netwrix · farzanajafar · Jul 15, 2025 · Jul 15, 2025
@@ -40,11 +40,14 @@ Directory Sync in the navigation pane.
 
 ## Add an Active Directory Sync Policy
 
-**NOTE:** Prior to adding an Active Directory Sync policy, you must first configure a Credential
+:::note
+Prior to adding an Active Directory Sync policy, you must first configure a Credential
 Profile with credentials properly provisioned for running the sync operation for the domain. See the
 [Application Server Requirements](/docs/threatmanager/3.0/requirements/server.md) topic for the permissions. See
 the [Credential Profile Page](/docs/threatmanager/3.0/administration/configuration/integrations/credentialprofile.md) topic for additional information on creating a
 profile.
+:::
+
 
 Follow the steps to add a domain/Active Directory sync policy.
 
@@ -137,14 +140,20 @@ The Domain Configuration tab displays the following settings:
   [Max-Renew-Age attribute](https://docs.microsoft.com/en-us/windows/win32/adschema/a-maxrenewage)
   article for additional information.
 
-    **NOTE:** This value is required to accurately evaluate the Golden Ticket threat.
+    :::note
+    This value is required to accurately evaluate the Golden Ticket threat.
+    :::
+
 
 - Max Ticket Age (hours) – Displays the value indicates the maximum number of hours of the Ticket
   Age for the domain. This value must match the domain configuration. See the Microsoft
   [Max-Ticket-Age attribute](https://docs.microsoft.com/en-us/windows/win32/adschema/a-maxticketage)
   article for additional information.
 
-    **NOTE:** This value is required to accurately evaluate the Golden Ticket threat.
+    :::note
+    This value is required to accurately evaluate the Golden Ticket threat.
+    :::
+
 
 - Use SSL – Indicates whether you have enabled SSL for secure communication with the domain. See the
   Microsoft
@@ -197,16 +206,22 @@ represented by the domain for which it is created.
 
 **Step 2 –** The Domain Configuration tab opens, where you can make the desired modification.
 
-_Remember,_ the domain cannot be modified.
+:::tip
+Remember, the domain cannot be modified.
+:::
+
 
 ![Active Directory Sync details page for a specific domain showing the Domain Configuration tab](/img/product_docs/threatmanager/3.0/administration/configuration/integrations/domainconfigurationtab.webp)
 
 **Step 3 –** To modify the Credential Profile, select the Credential Profile by name from the
 drop-down menu. This was pre-created in the Credential Profiles page.
 
-**NOTE:** If you modify the Credential Profile for a domain, click **Test Connection** to ensure
+:::note
+If you modify the Credential Profile for a domain, click **Test Connection** to ensure
 connection to the domain. This will take a moment. Then a message will appear in the upper right
 corner of the console indicating a successful or failed connection.
+:::
+
 
 **Step 4 –** Click the toggle to change the Enabled/Disabled state of the policy.
 

@@ -34,7 +34,10 @@ Follow the steps to generate an app token.
 **Step 3 –** Enter a Name for the token in the Name field, and a Description for the token in the
 Description field.
 
-**_RECOMMENDED:_** Identify the data source for this app in either the Name or Description fields.
+:::info
+Identify the data source for this app in either the Name or Description fields.
+:::
+
 
 **Step 4 –** Click Add to generate the app token.
 

@@ -17,7 +17,7 @@ select a profile from the table or under Credential Profile in the navigation pa
 See the [Application Server Requirements](/docs/threatmanager/3.0/requirements/server.md) topic for information on
 permission requirements for each type of task.
 
-Best Practice Recommendation
+**Best Practice Recommendation**
 
 It is a best practice to:
 

@@ -63,9 +63,12 @@ Follow the steps to configure email notifications.
 - URL – Enter the URL to the application console to be included in the email as a link. By default,
   this is set to `http://localhost:8080/`
 
-**_RECOMMENDED:_** When first configuring email notification, enter your email in the Send Alerts To
+:::info
+When first configuring email notification, enter your email in the Send Alerts To
 field for the connection test completed in Step 4. Once the test is successful, replace your email
 with the desired recipients.
+:::
+
 
 **Step 4 –** Click **Send Test Email** to send a test notification to the configured email
 address(es). Validate the email was sent by checking that the recipient received the email.

@@ -32,12 +32,15 @@ navigation pane from the Microsoft Entra ID Sync drop-down.
 
 ## Add an Entra ID Sync Policy
 
-**NOTE:** Prior to adding a Microsoft Entra ID Sync policy, you must first configure a Credential
+:::note
+Prior to adding a Microsoft Entra ID Sync policy, you must first configure a Credential
 Profile with a credential properly provisioned for running Microsoft Entra ID Sync within the
 Microsoft Entra ID tenant. See the
 [Application Server Requirements](/docs/threatmanager/3.0/requirements/server.md) topic for the permissions. See
 the [Credential Profile Page](/docs/threatmanager/3.0/administration/configuration/integrations/credentialprofile.md) topic for additional information on creating a
 profile.
+:::
+
 
 Follow the steps to add a policy Microsoft Entra ID Sync.
 
@@ -145,16 +148,22 @@ Follow the steps to modify the Entra ID Sync policy for the selected Microsoft
 
 **Step 2 –** On the Tenant Configuration tab, make the desired modification.
 
-_Remember,_ the Tenant and Azure Cloud fields cannot be modified.
+:::tip
+Remember, the Tenant and Azure Cloud fields cannot be modified.
+:::
+
 
 ![tenantconfigurationtab](/img/product_docs/threatmanager/3.0/administration/configuration/integrations/tenantconfigurationtab.webp)
 
 **Step 3 –** To modify the Credential Profile, select the Credential Profile by name from the
 drop-down menu. This was pre-created in the Credential Profiles page.
 
-**NOTE:** If you modify the Credential Profile for a Microsoft Entra ID tenant, click **Test
+:::note
+If you modify the Credential Profile for a Microsoft Entra ID tenant, click **Test
 Connection** to ensure connection to the tenant. This will take a moment. Then a message will appear
 in the upper right corner of the console indicating a successful or failed connection.
+:::
+
 
 **Step 4 –** Click the toggle to change the Enabled/Disabled state of the policy.
 

@@ -29,7 +29,7 @@ The Shared Folders table has the following columns:
 - Last Time tested – Date timestamp when the the shared folder was tested to ensure it is configured
   correctly
 
-Additional Options
+**Additional Options**
 
 When you hover over a row within the Shared Folders table, three additional options are displayed:
 
@@ -60,9 +60,12 @@ Investigation exports will now be saved to the designated local folder on the ap
 
 ## Add a Shared Folder
 
-**NOTE:** Prior to adding a shared folder, you must first configure a Credential Profile with Write
+:::note
+Prior to adding a shared folder, you must first configure a Credential Profile with Write
 access to the shared folder. See the [Credential Profile Page](/docs/threatmanager/3.0/administration/configuration/integrations/credentialprofile.md) topic for
 additional information on creating a profile.
+:::
+
 
 You can specify a shared folder for exporting investigations data from subscriptions through the
 Integrations menu. Follow the steps to add a shared folder.

@@ -28,10 +28,13 @@ Netwrix Integrations in the navigation pane.
 
 ## Add a Netwrix Integration
 
-**NOTE:** Prior to adding a Netwrix Integration, you must first configure a Credential Profile with
+:::note
+Prior to adding a Netwrix Integration, you must first configure a Credential Profile with
 credentials properly provisioned for connecting to the database. See the
 [Credential Profile Page](/docs/threatmanager/3.0/administration/configuration/integrations/credentialprofile.md) topic for additional information on creating a
 profile.
+:::
+
 
 Follow the steps below to add a Netwrix Integration.
 
@@ -76,8 +79,11 @@ error and repeat this step until a successful connection is established.
 
 The NetwrixIntegration is listed in the Integrations navigation pane.
 
-**NOTE:** For integration with Netwrix Threat Prevention, you can add both the main `NVMonitorData`
+:::note
+For integration with Netwrix Threat Prevention, you can add both the main `NVMonitorData`
 database and the archive database, if one has been configured.
+:::
+
 
 ## Netwrix Integration Details
 
@@ -186,15 +192,21 @@ Netwrix Integration.
 **Step 4 –** To modify the Credential Profile, select the Credential Profile by name from the
 drop-down menu. This was pre-created in the Credential Profiles page.
 
-**NOTE:** If you modify the Credential Profile for a domain, click **Test Connection** to ensure
+:::note
+If you modify the Credential Profile for a domain, click **Test Connection** to ensure
 connection to the database. This will take a moment. Then a message will appear in the upper right
 corner of the console indicating a successful or failed connection.
+:::
+
 
 **Step 5 –** For the Configuration Catalog Name, modify the value by typing in the textbox.
 
 **Step 6 –** For the Catalog Name, modify the value by typing in the textbox.
 
-_Remember,_ the Integration Service URL value should not be modified.
+:::tip
+Remember, the Integration Service URL value should not be modified.
+:::
+
 
 **Step 7 –** Check or uncheck the Show Deleted Policies box as desired.
 

@@ -19,7 +19,7 @@ The details page for a SAML authentication provider has two tabs:
 - Configuration
 - Users/Groups
 
-Prerequisites
+**Prerequisites**
 
 For users to be able to use SAML, "SMTP" must be set up and an email address must be stored with the
 respective users.

@@ -32,7 +32,10 @@ Follow the instructions to enable SIEM notifications.
     - CEF template – Threat data is sent to the SIEM application in the standard CEF format
     - Custom template – Threat data is sent to the SIEM application in a customized format
 
-        **NOTE:** Only one custom template can be implemented.
+        :::note
+        Only one custom template can be implemented.
+        :::
+
 
     - Notification template – Threat data is sent to the SIEM application in a basic notification
       format:

@@ -31,8 +31,11 @@ The out-of-the-box tags include:
 - Stale – An Active Directory user account marked as stale
 - Watchlist – Watchlist users
 
-**NOTE:** Any users with the Watchlist tag will be displayed on the Threat Manager
+:::note
+Any users with the Watchlist tag will be displayed on the Threat Manager
 [Home Page](/docs/threatmanager/3.0/administration/home.md) Watchlist.
+:::
+
 
 The table displays the following information for available tags:
 
@@ -97,7 +100,10 @@ This page provides the following information:
 
 On the tag details window, click the Type drop-down menu to apply a filter.
 
-**_RECOMMENDED:_** Apply the desired Type filters when searching for objects to tag.
+:::info
+Apply the desired Type filters when searching for objects to tag.
+:::
+
 
 ![Honeypot tag with the Types drop-down menu open](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/integrations/typefilters.webp)
 

@@ -63,16 +63,22 @@ select the other **LDAP Monitoring** event type in the list above.
 **Step 8 –** Select the line below the last existing query filter and paste the string copied from
 Threat Manager.
 
-_Remember,_ the Honeytoken tab of the
+:::tip
+Remember, the Honeytoken tab of the
 [Netwrix Threat Manager Configuration Window](/docs/threatmanager/3.0/install/integration/threatprevention/threatmanagerconfiguration.md)
 must be configured in order to successfully send LDAP monitoring data to Threat Manager.
+:::
+
 
 ### Configure LDAP Monitoring in the Activity Monitor
 
 Follow the steps to configure LDAP monitoring within Netwrix Activity Monitor for Netwrix Threat
 Manager.
 
-**NOTE:** LDAP Monitoring is not enabled, it must be enabled in the Monitored Domains tab.
+:::note
+LDAP Monitoring is not enabled, it must be enabled in the Monitored Domains tab.
+:::
+
 
 ![Activity Monitor with SD Only](/img/product_docs/activitymonitor/8.0/admin/monitoreddomains/actiivtymonitordomainsdonly.webp)
 

@@ -39,9 +39,12 @@ A Honeytoken-type policy adds Honeytokens, which are fake credentials stored in
 attack scans memory they may try to authenticate or query the domain for information about the
 account. Policies for Honeytokens are added on the Policies page.
 
-**NOTE:** When a Honeytoken name is specified and the policy is enabled, this policy becomes
+:::note
+When a Honeytoken name is specified and the policy is enabled, this policy becomes
 immediately valid for Honeytoken threat detection. Please refer to
 [Configure Honeytoken Threats](/docs/threatmanager/3.0/administration/configuration/policies/honeytoken.md) for Honeytoken naming best practices.
+:::
+
 
 Follow the steps to add a policy.
 
@@ -55,8 +58,11 @@ Follow the steps to add a policy.
 
 - Name – The name for the policy
 
-    **NOTE:** See [Configure Honeytoken Threats](/docs/threatmanager/3.0/administration/configuration/policies/honeytoken.md) for best practices for naming a
+    :::note
+    See [Configure Honeytoken Threats](/docs/threatmanager/3.0/administration/configuration/policies/honeytoken.md) for best practices for naming a
     Honeytoken.
+    :::
+
 
 - Description – The description for the policy
 - Enabled – The policy is set to OFF or disabled by default. Click the red X to set the Honeytoken