Monitoring Plans

To start auditing your environment and analyzing user behavior with Netwrix Auditor, create a monitoring plan.

A monitoring plan defines data collection, notification, and storage settings.

To start collecting data, and add items to its scope.

So, to collect data from your environment, you need to do the following:

  1. Create a monitoring plan with a wizard. See Create a New Plan for more information.
  2. Fine-tune data source settings, if necessary: use the data source properties to modify data collection settings, customize the monitoring scope, and so on. See Manage Data Sources for more information.
  3. Add items to be monitored. An item is a specific object you want to audit, e.g., a VMware server or a SharePoint farm. As soon as the item is added, to the monitoring plan, Netwrix Auditor starts collecting data from it. See Add Items for Monitoring for more information.

To view and modify your plans, in the main Netwrix Auditor window click the Monitoring Plans tile, then expand the All Monitoring Plans tree.

To.. Do..

See how data collection goes on

Click on a plan name. You will see all data sources included in the plan and data collection status for each data source.

Start data collection manually

  1. Select a plan and click Edit.
  2. In the monitoring plan window, click Update in the right pane.

Data collection will be started (status for the data sources will be displayed as Working).
Do the same if you need to generate Activity Summary with the latest changes. See Launch Data Collection Manually and Update Status for details.

View collected data

  1. Select a plan and click Edit.
  2. In the right pane, go to the Intelligence section (in the bottom) and click Search.

The search page will appear, displaying the collected data filtered out accordingly (i.e. provided by this monitoring plan).

Modify plan settings, add or delete data sources, add or delete items

Select a plan and click Edit. On the page that opens, review your plan settings. Then follow the instructions described in these sections:

Assign roles

Click Delegate to review current delegations and assign roles. You can delegate control over a monitoring plan to another administrator, or grant read access—Reviewer role—to the data collected by this plan.

To simplify delegation, you can further organize the monitoring plans into folders.

See Role-based access and delegation for more information.

Using historical data

For many data sources, you can instruct Netwrix Auditor to collect state-in-time data along with event data. For that, Netwrix Auditor uses state-in-time snapshots of the relevant system (for example, see Data Collection from VMware Servers).

To keep users up-to-date on actual system state, Netwrix Auditor updates the latest snapshot on the regular basis. Thus, only the latest snapshot is available for ongoing reporting in Netwrix Auditor.

However, you may need to generate reports based on the historical data. For that, you must import the historical snapshots to the database.

NOTE: To import snapshots, you must be assigned the Global administrator or the Global reviewer role. See Assign Roles for more information.

To import historical snapshots:

  1. Select the monitoring plan you need.
  2. Select the required data source and click Edit data source on the right to open its properties.
  3. Click General on the left.
  4. In the Manage historical snapshots section, click Manage.
  5. In the Manage Snapshots window, select the snapshots that you want to import — use the arrows to move the selected snapshots to the Snapshots available for reporting list. When finished, click OK.