netwrix · sreeparnas · Jul 15, 2025 · Jul 15, 2025
@@ -12,7 +12,10 @@ monitor Active Directory, it is necessary to deploy an AD agent to every domain
 including the read only domain controllers. However, it is possible to deploy the agents in batches.
 Follow the steps to deploy the AD agents to the domain controllers in the target domain.
 
-**NOTE:** These steps are specific to deploying AD agents for monitoring Active Directory.
+:::note
+These steps are specific to deploying AD agents for monitoring Active Directory.
+:::
+
 
 **Step 1 –** On the Agents tab, click Add agent to open the Add New Agent(s) window.
 
@@ -21,8 +24,11 @@ Follow the steps to deploy the AD agents to the domain controllers in the target
 **Step 2 –** Click on the Install agents on Active Directory domain controllers link to deploy
 activity agents to multiple domain controllers.
 
-**NOTE:** The Activity Monitor will validate the entered Host Name or IP Address entered in the
+:::note
+The Activity Monitor will validate the entered Host Name or IP Address entered in the
 **Server Name** text box.
+:::
+
 
 ![Specify Agent Port](/img/product_docs/activitymonitor/8.0/install/agent/portdefault.webp)
 
@@ -32,7 +38,10 @@ activity agents to multiple domain controllers.
 
 **Step 4 –** Select the agent installation path.
 
-**_RECOMMENDED:_** Use the default installation path.
+:::info
+Use the default installation path.
+:::
+
 
 ![Active Directory Connection page with blank text boxes](/img/product_docs/activitymonitor/8.0/admin/agents/add/adconnectionblank.webp)
 
@@ -43,8 +52,11 @@ is a member of BUILTIN\Administrators group on the domain. Then, click **Connect
 
 When the connection is successful, the Next button is enabled. Click Next to continue.
 
-**NOTE:** An Administrator’s credentials are required to test the connection to the server. This is
+:::note
+An Administrator’s credentials are required to test the connection to the server. This is
 the only way to enable the Next button.
+:::
+
 
 ![Domains to Monitor page](/img/product_docs/activitymonitor/8.0/admin/agents/add/domainstomonitorpage.webp)
 
@@ -57,8 +69,11 @@ default. Check/uncheck the boxes as desired to identify the domains to monitor,
 display in a list, checked by default. Check/uncheck the boxes as desired to identify the domain
 controllers where the AD agent is to be deployed.
 
-**NOTE:** Agents can be gradually deployed, but the AD agent needs to be installed on all domain
+:::note
+Agents can be gradually deployed, but the AD agent needs to be installed on all domain
 controllers to monitor all activity of the domain.
+:::
+
 
 ![Test Connection to Domain Controller](/img/product_docs/activitymonitor/8.0/admin/agents/add/dcsdeployagentconnection.webp)
 

@@ -6,7 +6,7 @@ sidebar_position: 30
 
 # Linux Agent Deployment
 
-Understanding Linux File Activity Monitoring
+**Understanding Linux File Activity Monitoring**
 
 The Activity Monitor can be configured to monitor the following:
 
@@ -80,10 +80,13 @@ Netwrix Activity Monitor requires to generate ECDSA Key with a blank passphrase
 cat ~/.ssh/id_ecdsa.pub >> ~/.ssh/authorized_keys
 ```
 
-**NOTE:** It is required to add public key to authorized keys for Activity Monitor. By default, a
+:::note
+It is required to add public key to authorized keys for Activity Monitor. By default, a
 private key is generated at ~/.ssh/id_ecdsa location along with the public key (.pub file). A user
 can use a different file location. Copy the following command into a command prompt to generate a
 private key for Activity Monitorto use:
+:::
+
 
 ```
 cat ~/.ssh/id_ecdsa

@@ -11,8 +11,11 @@ devices when applicable. Follow the steps to deploy the activity agent to a mult
 servers. See the [Activity Agent Server Requirements](/docs/activitymonitor/8.0/requirements/activityagent/activityagent.md) topic
 for additional information.
 
-**NOTE:** These steps are specific to deploying activity agents for monitoring supported target
+:::note
+These steps are specific to deploying activity agents for monitoring supported target
 environments.
+:::
+
 
 **Step 1 –** On the Agents tab, click Add agent to open the Add New Agent(s) window.
 
@@ -39,7 +42,7 @@ are:
 
 There are two methods for adding multiple hosts are:
 
-Manual Entry
+**Manual Entry**
 
 Use **Manual Entry** to manually type the host names or IP addresses of the servers to be monitored.
 
@@ -53,7 +56,7 @@ For Manual Entry, the options are:
       entered, click OK. The Host name or IP address window closes and the identified servers are in
       the list.
 
-Import a List
+**Import a List**
 
 Use **Import a List** to import host names or IP addresses from an external source.
 
@@ -97,7 +100,7 @@ The options for connecting with a Public Key are:
 To connect with a Client Certificate, select the Client Certificate (for already installed agents)
 option. Copy the following command into a command prompt:
 
-activity-monitor-agentd --create-client-certificate --client-name [NAME]
+**activity-monitor-agentd --create-client-certificate --client-name [NAME]**
 
 Using an existing Client Certificate installs a new agent without using SSH.
 

@@ -49,8 +49,11 @@ The table of servers hosting activity agents provides the following information:
 - Server Name – Name or IP Address of the server hosting an activity agent
 - Status – Status of the deployed activity agent(s)
 
-    **NOTE:** If the AD agent has been deployed, a status of “outdated” could apply to either the
+    :::note
+    If the AD agent has been deployed, a status of “outdated” could apply to either the
     activity agent or the AD agent installed on the domain controller.
+    :::
+
 
 - Version – Version of the deployed activity agent
 - AD Module – Version of the deployed AD agent
@@ -65,8 +68,11 @@ The **Agent messages** box displays any error or warning messages from the selec
 These messages are related to deployment/installation, communication between the console and the
 activity/AD agent, and upgrade of an activity/AD agent.
 
-**NOTE:** Activity agents from Activity Monitor v3.1+ can now be controlled by Activity Monitor
+:::note
+Activity agents from Activity Monitor v3.1+ can now be controlled by Activity Monitor
 v4.0+ Console.
+:::
+
 
 For additional information on how to deploy agents manually, see the
 [Agent Information](/docs/activitymonitor/8.0/install/agents/agents.md) topic.
@@ -19,17 +19,23 @@ The Agent Settings allow users to control the AD agent’s properties:
 - Safe Mode – If selected, the AD agent checks LSASS versions upon start up. Any change in LSASS
   since the previous start prevents the monitoring modules from loading.
 
-    **NOTE:** This is a safety measure that disables monitoring if the environment changes as in
+    :::note
+    This is a safety measure that disables monitoring if the environment changes as in
     rare cases the instrumentation may cause LSASS crashes. Should the version change occur, a
     warning will be shown next to the agent on the Agents page. The **Start pending modules** button
     allows you to force the agent to enable monitoring.
+    :::
+
 
 - Enable DNS Host Name Resolution – If selected, the AD agent looks up the missing data (a NetBIOS
   name, a Fully Qualified Domain Name, or an IP Address) that is missing fromthe event
 
-    **NOTE:** This provides more uniform data, but may have a performance impact on the machine
+    :::note
+    This provides more uniform data, but may have a performance impact on the machine
     where the AD agent is deployed, especially if that machine does not handle the name resolution
     locally.
+    :::
+
 
 Click **OK** to commit the modifications. Click **Cancel** to discard the modifications. The Agent
 Properties window closes.
@@ -48,9 +54,12 @@ See the following sections for additional information:
 To transfer Active Directory Activity Monitoring from the Activity Monitor to Threat Prevention,
 deploy Threat Prevention Agents to targeted domain controllers.
 
-**NOTE:** If Threat Prevention installed SI Agents on domain controllers before the Activity Monitor
+:::note
+If Threat Prevention installed SI Agents on domain controllers before the Activity Monitor
 AD agents were deployed, then skip to the next set of instructions to configure Active Directory
 Monitoring through Threat Prevention.
+:::
+
 
 If Threat Prevention data is not used by other Netwrix products, uninstall the activity agent from
 the domain controllers if you do not plan to receive Active Directory activity in Activity Monitor

@@ -22,8 +22,11 @@ The Additional Properties tab for the Activity Agent has the following configura
     - Same Level as the Console (uses the global level selected in the console)
     - Trace (the most verbose) many collection points and can slow down
 
-        **CAUTION:** Selecting the **Trace** option can slow down collection due to the large amount
+        :::warning
+        Selecting the **Trace** option can slow down collection due to the large amount
         of data points
+        :::
+
 
     - Debug
     - Info (recommended)
@@ -43,8 +46,11 @@ data (ETW) can be useful for problems related to the following:
 When this is needed, enable the **Collect extended debugging data (ETW) from the Windows driver when
 the Trace level is activated** option to diagnose these problems.
 
-**CAUTION:** Selecting this option collects a large amount of data. Therefore, it is important to
+:::warning
+Selecting this option collects a large amount of data. Therefore, it is important to
 enable it only for short periods of time. Otherwise, the trace file may overflow with data.
+:::
+
 
 In general for troubleshooting, start with trace logs. If the root cause of the problem might be a
 low-level functionality the driver, then the ETW logs must be enabled.
@@ -65,8 +71,11 @@ The Additional Properties tab for the Linux Agent has the following configuratio
     - Same Level as the Console (uses the global level selected in the console)
     - Trace (the most verbose) many collection points and can slow down
 
-        **CAUTION:** Selecting the **Trace** option can slow down collection due to the large amount
+        :::warning
+        Selecting the **Trace** option can slow down collection due to the large amount
         of data points
+        :::
+
 
     - Debug
     - Info (recommended)

@@ -46,5 +46,8 @@ The options below the **Configure** button are:
 Click **OK** to commit the modifications. Click **Cancel** to discard the modifications. The Agent
 Properties window closes.
 
-**NOTE:** Linux agents move activity logs to a set local path. Remote storage can be mounted to use
+:::note
+Linux agents move activity logs to a set local path. Remote storage can be mounted to use
 this path for archiving.
+
+:::
@@ -14,7 +14,10 @@ installation and communication. The tab varies based on the type of agent select
 The server name can be modified in the text box. Modifying the name value does not move the activity
 agent to a new server. The credentials can be updated or modified as well.
 
-_Remember,_ **Test** the credentials before clicking OK to ensure a successful connection.
+:::tip
+Remember, **Test** the credentials before clicking OK to ensure a successful connection.
+:::
+
 
 ![Connection Tab for Agent Properties](/img/product_docs/activitymonitor/8.0/admin/agents/properties/connectiontab.webp)
 
@@ -28,15 +31,15 @@ Credential fields:
 - User name – Account provisioned for use by the agent
 - Password – Password for the supplied User name
 
-Permissions
+**Permissions**
 
 This account must be:
 
 - Membership in the local Administrators group
 
 If the user name is not specified, the currently logged in user's account will be used.
 
-Less Privileged Permissions Option
+**Less Privileged Permissions Option**
 
 By default, the agent accepts commands only from members of the local Administrators group. You can
 allow less privileged accounts to manage the agent with the **Management Group** option. Keep in
@@ -75,7 +78,10 @@ Properties window closes.
 The server name can be modified in the text box. Modifying the name value does not move the Linux
 agent to a new server. The credentials can be updated or modified as well.
 
-_Remember,_ **Test** the credentials before clicking OK to ensure a successful connection.
+:::tip
+Remember, **Test** the credentials before clicking OK to ensure a successful connection.
+:::
+
 
 ![linuxconnectiontab](/img/product_docs/activitymonitor/8.0/admin/agents/properties/linuxconnectiontab.webp)
 
@@ -89,7 +95,7 @@ Credential fields:
 - User name – Account provisioned for use by the agent
 - Password – Password for the supplied User name
 
-Permissions
+**Permissions**
 
 This account must be:
 
@@ -100,8 +106,11 @@ The **Trace level** option configures the level for the agent log it includes th
 - Same Level as the Console (uses the global level selected in the console)
 - Trace (the most verbose) many collection points and can slow down
 
-    **CAUTION:** Selecting the **Trace** option can slow down collection due to the large amount of
+    :::warning
+    Selecting the **Trace** option can slow down collection due to the large amount of
     data points
+    :::
+
 
 - Debug
 - Info (recommended)