netwrix · sreeparnas · Jul 16, 2025 · Jul 15, 2025 · Jul 15, 2025 · Jul 15, 2025
@@ -13,7 +13,10 @@ every domain controller, including the read only domain controllers. However, it
 deploy the agents in batches. Follow the steps to deploy the AD agents to the domain controllers in
 the target domain.
 
-**NOTE:** These steps are specific to deploying AD agents for monitoring Active Directory.
+:::note
+These steps are specific to deploying AD agents for monitoring Active Directory.
+:::
+
 
 **Step 1 –** On the Agents tab, click Add agent to open the Add New Agent(s) window.
 
@@ -22,8 +25,11 @@ the target domain.
 **Step 2 –** Click on the Install agents on Active Directory domain controllers link to deploy
 activity agents to multiple domain controllers.
 
-**NOTE:** The Activity Monitor will validate the entered Host Name or IP Address entered in the
+:::note
+The Activity Monitor will validate the entered Host Name or IP Address entered in the
 **Server Name** text box.
+:::
+
 
 ![Specify Agent Port](/img/product_docs/activitymonitor/7.1/install/agent/portdefault.webp)
 
@@ -33,7 +39,10 @@ activity agents to multiple domain controllers.
 
 **Step 4 –** Select the agent installation path.
 
-**_RECOMMENDED:_** Use the default installation path.
+:::info
+Use the default installation path.
+:::
+
 
 ![Active Directory Connection page with blank text boxes](/img/product_docs/activitymonitor/7.1/admin/agents/add/adconnectionblank.webp)
 
@@ -44,8 +53,11 @@ is a member of BUILTIN\Administrators group on the domain. Then, click **Connect
 
 When the connection is successful, the Next button is enabled. Click Next to continue.
 
-**NOTE:** An Administrator’s credentials are required to test the connection to the server. This is
+:::note
+An Administrator’s credentials are required to test the connection to the server. This is
 the only way to enable the Next button.
+:::
+
 
 ![Domains to Monitor page](/img/product_docs/activitymonitor/7.1/admin/agents/add/domainstomonitorpage.webp)
 
@@ -58,8 +70,11 @@ default. Check/uncheck the boxes as desired to identify the domains to monitor,
 display in a list, checked by default. Check/uncheck the boxes as desired to identify the domain
 controllers where the AD agent is to be deployed.
 
-**NOTE:** Agents can be gradually deployed, but the AD agent needs to be installed on all domain
+:::note
+Agents can be gradually deployed, but the AD agent needs to be installed on all domain
 controllers to monitor all activity of the domain.
+:::
+
 
 ![Test Connection to Domain Controller](/img/product_docs/activitymonitor/7.1/admin/agents/add/dcsdeployagentconnection.webp)
 

@@ -6,7 +6,7 @@ sidebar_position: 30
 
 # Linux Agent Deployment
 
-Understanding Linux File Activity Monitoring
+**Understanding Linux File Activity Monitoring**
 
 The Activity Monitor can be configured to monitor the following:
 
@@ -81,10 +81,13 @@ Netwrix Activity Monitor requires to generate ECDSA Key with a blank passphrase
 cat ~/.ssh/id_ecdsa.pub >> ~/.ssh/authorized_keys
 ```
 
-**NOTE:** It is required to add public key to authorized keys for Activity Monitor. By default, a
+:::note
+It is required to add public key to authorized keys for Activity Monitor. By default, a
 private key is generated at ~/.ssh/id_ecdsa location along with the public key (.pub file). A user
 can use a different file location. Copy the following command into a command prompt to generate a
 private key for Activity Monitorto use:
+:::
+
 
 ```
 cat ~/.ssh/id_ecdsa

@@ -12,8 +12,11 @@ servers. See the
 [Activity Agent Server Requirements](/docs/activitymonitor/7.1/requirements/activityagent/activityagent.md) topic
 for additional information.
 
-**NOTE:** These steps are specific to deploying activity agents for monitoring supported target
+:::note
+These steps are specific to deploying activity agents for monitoring supported target
 environments.
+:::
+
 
 **Step 1 –** On the Agents tab, click Add agent to open the Add New Agent(s) window.
 
@@ -98,7 +101,7 @@ The options for connecting with a Public Key are:
 To connect with a Client Certificate, select the Client Certificate (for already installed agents)
 option. Copy the following command into a command prompt:
 
-activity-monitor-agentd --create-client-certificate --client-name [NAME]
+**activity-monitor-agentd --create-client-certificate --client-name [NAME]**
 
 Using an existing Client Certificate installs a new agent without using SSH.
 

@@ -52,8 +52,11 @@ The table of servers hosting activity agents provides the following information:
 - Server Name – Name or IP Address of the server hosting an activity agent
 - Status – Status of the deployed activity agent(s)
 
-    **NOTE:** If the AD agent has been deployed, a status of “outdated” could apply to either the
+    :::note
+    If the AD agent has been deployed, a status of “outdated” could apply to either the
     activity agent or the AD agent installed on the domain controller.
+    :::
+
 
 - Version – Version of the deployed activity agent
 - AD Module – Version of the deployed AD agent
@@ -68,8 +71,11 @@ The **Agent messages** box displays any error or warning messages from the selec
 These messages are related to deployment/installation, communication between the console and the
 activity/AD agent, and upgrade of an activity/AD agent.
 
-**NOTE:** Activity agents from Activity Monitor v3.1+ can now be controlled by Activity Monitor
+:::note
+Activity agents from Activity Monitor v3.1+ can now be controlled by Activity Monitor
 v4.0+ Console.
+:::
+
 
 For additional information on how to deploy agents manually, see the
 [Agent Information](/docs/activitymonitor/7.1/install/agents/agents.md) topic.
@@ -19,17 +19,23 @@ The Agent Settings allow users to control the AD agent’s properties:
 - Safe Mode – If selected, the AD agent checks LSASS versions upon start up. Any change in LSASS
   since the previous start prevents the monitoring modules from loading.
 
-    **NOTE:** This is a safety measure that disables monitoring if the environment changes as in
+    :::note
+    This is a safety measure that disables monitoring if the environment changes as in
     rare cases the instrumentation may cause LSASS crashes. Should the version change occur, a
     warning will be shown next to the agent on the Agents page. The **Start pending modules** button
     allows you to force the agent to enable monitoring.
+    :::
+
 
 - Enable DNS Host Name Resolution – If selected, the AD agent looks up the missing data (a NetBIOS
   name, a Fully Qualified Domain Name, or an IP Address) that is missing fromthe event
 
-    **NOTE:** This provides more uniform data, but may have a performance impact on the machine
+    :::note
+    This provides more uniform data, but may have a performance impact on the machine
     where the AD agent is deployed, especially if that machine does not handle the name resolution
     locally.
+    :::
+
 
 Click **OK** to commit the modifications. Click **Cancel** to discard the modifications. The Agent
 Properties window closes.
@@ -51,9 +57,12 @@ See the following sections for additional information:
 To transfer Active Directory Activity Monitoring from the Activity Monitor to Threat Prevention,
 deploy Threat Prevention Agents to targeted domain controllers.
 
-**NOTE:** If Threat Prevention installed SI Agents on domain controllers before the Activity Monitor
+:::note
+If Threat Prevention installed SI Agents on domain controllers before the Activity Monitor
 AD agents were deployed, then skip to the next set of instructions to configure Active Directory
 Monitoring through Threat Prevention.
+:::
+
 
 If Threat Prevention data is not used by other Netwrix products, uninstall the activity agent from
 the domain controllers if you do not plan to receive Active Directory activity in Activity Monitor

@@ -22,8 +22,11 @@ The Additional Properties tab for the Activity Agent has the following configura
     - Same Level as the Console (uses the global level selected in the console)
     - Trace (the most verbose) many collection points and can slow down
 
-        **CAUTION:** Selecting the **Trace** option can slow down collection due to the large amount
+        :::warning
+        Selecting the **Trace** option can slow down collection due to the large amount
         of data points
+        :::
+
 
     - Debug
     - Info (recommended)
@@ -43,8 +46,11 @@ data (ETW) can be useful for problems related to the following:
 When this is needed, enable the **Collect extended debugging data (ETW) from the Windows driver when
 the Trace level is activated** option to diagnose these problems.
 
-**CAUTION:** Selecting this option collects a large amount of data. Therefore, it is important to
+:::warning
+Selecting this option collects a large amount of data. Therefore, it is important to
 enable it only for short periods of time. Otherwise, the trace file may overflow with data.
+:::
+
 
 In general for troubleshooting, start with trace logs. If the root cause of the problem might be a
 low-level functionality the driver, then the ETW logs must be enabled.
@@ -65,8 +71,11 @@ The Additional Properties tab for the Linux Agent has the following configuratio
     - Same Level as the Console (uses the global level selected in the console)
     - Trace (the most verbose) many collection points and can slow down
 
-        **CAUTION:** Selecting the **Trace** option can slow down collection due to the large amount
+        :::warning
+        Selecting the **Trace** option can slow down collection due to the large amount
         of data points
+        :::
+
 
     - Debug
     - Info (recommended)

@@ -46,5 +46,8 @@ The options below the **Configure** button are:
 Click **OK** to commit the modifications. Click **Cancel** to discard the modifications. The Agent
 Properties window closes.
 
-**NOTE:** Linux agents move activity logs to a set local path. Remote storage can be mounted to use
+:::note
+Linux agents move activity logs to a set local path. Remote storage can be mounted to use
 this path for archiving.
+
+:::
@@ -14,7 +14,10 @@ installation and communication. The tab varies based on the type of agent select
 The server name can be modified in the text box. Modifying the name value does not move the activity
 agent to a new server. The credentials can be updated or modified as well.
 
-_Remember,_ **Test** the credentials before clicking OK to ensure a successful connection.
+:::tip
+Remember, **Test** the credentials before clicking OK to ensure a successful connection.
+:::
+
 
 ![Connection Tab for Agent Properties](/img/product_docs/activitymonitor/7.1/admin/agents/properties/connectiontab.webp)
 
@@ -28,15 +31,15 @@ Credential fields:
 - User name – Account provisioned for use by the agent
 - Password – Password for the supplied User name
 
-Permissions
+**Permissions**
 
 This account must be:
 
 - Membership in the local Administrators group
 
 If the user name is not specified, the currently logged in user's account will be used.
 
-Less Privileged Permissions Option
+**Less Privileged Permissions Option**
 
 By default, the agent accepts commands only from members of the local Administrators group. You can
 allow less privileged accounts to manage the agent with the **Management Group** option. Keep in
@@ -75,7 +78,10 @@ Properties window closes.
 The server name can be modified in the text box. Modifying the name value does not move the Linux
 agent to a new server. The credentials can be updated or modified as well.
 
-_Remember,_ **Test** the credentials before clicking OK to ensure a successful connection.
+:::tip
+Remember, **Test** the credentials before clicking OK to ensure a successful connection.
+:::
+
 
 ![linuxconnectiontab](/img/product_docs/activitymonitor/7.1/admin/agents/properties/linuxconnectiontab.webp)
 
@@ -89,7 +95,7 @@ Credential fields:
 - User name – Account provisioned for use by the agent
 - Password – Password for the supplied User name
 
-Permissions
+**Permissions**
 
 This account must be:
 
@@ -100,8 +106,11 @@ The **Trace level** option configures the level for the agent log it includes th
 - Same Level as the Console (uses the global level selected in the console)
 - Trace (the most verbose) many collection points and can slow down
 
-    **CAUTION:** Selecting the **Trace** option can slow down collection due to the large amount of
+    :::warning
+    Selecting the **Trace** option can slow down collection due to the large amount of
     data points
+    :::
+
 
 - Debug
 - Info (recommended)

@@ -15,8 +15,11 @@ activity from several CEEs at the same time. Among them can be a local Windows C
 and Linux CEEs. Windows versions of CEEs can use both RPC and HTTP protocols. Linux versions can
 only support HTTP protocols.
 
-**NOTE:** Dell CEE can be installed on the same host as the activity agent, or on a different host.
+:::note
+Dell CEE can be installed on the same host as the activity agent, or on a different host.
 If it is installed on the same host, the activity agent can configure it automatically.
+:::
+
 
 ![EMC CEE Options  Tab](/img/product_docs/activitymonitor/7.1/admin/agents/properties/emcceeoptionstab.webp)
 
@@ -49,7 +52,10 @@ The options are:
         - IPv4 or IPv6 allowlist – Specify IP addresses of CEE instance that are allowed to connect
           to the agent via the HTTP protocol. Leave blank to accept connections from any host.
 
-**NOTE:** For Remote Windows CEE or Linux CEE, Manual Configuration is needed.
+:::note
+For Remote Windows CEE or Linux CEE, Manual Configuration is needed.
+:::
+
 
 Click **OK** to commit the modifications. Click **Cancel** to discard the modifications. The Agent
 Properties window closes.
@@ -96,11 +102,17 @@ Activity Monitor. The default is 60 seconds. The range is from 60 seconds to 600
 **Step 5 –** Set `MaxEventsPerFeed` to how many events must occur before information is sent from
 CEE to Activity Monitor. The default is 100 events. The range is from 10 events to 10,000 events.
 
-**NOTE:** The `FeedInterval` and `MaxEventsPerFeed` delivery cadences are used simultaneously.
+:::note
+The `FeedInterval` and `MaxEventsPerFeed` delivery cadences are used simultaneously.
+:::
+
 
 **Step 6 –** Restart the CEE Monitor service.
 
-**NOTE:** All protocol strings are case sensitive.
+:::note
+All protocol strings are case sensitive.
+:::
+
 
 ## Linux CEE Manual Configuration
 
@@ -179,15 +191,18 @@ If you want to send activity to several 3rd party applications, separate them wi
 ```xml
 <Audit>
 
-<Configuration>
+**<Configuration>**
 
 <Enabled>1</Enabled>
 
-<EndPoint>[email protected]:12345;StealthAUDIT@http://[IP Address]:[Port]</EndPoint>
+**<EndPoint>[email protected]:12345;StealthAUDIT@http://[IP Address]:[Port]</EndPoint>**
 
 </Configuration>
 
 </Audit>
 ```
 
-**NOTE:** All protocol strings are case sensitive.
+:::note
+All protocol strings are case sensitive.
+
+:::
@@ -45,8 +45,11 @@ configured interval. The alert is sent to the Syslog configured on the **Syslog
     - TCP
     - TLS
 
-        **NOTE:** The TCP and TLS protocols add the **Message framing** drop-down menu. **Message
+        :::note
+        The TCP and TLS protocols add the **Message framing** drop-down menu. **Message
         framing** options include:
+        :::
+
 
         - LS (ASCII 10) delimiter
         - CR (ASCII 13) delimiter

@@ -18,8 +18,11 @@ The available Agent server settings for Nutanix are:
   connect to the agent server port. Multiple addresses can be entered separated by space, comma (,),
   semicolon (;), or as a multi-line list. Leave the box blank to accept connections from any hosts.
 
-    **NOTE:** This setting is optional and it allows you to improve security by limiting the number
+    :::note
+    This setting is optional and it allows you to improve security by limiting the number
     of IP addresses allowed to connect.
+    :::
+
 
 Click **OK** to commit the modifications. Click **Cancel** to discard the modifications. The Agent
 Properties window closes.
@@ -11,8 +11,11 @@ Before deploying the activity agent, ensure all
 have been met, including those for NAS devices when applicable. Follow the steps to deploy the
 activity agent to a single Windows server.
 
-**NOTE:** These steps are specific to deploying activity agents for monitoring supported target
+:::note
+These steps are specific to deploying activity agents for monitoring supported target
 environments.
+:::
+
 
 **Step 1 –** On the Agents tab, click Add agent to open the Add New Agent(s) window.