatically downloads the file. See the [Data Grid Features](/docs/accessinformationcenter/11.6/admin/navigate/datagrid.md) topic for additional information. | -| Edit Notes | Opens the Edit Notes window for the selected resource and allows free-text editing of the notes. See the [Edit Notes Window](/docs/accessinformationcenter/11.6/admin/navigate/editnotes.md) topic for additional information. | -| View Responses | Opens the View Responses window, which is only available if the owner has recommended changes for the resource. This window displays all recommended changes, notes provided by the owner for the recommended change, and action buttons to Accept, Decline, or Defer the recommended change. See the [View Responses Window](/docs/accessinformationcenter/11.6/resourcereviews/interface/viewresponses.md) topic for additional information. | -| Process Changes | Opens a drop-down menu to Accept, Decline, or Defer all owner-recommended changes for the selected resource. This option allows the Review Administrator to process responses in batches, so all owner-recommended changes for the selected resource will be processed with the same action. **CAUTION:** If the Access Information Center has been configured to commit changes to Active Directory and the automation prerequisites have been met for this type of review, selecting Accept will commit the requested changes. | -| Remove Changes | Opens the Remove changes window. Clears all requested changes for the selected resource. The resource is returned to a ‘Waiting’ status, requiring the owner to review the resource again. See the [Remove Changes Window](/docs/accessinformationcenter/11.6/resourcereviews/approvalprocess/removechanges.md) topic for additional information. | -| Resource Audit | Opens the Resource Audit interface for the selected resource. See the [Resource Audit Overview](/docs/accessinformationcenter/11.6/resourceaudit/overview.md) topic for additional information. | +| Button | Description | +| --------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Delete | Opens the Delete Review window to delete selected review instance, which asks for confirmation of the action. See the [Delete Review Window](/docs/accessinformationcenter/11.6/resourcereviews/interface/deletereview.md) topic for additional information. | +| Export Excel | Exports the selected review instance information to an Excel spreadsheet. This automatically downloads the spreadsheet. See the [Data Grid Features](/docs/accessinformationcenter/11.6/admin/navigate/datagrid.md) topic for additional information. | +| Export CSV | Exports the selected review instance information to a CSV file. This automatically downloads the file. See the [Data Grid Features](/docs/accessinformationcenter/11.6/admin/navigate/datagrid.md) topic for additional information. | +| Edit Notes | Opens the Edit Notes window for the selected resource and allows free-text editing of the notes. See the [Edit Notes Window](/docs/accessinformationcenter/11.6/admin/navigate/editnotes.md) topic for additional information. | +| View Responses | Opens the View Responses window, which is only available if the owner has recommended changes for the resource. This window displays all recommended changes, notes provided by the owner for the recommended change, and action buttons to Accept, Decline, or Defer the recommended change. See the [View Responses Window](/docs/accessinformationcenter/11.6/resourcereviews/interface/viewresponses.md) topic for additional information. | +| Process Changes | Opens a drop-down menu to Accept, Decline, or Defer all owner-recommended changes for the selected resource. This option allows the Review Administrator to process responses in batches, so all owner-recommended changes for the selected resource will be processed with the same action.
**CAUTION:** If the Access Information Center has been configured to commit changes to Active Directory and the automation prerequisites have been met for this type of review, selecting Accept will commit the requested changes. | +| Remove Changes | Opens the Remove changes window. Clears all requested changes for the selected resource. The resource is returned to a ‘Waiting’ status, requiring the owner to review the resource again. See the [Remove Changes Window](/docs/accessinformationcenter/11.6/resourcereviews/approvalprocess/removechanges.md) topic for additional information. | +| Resource Audit | Opens the Resource Audit interface for the selected resource. See the [Resource Audit Overview](/docs/accessinformationcenter/11.6/resourceaudit/overview.md) topic for additional information. | + diff --git a/docs/accessinformationcenter/11.6/resourcereviews/interface/renamereview.md b/docs/accessinformationcenter/11.6/resourcereviews/interface/renamereview.md index 5189a398fc..e42d30baf6 100644 --- a/docs/accessinformationcenter/11.6/resourcereviews/interface/renamereview.md +++ b/docs/accessinformationcenter/11.6/resourcereviews/interface/renamereview.md @@ -12,7 +12,7 @@ of the Resource Reviews interface. Follow the steps to rename a review. **Step 1 –** Select the review and click **Rename**. The Rename Review window opens. -![Rename Review window](/img/product_docs/auditor/10.6/access/reviews/entitlementreviews/window/renamereview.webp) +![Rename Review window](/img/product_docs/accessinformationcenter/11.6/resourcereviews/window/renamereview.webp) **Step 2 –** Edit the review name in the textbox. diff --git a/docs/accessinformationcenter/11.6/resourcereviews/interface/selectedresources.md b/docs/accessinformationcenter/11.6/resourcereviews/interface/selectedresources.md index f2f547553e..0d0fdd4383 100644 --- a/docs/accessinformationcenter/11.6/resourcereviews/interface/selectedresources.md +++ b/docs/accessinformationcenter/11.6/resourcereviews/interface/selectedresources.md @@ -9,7 +9,7 @@ sidebar_position: 30 The Selected Resources window opens from the **View Selections** button in the [Create Review Wizard](/docs/accessinformationcenter/11.6/resourcereviews/create/create.md). -![Selected Resources windwo](/img/product_docs/auditor/10.6/access/reviews/entitlementreviews/window/selectedresources.webp) +![Selected Resources windwo](/img/product_docs/accessinformationcenter/11.6/resourcereviews/window/selectedresources.webp) The table displays: diff --git a/docs/accessinformationcenter/11.6/resourcereviews/interface/sendreminders.md b/docs/accessinformationcenter/11.6/resourcereviews/interface/sendreminders.md index e3e2a92db0..954ce965f2 100644 --- a/docs/accessinformationcenter/11.6/resourcereviews/interface/sendreminders.md +++ b/docs/accessinformationcenter/11.6/resourcereviews/interface/sendreminders.md @@ -12,11 +12,13 @@ of the Resource Reviews interface. Select the desired active review(s) and click to send immediate reminder notifications. The Send Reminders window opens to display an action status. -![Send Reminders window](/img/product_docs/auditor/10.6/access/reviews/entitlementreviews/window/sendreminders.webp) +![Send Reminders window](/img/product_docs/accessinformationcenter/11.6/resourcereviews/window/sendreminders.webp) The window displays the action status. When a successful status is indicated, assigned owners were sent a reminder email. Click **OK** to close the Send Reminders window. -_Remember,_ automatic weekly reminders can be configured on the +:::tip +Remember, automatic weekly reminders can be configured on the [Notifications Page](/docs/accessinformationcenter/11.6/admin/configuration/notifications.md) of the Configuration interface. +::: diff --git a/docs/accessinformationcenter/11.6/resourcereviews/interface/stopreview.md b/docs/accessinformationcenter/11.6/resourcereviews/interface/stopreview.md index 058c35ec93..de64c514d5 100644 --- a/docs/accessinformationcenter/11.6/resourcereviews/interface/stopreview.md +++ b/docs/accessinformationcenter/11.6/resourcereviews/interface/stopreview.md @@ -11,9 +11,12 @@ The Stop Review window opens from the of the Resource Reviews interface. Select the desired active review(s) and click **Stop**. The Stop Review window opens to confirm the action. -![Stop Review window](/img/product_docs/auditor/10.6/access/reviews/entitlementreviews/window/stopreview.webp) +![Stop Review window](/img/product_docs/accessinformationcenter/11.6/resourcereviews/window/stopreview.webp) -**CAUTION:** This will prevent owners from completing the review, removing associated resources from +:::warning +This will prevent owners from completing the review, removing associated resources from their Pending Reviews list. +::: + Click **Yes** to stop the review. Click **No** to cancel the action. The Stop Review window closes. diff --git a/docs/accessinformationcenter/11.6/resourcereviews/interface/viewresponses.md b/docs/accessinformationcenter/11.6/resourcereviews/interface/viewresponses.md index 22a8191e3e..23d5a4aa38 100644 --- a/docs/accessinformationcenter/11.6/resourcereviews/interface/viewresponses.md +++ b/docs/accessinformationcenter/11.6/resourcereviews/interface/viewresponses.md @@ -11,7 +11,7 @@ The View Responses window opens from the **View Response** button on the of the Resource Reviews interface. It displays all owner-recommended changes and notes for the selected resource. -![View Responses window](/img/product_docs/auditor/10.6/access/reviews/entitlementreviews/viewresponses.webp) +![View Responses window](/img/product_docs/accessinformationcenter/11.6/resourcereviews/viewresponses.webp) The information displayed in the table includes: @@ -32,9 +32,12 @@ owner-recommended changes. If deselected, all items included in the review are d selecting the items with no changes in the grid, the change buttons at the bottom of the page are disabled. -**CAUTION:** If the Access Information Center has been configured to commit Active Directory +:::warning +If the Access Information Center has been configured to commit Active Directory changes, clicking **Accept** will commit the changes if all prerequisite for the review type have been met. +::: + If the Access Information Center has been configured to commit Active Directory changes, the icon at the front of the Item Reviewed column is yellow. The selected action is automatically committed @@ -59,7 +62,7 @@ for additional information. Select an item in the table, and use the action buttons at the bottom to identify the decision: -![viewresponsesbuttons](/img/product_docs/auditor/10.6/access/reviews/entitlementreviews/window/viewresponsesbuttons.webp) +![viewresponsesbuttons](/img/product_docs/accessinformationcenter/11.6/resourcereviews/window/viewresponsesbuttons.webp) | Button | Description | | ---------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | diff --git a/docs/accessinformationcenter/11.6/resourcereviews/overview.md b/docs/accessinformationcenter/11.6/resourcereviews/overview.md index e230eb83c1..ac0351bf53 100644 --- a/docs/accessinformationcenter/11.6/resourcereviews/overview.md +++ b/docs/accessinformationcenter/11.6/resourcereviews/overview.md @@ -16,30 +16,36 @@ folders, SharePoint sites, Active Directory (AD) groups, AD distribution lists, Administrators groups. All data available within the Access Information Center is collected by Netwrix Enterprise Auditor according to the targeted environments. -_Remember,_ Owners are assigned to resources in the Resource Owners interface. Only resources with +:::tip +Remember, Owners are assigned to resources in the Resource Owners interface. Only resources with assigned Owners can be included in a Resource Review. +::: -Who Can Run Resource Reviews (Review Administrators)? + +**Who Can Run Resource Reviews (Review Administrators)?** - Console Users with Administrator role - Can complete the Review Administrator's approval process without impacting the visibility into the review created by a Review Administrator with the Security Team role - **CAUTION:** Visibility into a review created by a Review Administrator with the Security + :::warning + Visibility into a review created by a Review Administrator with the Security Team role is blocked if a Review Administrator with the Administrator role starts a new instance. + ::: + - Console Users with Security Team role - Visibility into only those reviews personally created -Who Participates in Resource Reviews? +**Who Participates in Resource Reviews?** - Review Administrators — Create / start reviews and approve / process owner recommended changes - Owners — Perform reviews and recommend changes -Types of Resource Reviews +**Types of Resource Reviews** There are four types of reviews: @@ -48,15 +54,18 @@ There are four types of reviews: - Permissions – Review trustee permissions to resources - Sensitive Data – Review files containing potentially sensitive data stored within resources -**NOTE:** The Sensitive Data content within reports and reviews is visible to all users and roles. +:::note +The Sensitive Data content within reports and reviews is visible to all users and roles. The Matches table in the report will only be populated for Console User with Security Team and Administrator roles. This is also required for Sensitive Data reviews. +::: + See the [Resource Reviews Interface](/docs/accessinformationcenter/11.6/resourcereviews/interface/interface.md) topic for additional information. -Ignored Trustees +**Ignored Trustees** Trustees added to the SA_AIC_ResourceReviewIgnoredTrustees database table are excluded from Access, Membership, and Permissions reviews. For Membership and Permissions reviews, trustees must be @@ -72,9 +81,12 @@ Prerequisites: [Notifications Page](/docs/accessinformationcenter/11.6/admin/configuration/notifications.md) topic for additional information. - **NOTE:** By default, the application is configured to send notifications only to the primary + :::note + By default, the application is configured to send notifications only to the primary owner. However, this can be customized on the Configuration > Notifications page to send notifications to all assigned owners. + ::: + - Owners assigned to resources within the Resource Owners interface. See the [Resource Owners Overview](/docs/accessinformationcenter/11.6/resourceowners/overview.md) @@ -88,10 +100,13 @@ Prerequisites: Workflow: -**_RECOMMENDED:_** When deploying the Access Information Center in an organization to process +:::info +When deploying the Access Information Center in an organization to process reviews, owners should be notified prior to launching the first set of reviews. See the [Notification to Owners](/docs/accessinformationcenter/11.6/resourceowners/overview.md#notification-to-owners) topic for additional information. +::: + **Step 1 –** Review Administrator creates a review or starts a new review instance. See the [Create Review Wizard](/docs/accessinformationcenter/11.6/resourcereviews/create/create.md) diff --git a/docs/accessinformationcenter/11.6/resourcereviews/prerequisites.md b/docs/accessinformationcenter/11.6/resourcereviews/prerequisites.md index cf9261c623..9352b2cd3b 100644 --- a/docs/accessinformationcenter/11.6/resourcereviews/prerequisites.md +++ b/docs/accessinformationcenter/11.6/resourcereviews/prerequisites.md @@ -19,7 +19,7 @@ Resource Reviews have the following prerequisites: The following prerequisites are required for reviews of file system data. -Sensitive Data Reviews Requirement +**Sensitive Data Reviews Requirement** Sensitive Data reviews of file system data requires the following setting be configured in the **FileSystem** > **0.Collection** Job Group in Netwrix Enterprise Auditor: @@ -28,7 +28,7 @@ Sensitive Data reviews of file system data requires the following setting be con checkbox on the File Details tab on the Default Scoping Options page of the File System Access Auditor Data Collector Wizard. -View Sensitive Content within Reviews Requirement +**View Sensitive Content within Reviews Requirement** In order to view the potentially sensitive data during a review, the following setting must also be configured in the **FileSystem** > **0.Collection** Job Group in Netwrix Enterprise Auditor: @@ -41,7 +41,7 @@ configured in the **FileSystem** > **0.Collection** Job Group in Netwrix Enterp The following prerequisites are required for reviews of SharePoint data. -View Sensitive Content within Reviews Requirement +**View Sensitive Content within Reviews Requirement** In order to view the potentially sensitive data during a review, the following setting must be configured in the **SharePoint** > **0.Collection** Job Group: @@ -50,7 +50,7 @@ configured in the **SharePoint** > **0.Collection** Job Group: sensitive data** checkbox on the DLP Audit Settings page of the SharePoint Access Auditor Data Collector Wizard. -False Positive Sensitive Data +**False Positive Sensitive Data** Files that match multiple sensitive data criteria display in every sensitive data review with a matched criteria selected. Files that have been identified as false positives for sensitive content @@ -58,8 +58,11 @@ can be flagged either through a resource review or through the **Settings** > ** node of the Netwrix Enterprise Auditor Console. This removes the file from reports on sensitive data until it has been un-flagged or the file has been modified and rescanned. -**NOTE:** A false positive is a file which matches the sensitive data criteria but does not contain +:::note +A false positive is a file which matches the sensitive data criteria but does not contain actual sensitive data. +::: + ## Automation Prerequisites @@ -77,11 +80,14 @@ automation of approved changes. modified (Read, Modify, or Full Control) - Sensitive Data review — There are no additional prerequisites - **CAUTION:** Of the three possible actions of Keep, Remove, and Not Sensitive for a Sensitive + :::warning + Of the three possible actions of Keep, Remove, and Not Sensitive for a Sensitive Data review, the Remove action cannot be automated through the Access Information Center. It must be manually done outside of the application. See the [Sensitive Data Review Automation](#sensitive-data-review-automation) topic for additional information. + ::: + See the [Access Groups](/docs/accessinformationcenter/11.6/resourceowners/accessgroups.md) diff --git a/docs/accessinformationcenter/11.6/youraccessportal/removeaccess.md b/docs/accessinformationcenter/11.6/youraccessportal/removeaccess.md index 977e44a794..3c59aa5a0b 100644 --- a/docs/accessinformationcenter/11.6/youraccessportal/removeaccess.md +++ b/docs/accessinformationcenter/11.6/youraccessportal/removeaccess.md @@ -16,7 +16,10 @@ and click **Remove Access**. The Remove Access window opens to confirm the actio **Step 2 –** Click **Yes** to cancel the remove your access for the selected resource. -**NOTE:** You can click **No** to keep the access and close the Remove Access window. +:::note +You can click **No** to keep the access and close the Remove Access window. +::: + ![Remove Access window access removed message](/img/product_docs/accessinformationcenter/11.6/accessrequests/window/removeaccesscomplete.webp) diff --git a/docs/accessinformationcenter/11.6/youraccessportal/requestaccess/requestaccess.md b/docs/accessinformationcenter/11.6/youraccessportal/requestaccess/requestaccess.md index c0fda252bb..699b3a1e87 100644 --- a/docs/accessinformationcenter/11.6/youraccessportal/requestaccess/requestaccess.md +++ b/docs/accessinformationcenter/11.6/youraccessportal/requestaccess/requestaccess.md @@ -12,12 +12,15 @@ The Request Access wizard is opened with the **Request Access** button in the Yo It contains two pages: -- 1. Select Resource — Select the resource or group +- *1. Select Resource* — Select the resource or group - **NOTE:** Only those resources or groups being managed through the Access Information Center + :::note + Only those resources or groups being managed through the Access Information Center will be available for access requests. + ::: -- 2. Add Notes — Allows you to enter a note explaining why the request is being made + +- *2. Add Notes* — Allows you to enter a note explaining why the request is being made See the [Submit a Request](#submit-a-request) topic for additional information. @@ -39,9 +42,12 @@ browse options. - For groups and distribution lists, enter the group name. To focus on a particular domain or filter the search field to groups which reside in a particular domain, enter the domain name. - _Remember,_ it is possible that the resource may not be managed by the Access Information + :::tip + Remember, it is possible that the resource may not be managed by the Access Information Center. Contact the Request Administrator if the desired resource does not come up with search filters. + ::: + - Browse option – Navigate through the table to select the desired resource. The table will display the following information: @@ -58,9 +64,12 @@ browse options. - Granted – Indicates your current access - Description – Resource description as provided by the resource owner - **NOTE:** When there are more than 100 rows of resources available for access request, this page + :::note + When there are more than 100 rows of resources available for access request, this page will only load 100 rows of data. You will be able to search for a specific resource that is not showing in the current view. + ::: + **Step 3 –** Select the resource in the table. If there are multiple access levels available, as indicated by the green plus (+) button, click the button to rotate through and select the desired @@ -74,7 +83,7 @@ resource is in your list, select it and click **Remove**. Click **OK** to close **Step 5 –** When you selection list is set as desired, click **Next**. -![Request Access wizard Add Notes page](/img/product_docs/accessinformationcenter/11.6/accessrequests/wizard/addnotes.webp) +![Request Access wizard Add Notes page](/img/product_docs/accessinformationcenter/11.6/accessrequests/wizard/addnotes_1.webp) **Step 6 –** On the Add Notes page, enter the following information: @@ -83,9 +92,12 @@ resource is in your list, select it and click **Remove**. Click **OK** to close - Temporary Access — _(Optional)_ If only temporary access is required, select the checkbox, click **Set Date** and select an expiration date. The owner of the resource can modify this date. - **NOTE:** When a user has temporary access already granted to a resource, and then requests a + :::note + When a user has temporary access already granted to a resource, and then requests a different type of access to the same resource with a different expiration date, once the new access is granted, the new expiration date supersedes the old date. + ::: + **Step 7 –** Click **Next** and the Access Information Center starts the action. diff --git a/docs/accessinformationcenter/11.6/youraccessportal/requesthistory/cancelrequest.md b/docs/accessinformationcenter/11.6/youraccessportal/requesthistory/cancelrequest.md index 020357b1d8..09b42a8481 100644 --- a/docs/accessinformationcenter/11.6/youraccessportal/requesthistory/cancelrequest.md +++ b/docs/accessinformationcenter/11.6/youraccessportal/requesthistory/cancelrequest.md @@ -18,7 +18,10 @@ click **Cancel**. The Cancel Request window opens to confirm the action. **Step 2 –** Click **Yes** to cancel the request. -**NOTE:** You can click **No** to keep the pending request and close the Cancel Request window. +:::note +You can click **No** to keep the pending request and close the Cancel Request window. +::: + ![Cancel Request window request has been cancelled message](/img/product_docs/accessinformationcenter/11.6/accessrequests/window/cancelrequestcomplete.webp) diff --git a/docs/accessinformationcenter/12.0/admin/navigate/navigate.md b/docs/accessinformationcenter/12.0/admin/navigate/navigate.md index 0cbad7785b..cfce82fc1f 100644 --- a/docs/accessinformationcenter/12.0/admin/navigate/navigate.md +++ b/docs/accessinformationcenter/12.0/admin/navigate/navigate.md @@ -124,10 +124,10 @@ has access to it, and the require license: | Interface | Purpose | Opened By | Accessible To | License | | -------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------- | | Configuration Interface | Configure console access, Active Directory service account, notification settings, database access, and diagnostic logging level. Additionally you can view license details and upload a new license. | **Configure Console** link on the Home page | Administrator role | Any license feature | -| Resource Audit Interfaces | View reports for resources, users, groups, computers, and sensitive content. | **Resource Audit** button on the Home page Search bar on the Home page Recent Searched box on the Home page Owner Portal (access only to owned resources or groups) | All roles:
  • Administrator
  • Security Team
  • Readers
  • Data Privacy Assigned resource Owners with no role assigned
| Active Directory File System SharePoint Windows | -| Resource Owners Interface | Manage resource ownership by assigning owners to resources and requesting ownership confirmation. Optionally enable resources for owner ad hoc changes and/or the Self-Service Access Requests workflow. | **Resource Owners** button on the Home page | Administrator role Security Team role | Entitlement Reviews Access Requests | +| Resource Audit Interfaces | View reports for resources, users, groups, computers, and sensitive content. | **Resource Audit** button on the Home page

Search bar on the Home page

Recent Searched box on the Home page

Owner Portal (access only to owned resources or groups) | All roles:
  • Administrator
  • Security Team
  • Readers
  • Data Privacy

Assigned resource Owners with no role assigned | Active Directory
File System
SharePoint
Windows | +| Resource Owners Interface | Manage resource ownership by assigning owners to resources and requesting ownership confirmation. Optionally enable resources for owner ad hoc changes and/or the Self-Service Access Requests workflow. | **Resource Owners** button on the Home page | Administrator role Security Team role | Entitlement Reviews
Access Requests | | Resource Reviews Interface | Create and manage reviews. | **Resource Reviews** button on the Home page | Administrator role Security Team role | Entitlement Reviews | | Access Requests Interface | View pending and historical access requests and send reminders to owners. | **Access Requests** button on the Home page | Administrator role Security Team role | Access Requests | -| Owner Portal | View a list of scanned resources that the logged-in domain user is the assigned owner, access resource reports, access pending and historical access requests, and access resource review information. When enabled for a resource, the owner can make ad hoc access changes. The Owner portal also grants access to the Your Access portal. | **Manage Your Resources** link on the Home page Direct from login for owners without a role | Assigned Resource Owners | Entitlement Reviews Access Requests | -| Your Access Portal | Users can request access to resources managed through the Access Information Center, view their own entitlements to resources, and view access request history. | **Manage Your Access** link on the Home page **Access** and **History** links in the My Access section of the Owner Portal Direct from login for domain users without a role and are not assigned owners | Domain User | Access Requests | +| Owner Portal | View a list of scanned resources that the logged-in domain user is the assigned owner, access resource reports, access pending and historical access requests, and access resource review information. When enabled for a resource, the owner can make ad hoc access changes. The Owner portal also grants access to the Your Access portal. | **Manage Your Resources** link on the Home page

Direct from login for owners without a role | Assigned Resource Owners | Entitlement Reviews
Access Requests | +| Your Access Portal | Users can request access to resources managed through the Access Information Center, view their own entitlements to resources, and view access request history. | **Manage Your Access** link on the Home page

**Access** and **History** links in the My Access section of the Owner Portal

Direct from login for domain users without a role and are not assigned owners | Domain User | Access Requests | diff --git a/docs/accessinformationcenter/12.0/owneroverview/pendingreviews/reviewhistory.md b/docs/accessinformationcenter/12.0/owneroverview/pendingreviews/reviewhistory.md index eae4b05400..a427049b5c 100644 --- a/docs/accessinformationcenter/12.0/owneroverview/pendingreviews/reviewhistory.md +++ b/docs/accessinformationcenter/12.0/owneroverview/pendingreviews/reviewhistory.md @@ -36,7 +36,7 @@ The table data grid functions the same way as other table grids. See the The View Details button at the bottom of the Review History page opens the Review Details window for a resource where changes were recommended. -![Review Details Window](/img/product_docs/accessinformationcenter/12.0/resourcereviews/reviewdetails.webp) +![Review Details Window](/img/product_docs/accessinformationcenter/12.0/resourcereviews/reviewdetails_1.webp) The information displayed in the table includes: diff --git a/docs/accessinformationcenter/12.0/resourceowners/interface/import.md b/docs/accessinformationcenter/12.0/resourceowners/interface/import.md index 507f8e6195..78a49beda0 100644 --- a/docs/accessinformationcenter/12.0/resourceowners/interface/import.md +++ b/docs/accessinformationcenter/12.0/resourceowners/interface/import.md @@ -26,28 +26,16 @@ The CSV file should list one resource per row using the following format: ![Example CSV File showing file system, SharePoint, and group resource formats](/img/product_docs/accessinformationcenter/12.0/resourceowners/wizard/csvfileformat.webp) - Resource Formats: - - File System Resources – Resource path should be the UNC path to the share or folder. - -`\\ExampleServer\ExampleShare,ExampleDomain\ExampleOwner` - + `\\ExampleServer\ExampleShare,ExampleDomain\ExampleOwner` - SharePoint Resources – Resource path should be the URL to the site resource. - -`http://ExampleFarm/ExampleSiteCollection/ExampleSite,ExampleDomain\ExampleOwner` - - - Groups – Resource path should be the NTAccount [DOMAIN\NAME] for the group or distribution - list - -`ExampleDomain\ExampleGroup,ExampleDomain\ExampleOwner` - + `http://ExampleFarm/ExampleSiteCollection/ExampleSite,ExampleDomain\ExampleOwner` +- Groups – Resource path should be the NTAccount [DOMAIN\NAME] for the group or distribution list + `ExampleDomain\ExampleGroup,ExampleDomain\ExampleOwner` - Multiple owners can be added, separated by a semicolon (;) - -`ExampleDomain\ExampleGroup,ExampleDomain\ExampleOwner1;ExampleDomain\ExampleOwner2` - -- _(Optional)_ A description for the resource can be added after the last owner - - ExampleDomain\ExampleGroup,ExampleDomain\ExampleOwner1;ExampleDomain\ExampleOwner2,Security - group for access to the Example share + `ExampleDomain\ExampleGroup,ExampleDomain\ExampleOwner1;ExampleDomain\ExampleOwner2` +- *(Optional)* A description for the resource can be added after the last owner + `ExampleDomain\ExampleGroup,ExampleDomain\ExampleOwner1;ExampleDomain\ExampleOwner2,Security group for access to the Example share` :::tip Remember, if the CSV file contains resources other than just Groups, this method only imports diff --git a/static/img/product_docs/accessinformationcenter/11.6/admin/configuration/modifybuiltinadministrator.webp b/static/img/product_docs/accessinformationcenter/11.6/admin/configuration/modifybuiltinadministrator.webp new file mode 100644 index 0000000000..34cd9a7c2b Binary files /dev/null and b/static/img/product_docs/accessinformationcenter/11.6/admin/configuration/modifybuiltinadministrator.webp differ diff --git a/static/img/product_docs/accessinformationcenter/11.6/admin/configuration/notificationsreminders.webp b/static/img/product_docs/accessinformationcenter/11.6/admin/configuration/notificationsreminders.webp new file mode 100644 index 0000000000..2d9adb78db Binary files /dev/null and b/static/img/product_docs/accessinformationcenter/11.6/admin/configuration/notificationsreminders.webp differ diff --git a/static/img/product_docs/accessinformationcenter/11.6/admin/configuration/notificationstestconfirm.webp b/static/img/product_docs/accessinformationcenter/11.6/admin/configuration/notificationstestconfirm.webp new file mode 100644 index 0000000000..679a2d1470 Binary files /dev/null and b/static/img/product_docs/accessinformationcenter/11.6/admin/configuration/notificationstestconfirm.webp differ diff --git a/static/img/product_docs/accessinformationcenter/11.6/admin/configuration/notificationstestsettings.webp b/static/img/product_docs/accessinformationcenter/11.6/admin/configuration/notificationstestsettings.webp new file mode 100644 index 0000000000..eb1917a6c7 Binary files /dev/null and b/static/img/product_docs/accessinformationcenter/11.6/admin/configuration/notificationstestsettings.webp differ diff --git a/static/img/product_docs/accessinformationcenter/11.6/general/editnotes.webp b/static/img/product_docs/accessinformationcenter/11.6/general/editnotes.webp new file mode 100644 index 0000000000..5979b7b7ba Binary files /dev/null and b/static/img/product_docs/accessinformationcenter/11.6/general/editnotes.webp differ diff --git a/static/img/product_docs/accessinformationcenter/11.6/general/groupmembership.webp b/static/img/product_docs/accessinformationcenter/11.6/general/groupmembership.webp new file mode 100644 index 0000000000..b8951f2767 Binary files /dev/null and b/static/img/product_docs/accessinformationcenter/11.6/general/groupmembership.webp differ diff --git a/static/img/product_docs/accessinformationcenter/11.6/general/removechanges.webp b/static/img/product_docs/accessinformationcenter/11.6/general/removechanges.webp new file mode 100644 index 0000000000..e87ff2965d Binary files /dev/null and b/static/img/product_docs/accessinformationcenter/11.6/general/removechanges.webp differ diff --git a/static/img/product_docs/accessinformationcenter/11.6/general/tablecolumnfilter.webp b/static/img/product_docs/accessinformationcenter/11.6/general/tablecolumnfilter.webp new file mode 100644 index 0000000000..4fe8559c2e Binary files /dev/null and b/static/img/product_docs/accessinformationcenter/11.6/general/tablecolumnfilter.webp differ diff --git a/static/img/product_docs/accessinformationcenter/11.6/general/tablecolumnfilterclear.webp b/static/img/product_docs/accessinformationcenter/11.6/general/tablecolumnfilterclear.webp new file mode 100644 index 0000000000..697acdeaa8 Binary files /dev/null and b/static/img/product_docs/accessinformationcenter/11.6/general/tablecolumnfilterclear.webp differ diff --git a/static/img/product_docs/accessinformationcenter/11.6/general/tablecolumns.webp b/static/img/product_docs/accessinformationcenter/11.6/general/tablecolumns.webp new file mode 100644 index 0000000000..c422b20f61 Binary files /dev/null and b/static/img/product_docs/accessinformationcenter/11.6/general/tablecolumns.webp differ diff --git a/static/img/product_docs/accessinformationcenter/11.6/general/tableexports.webp b/static/img/product_docs/accessinformationcenter/11.6/general/tableexports.webp new file mode 100644 index 0000000000..6ec412cc1c Binary files /dev/null and b/static/img/product_docs/accessinformationcenter/11.6/general/tableexports.webp differ diff --git a/static/img/product_docs/accessinformationcenter/11.6/general/tableresize.webp b/static/img/product_docs/accessinformationcenter/11.6/general/tableresize.webp new file mode 100644 index 0000000000..75b94f96d7 Binary files /dev/null and b/static/img/product_docs/accessinformationcenter/11.6/general/tableresize.webp differ diff --git a/static/img/product_docs/accessinformationcenter/11.6/general/tablesearch.webp b/static/img/product_docs/accessinformationcenter/11.6/general/tablesearch.webp new file mode 100644 index 0000000000..759b4380ed Binary files /dev/null and b/static/img/product_docs/accessinformationcenter/11.6/general/tablesearch.webp differ diff --git a/static/img/product_docs/accessinformationcenter/11.6/general/tablesort.webp b/static/img/product_docs/accessinformationcenter/11.6/general/tablesort.webp new file mode 100644 index 0000000000..17bafb3499 Binary files /dev/null and b/static/img/product_docs/accessinformationcenter/11.6/general/tablesort.webp differ diff --git a/static/img/product_docs/accessinformationcenter/11.6/resourceowners/statusconfirmed.webp b/static/img/product_docs/accessinformationcenter/11.6/resourceowners/statusconfirmed.webp new file mode 100644 index 0000000000..743e0e9d48 Binary files /dev/null and b/static/img/product_docs/accessinformationcenter/11.6/resourceowners/statusconfirmed.webp differ diff --git a/static/img/product_docs/accessinformationcenter/11.6/resourceowners/statusdeclined.webp b/static/img/product_docs/accessinformationcenter/11.6/resourceowners/statusdeclined.webp new file mode 100644 index 0000000000..ef4c6dd35f Binary files /dev/null and b/static/img/product_docs/accessinformationcenter/11.6/resourceowners/statusdeclined.webp differ diff --git a/static/img/product_docs/accessinformationcenter/11.6/resourceowners/statusnostatus.webp b/static/img/product_docs/accessinformationcenter/11.6/resourceowners/statusnostatus.webp new file mode 100644 index 0000000000..2d576d91d7 Binary files /dev/null and b/static/img/product_docs/accessinformationcenter/11.6/resourceowners/statusnostatus.webp differ diff --git a/static/img/product_docs/accessinformationcenter/11.6/resourceowners/statuswaiting.webp b/static/img/product_docs/accessinformationcenter/11.6/resourceowners/statuswaiting.webp new file mode 100644 index 0000000000..e5b4bef73d Binary files /dev/null and b/static/img/product_docs/accessinformationcenter/11.6/resourceowners/statuswaiting.webp differ diff --git a/static/img/product_docs/accessinformationcenter/11.6/resourcereviews/reviewdetails_1.webp b/static/img/product_docs/accessinformationcenter/11.6/resourcereviews/reviewdetails_1.webp new file mode 100644 index 0000000000..4c727ab20b Binary files /dev/null and b/static/img/product_docs/accessinformationcenter/11.6/resourcereviews/reviewdetails_1.webp differ diff --git a/static/img/product_docs/accessinformationcenter/11.6/resourcereviews/viewresponses.webp b/static/img/product_docs/accessinformationcenter/11.6/resourcereviews/viewresponses.webp new file mode 100644 index 0000000000..c8e577712e Binary files /dev/null and b/static/img/product_docs/accessinformationcenter/11.6/resourcereviews/viewresponses.webp differ diff --git a/static/img/product_docs/accessinformationcenter/11.6/resourcereviews/window/deletereviewentire.webp b/static/img/product_docs/accessinformationcenter/11.6/resourcereviews/window/deletereviewentire.webp new file mode 100644 index 0000000000..5ae08d6dd9 Binary files /dev/null and b/static/img/product_docs/accessinformationcenter/11.6/resourcereviews/window/deletereviewentire.webp differ diff --git a/static/img/product_docs/accessinformationcenter/11.6/resourcereviews/window/deletereviewinstance.webp b/static/img/product_docs/accessinformationcenter/11.6/resourcereviews/window/deletereviewinstance.webp new file mode 100644 index 0000000000..1308d8edab Binary files /dev/null and b/static/img/product_docs/accessinformationcenter/11.6/resourcereviews/window/deletereviewinstance.webp differ diff --git a/static/img/product_docs/accessinformationcenter/11.6/resourcereviews/window/renamereview.webp b/static/img/product_docs/accessinformationcenter/11.6/resourcereviews/window/renamereview.webp new file mode 100644 index 0000000000..840bf8b1d2 Binary files /dev/null and b/static/img/product_docs/accessinformationcenter/11.6/resourcereviews/window/renamereview.webp differ diff --git a/static/img/product_docs/accessinformationcenter/11.6/resourcereviews/window/selectedresources.webp b/static/img/product_docs/accessinformationcenter/11.6/resourcereviews/window/selectedresources.webp new file mode 100644 index 0000000000..b44603c1af Binary files /dev/null and b/static/img/product_docs/accessinformationcenter/11.6/resourcereviews/window/selectedresources.webp differ diff --git a/static/img/product_docs/accessinformationcenter/11.6/resourcereviews/window/sendreminders.webp b/static/img/product_docs/accessinformationcenter/11.6/resourcereviews/window/sendreminders.webp new file mode 100644 index 0000000000..9bef7b90a7 Binary files /dev/null and b/static/img/product_docs/accessinformationcenter/11.6/resourcereviews/window/sendreminders.webp differ diff --git a/static/img/product_docs/accessinformationcenter/11.6/resourcereviews/window/stopreview.webp b/static/img/product_docs/accessinformationcenter/11.6/resourcereviews/window/stopreview.webp new file mode 100644 index 0000000000..d386a11710 Binary files /dev/null and b/static/img/product_docs/accessinformationcenter/11.6/resourcereviews/window/stopreview.webp differ diff --git a/static/img/product_docs/accessinformationcenter/11.6/resourcereviews/window/viewresponsesbuttons.webp b/static/img/product_docs/accessinformationcenter/11.6/resourcereviews/window/viewresponsesbuttons.webp new file mode 100644 index 0000000000..ea0504f6a9 Binary files /dev/null and b/static/img/product_docs/accessinformationcenter/11.6/resourcereviews/window/viewresponsesbuttons.webp differ