Go Up
You are here: IntelligenceInteractive Search

Interactive Search

Netwrix Auditor delivers complete visibility into your IT infrastructure. Its convenient interactive search interface enables you to investigate incidents and browse data collected across the entire IT infrastructure. When running a search, you are not limited to a certain data source, change type, or object name. You can create flexible searches that provide you with precise results on who changed what, and when and where each change was made.

Looking for real-life use cases and walk through examples? Check out Netwrix training materials. Go the Interactive Search page on Netwrix website.

NOTE: To review intelligence data, you must be assigned the Global administrator or Global reviewer role in the product. The users assigned the Reviewer role on a certain plan or folder have a limited access to data—only within a delegated scope. See Role-Based Access and Delegation for more information.

This functionality is currently available for the following data sources:

  • Active Directory
  • Azure AD
  • Exchange
  • Exchange Online
  • File Servers (Windows File Servers, EMC, and NetApp)
  • Oracle Database
  • SharePoint
  • SharePoint Online
  • SQL Server
  • VMware
  • Windows Server
  • Group Policy
  • Logon Activity
  • User Activity (Video)
  • and Netwrix API—data imported to the Audit Database from other sources using Netwrix Auditor Integration API

NOTE: Netwrix Auditor shows only the top 2,000 entries in the search results.

To browse your audit data

  1. On the main Netwrix Auditor page, navigate to Search.
  2. Do one of the following:

  3. Review the search results and see details for each particular change or watch a video recording.

    • Click on a column to sort results by this column (e.g., by date or by account name).
    • Double-click an entry to see details specific to this change (the before and after values, the start and end date, etc.). Click Read more... to see all information regarding this change and copy it if necessary. In case of User Activity entries, click the Show video... link below the entry. Review details and play a video by clicking Show Video.

    NOTE: If you are sure that some audit data is missing (e.g., you do not see information on your file servers in reports and search results), verify that the Audit Database settings are configured and that data is written to databases that reside on the default SQL Server instance.

    By default, Netwrix Auditor allows generating reports and running interactive searches on data collected in the last 180 days. If you want to investigate incidents that occurred more than 180 days ago, ask your Netwrix Auditor Global administrator to import that data from the Long-Term Archive.

  4. Use search results for your own needs: save and share results, create search-based subscriptions and alerts, etc. See Make Search Results Actionable for more information.
  5. By default, each search opens in the same window and overwrites the previous search results. Click Open in new window to compare several searches.

Go Up