netwrix · paul-sh · Nov 17, 2025 · Nov 17, 2025 · Nov 17, 2025 · Nov 17, 2025
@@ -0,0 +1,10 @@
+{
+  "label": "Administration",
+  "position": 40,
+  "collapsed": true,
+  "collapsible": true,
+  "link": {
+    "type": "doc",
+    "id": "overview"
+  }
+}
@@ -0,0 +1,10 @@
+{
+  "label": "Agents Tab",
+  "position": 10,
+  "collapsed": true,
+  "collapsible": true,
+  "link": {
+    "type": "doc",
+    "id": "overview"
+  }
+}
@@ -0,0 +1,108 @@
+---
+title: "Active Directory Agent Deployment"
+description: "Active Directory Agent Deployment"
+sidebar_position: 40
+---
+
+# Active Directory Agent Deployment
+
+Before deploying the Active Directory (AD) agent, ensure all
+[AD Agent Server Requirements](/docs/activitymonitor/9.0/requirements/adagent/adagent.md) have been met. To effectively
+monitor Active Directory, it is necessary to deploy an AD agent to every domain controller,
+including the read only domain controllers. However, it is possible to deploy the agents in batches.
+Follow the steps to deploy the AD agents to the domain controllers in the target domain.
+
+:::note
+These steps are specific to deploying AD agents for monitoring Active Directory.
+:::
+
+
+**Step 1 –** On the Agents tab, click Add agent to open the Add New Agent(s) window.
+
+![Install New Agent](/images/activitymonitor/9.0/install/agent/installnew.webp)
+
+**Step 2 –** Click on the Install agents on Active Directory domain controllers link to deploy
+activity agents to multiple domain controllers.
+
+:::note
+The Activity Monitor will validate the entered Host Name or IP Address entered in the
+**Server Name** text box.
+:::
+
+
+![Specify Agent Port](/images/activitymonitor/9.0/install/agent/portdefault.webp)
+
+**Step 3 –** Specify the port that should be used by the new agent(s).
+
+![Agent Install Location](/images/activitymonitor/9.0/admin/agents/add/locationdefault.webp)
+
+**Step 4 –** Select the agent installation path.
+
+:::info
+Use the default installation path.
+:::
+
+
+![Active Directory Connection page with blank text boxes](/images/activitymonitor/9.0/admin/agents/add/adconnectionblank.webp)
+
+**Step 5 –** On the Active Directory Connection page, enter the domain, and specify an account that
+is a member of BUILTIN\Administrators group on the domain. Then, click **Connect**.
+
+![Example of a successful connection on the Active Directory Connection page](/images/activitymonitor/9.0/admin/agents/add/adconnectionsuccessful.webp)
+
+When the connection is successful, the Next button is enabled. Click Next to continue.
+
+:::note
+An Administrator’s credentials are required to test the connection to the server. This is
+the only way to enable the Next button.
+:::
+
+
+![Domains to Monitor page](/images/activitymonitor/9.0/admin/agents/add/domainstomonitorpage.webp)
+
+**Step 6 –** On the Domains To Monitor page, available domains display in a list, checked by
+default. Check/uncheck the boxes as desired to identify the domains to monitor, then click Next.
+
+![Domain Controllers to Deploy the Agent to page](/images/activitymonitor/9.0/admin/agents/add/dcstodeploytheagenttopage.webp)
+
+**Step 7 –** On the Domain Controllers to deploy the Agent to page, available domain controllers
+display in a list, checked by default. Check/uncheck the boxes as desired to identify the domain
+controllers where the AD agent is to be deployed.
+
+:::note
+Agents can be gradually deployed, but the AD agent needs to be installed on all domain
+controllers to monitor all activity of the domain.
+:::
+
+
+![Test Connection to Domain Controller](/images/activitymonitor/9.0/admin/agents/add/dcsdeployagentconnection.webp)
+
+**Step 8 –** Click the **Test** button to verify the connection to the domains selected. Once the
+connection is verified, click **Next** to continue.
+
+![Windows Agent Settings Page](/images/activitymonitor/9.0/admin/agents/add/windowsagentsettingspage.webp)
+
+**Step 9 –** On the Windows Agent Settings page, there are two settings to configure.
+
+- Add Windows file activity monitoring – Select the check box to add Windows file activity
+  monitoring after installing the agent. By default a new agent install monitors nothing. If
+  administrators want to monitor file activity on Windows servers, it is easier to enable it after
+  installation of the agent. Windows file activity monitoring can be enabled and configured later in
+  the console.
+- Management Group – By default, the agent only accepts commands from members of the
+  BUILTIN\Administrators group. Less privilege accounts can be configured to manage the agent with
+  the Management Group setting. Keep in mind that only administrators can install, update and
+  uninstall the agent.
+
+**Step 10 –** Click **Finish**. The Add New Agent(s) window closes, and the activity agent is
+deployed to and installed on the target host.
+
+During the installation process, the status will be Installing. If there are any errors, the
+Activity Monitor stops the installation and lists the errors in the Agent messages box.
+
+![AD Agent Installed](/images/activitymonitor/9.0/admin/agents/add/adagentinstalled.webp)
+
+When the AD agent installation is complete, the status changes to **Installed** and the agent
+version populates in the AD Module column. The next step is to configure the domains to be
+monitored. See the [Monitored Domains Tab](/docs/activitymonitor/9.0/admin/monitoreddomains/overview.md) section for
+additional information.
@@ -0,0 +1,138 @@
+---
+title: "Linux Agent Deployment"
+description: "Linux Agent Deployment"
+sidebar_position: 30
+---
+
+# Linux Agent Deployment
+
+**Understanding Linux File Activity Monitoring**
+
+The Activity Monitor can be configured to monitor the following:
+
+- Ability to collect all or specific file activity for specific values or specific combinations of
+  values
+
+It also provides the ability to feed activity data to other Netwrix products:
+
+- Netwrix Access Analyzer
+- Netwrix Threat Manager
+
+Prior to adding a Windows host to the Activity Monitor, the prerequisites for the target environment
+must be met. See the [Linux Agent Server Requirements](/docs/activitymonitor/9.0/requirements/linuxagent.md) topic
+for additional information.
+
+## Deploy Linux Agent
+
+Follow the steps to deploy the agent to the Linux host.
+
+**Step 1 –** On the Agents tab, click Add agent to open the Add New Agent(s) window.
+
+![Install New Agent page of the Add New Agent(s) Wizard](/images/activitymonitor/9.0/install/agent/installnew.webp)
+
+**Step 2 –** On the Install New Agent page, enter the server name for the Linux host. Click
+**Next**.
+
+![Specify Agent Port](/images/activitymonitor/9.0/install/agent/portdefault.webp)
+
+**Step 3 –** On the Agent Port page, specify the port to be used by the new agent. The default port
+is **4498**. Click **Next**.
+
+![Credentials to Connect](/images/activitymonitor/9.0/admin/agents/add/credentialsservers.webp)
+
+**Step 4 –** On the Credentials To Connect To The Server(s) page, connect to the Linux Server using
+either a **User name** and **Password**, or a Public Key.
+
+The options for connecting with a Password are:
+
+- User name
+- Password
+
+![Public Key Credentials](/images/activitymonitor/9.0/admin/agents/add/publickey.webp)
+
+The options for connecting with a Public Key are:
+
+- User name
+- Private Key
+
+![Client Certificate Credentials](/images/activitymonitor/9.0/admin/agents/add/clientcertificate.webp)
+
+To connect with a Client Certificate, select the **Client Certificate** (for already installed
+agents) option. Run the following commands on the Linux machine:
+
+```
+cd /usr/bin/activity-monitor-agentd/
+./activity-monitor-agentd create-client-certificate --name [name]
+```
+
+The Client Certificate option adds an already installed agent to the console without using SSH.
+
+To connect with a public key, select the **Public Key** option. Copy the following command into a
+command prompt to generate ECDSA key for public key option:
+
+```
+ssh-keygen -m PEM -t ecdsa
+```
+
+Netwrix Activity Monitor requires to generate ECDSA Key with a blank passphrase
+
+```
+cat ~/.ssh/id_ecdsa.pub >> ~/.ssh/authorized_keys
+```
+
+:::note
+It is required to add public key to authorized keys for Activity Monitor. By default, a
+private key is generated at ~/.ssh/id_ecdsa location along with the public key (.pub file). A user
+can use a different file location. Copy the following command into a command prompt to generate a
+private key for Activity Monitor to use:
+:::
+
+
+```
+cat ~/.ssh/id_ecdsa
+```
+
+**Step 5 –** Click **Connect** to test the connection. If the connection is successful, click
+**Next**. If the connection is unsuccessful, see the status message that appears for information on
+the failed connection.
+
+![Linux Agent Options](/images/activitymonitor/9.0/admin/agents/add/linuxagentoptions.webp)
+
+**Step 6 –** On the Linux Agent Options page, select which user name to use to run the daemon. To
+use root, leave the **Service user name** field blank. Click **Test** to test the connection.
+
+**Step 7 –** Click **Finish**. The Add New Agent(s) window closes, and the activity agent is
+deployed to and installed on the target host.
+
+During the installation process, the status will be **Installing**. If there are any errors,
+Activity Monitor stops the installation and lists the errors in the **Agent messages** box.
+
+![Linux Agent Installed](/images/activitymonitor/9.0/admin/agents/add/activitymonitorwithlinuxagentinstalled.webp)
+
+When the Linux agent installation is complete, the status changes to **Installed**. The Monitored
+Host is also configured, and the added Linux host is displayed in the monitored hosts table. See the
+[Monitored Hosts & Services Tab](/docs/activitymonitor/9.0/admin/monitoredhosts/overview.md) topic for additional information.
+
+Once a host has been added for monitoring, configure the desired outputs. See the
+[Output for Monitored Hosts](/docs/activitymonitor/9.0/admin/monitoredhosts/output/output.md) topic for additional information.
+
+:::info
+Activity Monitor Agent uses certificates to secure the connection between the Linux Agent and the Console / API Server.
+By default, the Agent uses an automatically generated self-signed certificate. The Console and the API Server do not enforce 
+validity checks on these self-signed agent certificates.
+
+This self-signed certificate can be replaced with one issued by a Certification Authority. Once replaced, the Console and 
+the API Server will ensure the validity of the agent’s certificates.
+
+See the [Certificate](/docs/activitymonitor/9.0/admin/agents/properties/certificate.md) topic for additional information.
+:::
+
+## Host Properties for Linux
+
+Configuration settings can be edited through the tabs in the host’s Properties window. The
+configurable host properties are:
+
+- [Inactivity Alerts Tab](/docs/activitymonitor/9.0/admin/monitoredhosts/properties/inactivityalerts.md)
+
+See the [Host Properties Window](/docs/activitymonitor/9.0/admin/monitoredhosts/properties/overview.md) topic for additional
+information.