Go Up
You are here: AdministrationMonitored actions, object types and attributesConfiguring monitoring scope

Configure Monitoring Scope

In some environments, it may not be necessary to monitor the entire IT infrastructure. Netwrix monitoring scope can be configured on the Data Source and/or Item levels. the section below contains examples on how to use omit functionality in Netwrix Auditor.

TIP: In addition to the restrictions for a monitoring plan, you can use the *.txt files to collect more granular audit data. Note that the new monitoring scope restrictions apply together with previous exclusion settings configured in the *.txt files. Review the following for more information: Exclude Objects from Monitoring Scope

Use case Related documentation

Active Directory

I want to omit all activity by a specific service account or service accounts with specific naming pattern.

If Netwrix user is responsible just for a limited scope within corporate AD, s/he needs to omit everything else.

NOTE: Always both activity and state in time data are omitted.

In group/Not in group filters don’t not process groups from omitted OUs.

Logon Activity

I want to omit domain logons by a specific service account or service accounts with specific naming pattern.

File Servers

(including Windows file server, EMC, NetApp, Nutanix File server)

I have a server named StationWin16 where I can't install .Net 4.5 in OU where I keep all member servers. I want to suppress errors from this server by excluding it from the Netwrix auditing scope.

A Security Officer wants to monitor a file share but s/he does not have access to a certain folder on this share. Then, s/he does not want the product to monitor this folder at all.

A Security Officer wants to monitor a file share but s/he does not have access to a certain folder on this share. Then, s/he does not want the product to monitor this folder at all.

A Security Officer wants to monitor a file share, but it contains a folder with a huge amount of objects, so s/he does not want Netwrix Auditor to collect State-in-Time data for this folder.

I want to exclude specific computers within an IP range from the Netwrix auditing scope.

SQL Server

I want to know if corp\administrator user is messing with SQL data.

  • SQL Server

As a Netwrix Auditor administrator I want to exclude the domain\nwxserviceaccount service account activity from SQL server audit so that I get reports without changes made by automatic systems.

  • SQL Server

As a Netwrix Auditor administrator I want to exclude all changes performed by MyCustomTool.

  • SQL Server

SharePoint

I want to exclude the domain\nwxserviceaccount account from data collection as it produces standard activity that doesn't require monitoring.

As a Netwrix Auditor Administrator I want to exclude shared PublicList from read audit.

Windows Server

I have a server named StationWin16 where I can't install .Net 4.5 in OU where I keep all member servers. I want to suppress errors from this server by excluding it from the Netwrix auditing scope.

I want to exclude specific computers within an IP range from the Netwrix auditing scope.

VMware

I have a virtual machine named "testvm" I use for testing purposes, so I want to exclude it from being monitored.

Go Up