Interactive Search

Netwrix Auditor delivers complete visibility into your IT infrastructure. Its convenient interactive search interface enables you to investigate incidents and browse data collected across the entire IT infrastructure. When running a search, you are not limited to a certain data source, change type, or object name. You can create flexible searches that provide you with precise results on who changed what, and when and where each change was made.

Looking for real-life use cases and walk through examples? Check out Netwrix training materials. Go the Interactive Search page on Netwrix website.

NOTE: To review intelligence data, you must be assigned the Global administrator or Global reviewer role in the product. The users assigned the Reviewer role on a certain plan or folder have a limited access to data—only within a delegated scope. See Role-based access and delegation for more information.

This functionality is currently available for the following data sources:

  • Active Directory
  • Azure AD
  • Exchange
  • Exchange Online
  • File Servers (Windows File Servers, EMC, and NetApp)
  • Network Devices
  • Oracle Database
  • SharePoint
  • SharePoint Online
  • SQL Server
  • VMware
  • Windows Server
  • Group Policy
  • Logon Activity
  • User Activity (Video)
  • and Netwrix API—data imported to the Audit Database from other sources using Netwrix Auditor Integration API
  • Netwrix Auditor Self-Audit

NOTE: Netwrix Auditor shows only the top 2,000 entries in the search results.

The "Netwrix Auditor Self-Audit" option is inabled in Settings by default. Self-audit allows tracking every change to monitoring plan, data source, and audit scope and details about it (before-after values). If you want to skip Netwrix Auditor security events in your seach results, navigate to Settings and disable self audit. See Netwrix Auditor Self-Audit for more information.