Go Up
You are here: Integration APIIIS Forwarding

IIS Forwarding

NOTE: While you can configure forwarding from any web server, this guide covers IIS configuration procedure only.

You can create a website in IIS and use it as a proxy for forwarding API requests. This is handy if for security reasons you do not want to make the Netwrix Auditor Server host name or address public. In this case, you can create a website with a short and user-friendly name and configure it to redirect requests to a server that hosts Netwrix Auditor Server and actually processes RESTful API requests. You can also configure authentication and authorization on IIS side.

For example, instead of addressing requests to https://172.28.6.15:9699/netwrix/api/v1/ activity_records/enum endpoint, you can send them to https://enterprisewks/ integrationAPI/activity_records/enum.

Configure IIS Forwarding

NOTE: The procedure below applies to IIS 8.5 integrated with Windows Server 2012 R2.

  1. Make sure the Web Server role is installed on your server. Install the following components:

  2. Create IIS website. To do this, navigate to Start Windows Administrative Tools (Windows Server 2016) or Administrative Tools (Windows 2012 R2 and below) Internet Information Services (IIS) Manager. In the left, expand your_computer_name Sites and select Add Website in the Actions pane. Create a website and configure authentication if necessary.

  3. In your site settings, double-click URL Rewrite and select Add Rule(s).

  4. In the Add Rule(s) dialog, select Reverse Proxy. Select OK when prompted to enable Application Request Routing and proceed further.

  5. In the Add Reverse Proxy Rules dialog that opens, provide a Netwrix Auditor Server host name or IP address.

  6. Edit the newly created inbound rule.

  7. On the Edit Inbound Rule page, complete the following fields and click Apply:

    Option Set to...
    Match URL

    Requested URL

    Matches the Pattern

    Using

    Regular Expressions

    Pattern

    activity_records/(.*)

    NOTE: In this case all requests containing "activity_records" will be forwarded. For example, https://Enterprise/IntegrationAPI/ activity_records/enum.

    Ignore case

    Checked

    Action

    Action type

    Rewrite

    Rewrite URL

    https://host:port/netwrix/api/v1/activity_records/{R:1}

    where host:port is the name or IP address of the computer where Netwrix Auditor Server resides and port opened to communication.

    For example:

    https://172.28.6.15:9699/netwrix/api/v1/activity_records/{R:1}

    Append query string

    Checked

    Log rewritten URL

    Cleared

    Stop processing of subsequent rules

    Checked

Now you can send requests to your website that will forward them to proper Netwrix Auditor Integration API endpoints.

Usage Example—Forward Requests

The example below describes how to forward requests to another server.

  1. Configure forwarding as described above.
  2. Retrieve Activity Records from the Audit Database. See Retrieve Activity Records for more information.

    Format Request

    XML

    curl https://172.28.15.126:80/integrationapi/activity_records/ enum -u Enterprise\NetwrixUser:NetwrixIsCool

    JSON

    curl https://172.28.15.126:80/integrationapi/activity_records/ enum?format=json -u Enterprise\NetwrixUser:NetwrixIsCool

  3. The request is automatically forwarded to endpoint starting with https://172.28.6.15:9699/ netwrix/api/v1/activity_records/.
  4. Receive the response. Below is an example of a successful GET request. The status is 200 OK. For XML, a response body contains the ActivityRecordList root element with Activity Records and a Continuation mark inside. For JSON, a response body contains the ActivityRecordList array with Activity Records collected in braces {} and a Continuation mark.

    XML
    <?xml version="1.0" standalone="yes"?>
    <ActivityRecordList xmlns="http://schemas.netwrix.com/api/v1/activity_records/">
    <ContinuationMark>PG5yPjxuIG49IntFNzA...PjwvYT48L24+PC9ucj4A</ContinuationMark>
    <ActivityRecord>
    <MonitoringPlan>
    <Name>AD Monitoring</Name>
    <ID>{42F64379-163E-4A43-A9C5-4514C5A23798}</ID>
    </MonitoringPlan>
    <DataSource>Active Directory</DataSource>
    <Item>
    <Name>enterprise.local (Domain)</Name>
    </Item>
    <ObjectType>user</ObjectType>
    <RID>20160215110503420B9451771F5964A9EAC0A5F35307EA155</RID>
    <What>\local\enterprise\Users\Jason Smith</What>
    <Action>Added</Action>
    <When>2017-02-14T15:42:34Z</When>
    <Where>EnterpriseDC1.enterprise.local</Where>
    <Who>ENTERPRISE\Administrator</Who>
    <Workstation>EnterpriseDC1.enterprise.local</Workstation>
    </ActivityRecord>
    <ActivityRecord>...</ActivityRecord>
    <ActivityRecord>...</ActivityRecord>
    </ActivityRecordList>
    JSON
    {
    "ActivityRecordList": [
    {
    "Action": "Added",
    "MonitoringPlan" : {
    "ID": "{42F64379-163E-4A43-A9C5-4514C5A23798}",
    "Name": "AD Monitoring"
    },
    "DataSource": "Active Directory",
    "Item": {"Name": "enterprise.local (Domain)"},
    "ObjectType": "user",
    "RID": "20160215110503420B9451771F5964A9EAC0A5F35307EA155",
    "What": "\\local\\enterprise\\Users\\Jason Smith",
    "When": "2017-02-14T15:42:34Z",
    "Where": "EnterpriseDC1.enterprise.local",
    "Who": "ENTERPRISE\\Administrator",
    "Workstation": "EnterpriseDC1.enterprise.local"
    },
    {...},
    {...}
    ],
    "ContinuationMark": "PG5yPjxuIG49IntFNzA...PjwvYT48L24+PC9ucj4A"
    }
  5. Continue retrieving Activity Records. See Usage Example—Retrieve All Activity Records for more information.

Go Up