Configure Monitoring Scope

In some environments, it may not be necessary to monitor the entire IT infrastructure. Netwrix monitoring scope can be configured on the Data Source and/or Item levels. the section below contains examples on how to use omit functionality in Netwrix Auditor.

TIP: In addition to the restrictions for a monitoring plan, you can use the *.txt files to collect more granular audit data. Note that the new monitoring scope restrictions apply together with previous exclusion settings configured in the *.txt files. Review the following for more information: Exclude Objects from Monitoring Scope

Use case Related documentation

Active Directory

I want to omit all activity by a specific service account or service accounts with specific naming pattern.

If Netwrix user is responsible just for a limited scope within corporate AD, s/he needs to omit everything else.

NOTE: Always both activity and state in time data are omitted.

In group/Not in group filters don’t not process groups from omitted OUs.

Logon Activity

I want to omit domain logons by a specific service account or service accounts with specific naming pattern.

File Servers

(including Windows file server, EMC, NetApp, Nutanix File server)

I have a server named StationWin16 where I can't install .Net 4.5 in OU where I keep all member servers. I want to suppress errors from this server by excluding it from the Netwrix auditing scope.

A Security Officer wants to monitor a file share but s/he does not have access to a certain folder on this share. Then, s/he does not want the product to monitor this folder at all.

A Security Officer wants to monitor a file share but s/he does not have access to a certain folder on this share. Then, s/he does not want the product to monitor this folder at all.

A Security Officer wants to monitor a file share, but it contains a folder with a huge amount of objects, so s/he does not want Netwrix Auditor to collect State-in-Time data for this folder.

I want to exclude specific computers within an IP range from the Netwrix auditing scope.

SQL Server

I want to know if corp\administrator user is messing with SQL data.

  • SQL Server

As a Netwrix Auditor administrator I want to exclude the domain\nwxserviceaccount service account activity from SQL server audit so that I get reports without changes made by automatic systems.

  • SQL Server

As a Netwrix Auditor administrator I want to exclude all changes performed by MyCustomTool.

  • SQL Server

SharePoint

I want to exclude the domain\nwxserviceaccount account from data collection as it produces standard activity that doesn't require monitoring.

As a Netwrix Auditor Administrator I want to exclude shared PublicList from read audit.

Windows Server

I have a server named StationWin16 where I can't install .Net 4.5 in OU where I keep all member servers. I want to suppress errors from this server by excluding it from the Netwrix auditing scope.

I want to exclude specific computers within an IP range from the Netwrix auditing scope.

VMware

I have a virtual machine named "testvm" I use for testing purposes, so I want to exclude it from being monitored.