Go Up
You are here: Integration APIAdd-OnsAvailable Add-Ons

Available Add-Ons

At the time of Netwrix Auditor 9.8 release, the following add-ons were verified and posted in Add-ons Store.

Name Technology Data in/out Description

Add-on for Amazon Web Services

PowerShell

In

Exports user activity data from your Amazon Web Services using CloudTrail and feeds events to the Audit Database. Use this script if you want to get more out of native Amazon auditing.

CEF Export Add-on

PowerShell

Out

Exports Activity Records from the Audit Database to a CEF file. Use this script to integrate data collected by Netwrix Auditor with SIEM solutions that use CEF files as input data.

Event Log Export Add-on

PowerShell

Out

Exports Activity Records from the Audit Database to a custom Windows event log—Netwrix_Auditor_Integration. Use this script to integrate data collected by Netwrix Auditor with SIEM solutions that use events as input data.

Starting with Netwrix Auditor 9.8, this add-on provides a universal solution for integration with the following SIEM systems:

  1. Splunk
  2. IBM QRadar
  3. AlienVault USM
  4. Solarwinds Log & Event Manager
  5. Intel Security
  6. LogRhythm

Add-on for ArcSight

PowerShell

Out

Exports Activity Records from the Audit Database to ArcSight in its native CEF format. Use this script to integrate Netwrix Auditor with ArcSight and extend auditing possibilities.

Add-on for RADIUS server

PowerShell

In

Exports RADIUS logon events from the Security event log and feeds them to the Audit Database. Use this script to track logon activity on servers with RADIUS protocol enabled.

The add-on works in collaboration with Netwrix Auditor for Active Directory, collecting additional data that augments the data collected by Netwrix Auditor. Aggregating data into a single audit trail simplifies logon activity analysis and helps you keep tabs on your IT infrastructure.

Add-on for Splunk

PowerShell

Out

Exports Activity Records from the Audit Database to a custom Windows event log. Use this script to integrate Netwrix Auditor with Splunk and extend auditing possibilities.

Add-on for Nutanix Files

C#

In

Implemented as a service, the add-on listens to TCP port and feeds events to the Audit Database. Use this add-on if you want to include file operations on the Nutanix Files storage system in your audit trail.

Add-on for Generic Linux Syslog

C#

In

Implemented as a service, the add-on listens to UDP port and feeds events from Syslog-based devices to the Audit Database. The add-on comes with processing rules for rsyslog messages. Use this add-on if you want to include Red Hat Enterprise Linux 7 and 6, SUSE Linux Enterprise Server 12, openSUSE 42, and Ubuntu 16, etc., activity in your audit trail.

Add-on for Privileged User Monitoring on Linux and Unix

C#

In

Implemented as a service, the add-on listens to UDP port and feeds events from Syslog-based devices to the Audit Database. The add-on comes with processing rules for rsyslog messages. Use this add-on if you want to detect SUDO commands and remote access (SSH) on Red Hat Enterprise Linux 7 and 6, SUSE Linux Enterprise Server 12, openSUSE 42, and Ubuntu 16, etc.

Add-on for ServiceNow Incident Management

C#

Out Implemented as a service, the add-on facilitates data transition from Netwrix Auditor and automates ticket creation in ServiceNow Istanbul and Helsinki.

Netwrix Auditor Integration API uses HTTPS with an automatically generated certificate for running requests to its endpoints. By default, add-ons are configured to accept all certificates that is appropriate for evaluation purposes and allows running the script without adjusting.

Refer to Security for detailed instructions on how to assign a new certificate and enable trust on remote computers.

Go Up