NDC Provider

NDC Provider is an integration module between Netwrix Auditor and Netwrix Data Classification. It allows Netwrix Auditor users to generate reports and configure alerts and search for the sensitive data collected and classified with Netwrix Data Classification. Refer to the following documentation to learn more about Netwrix Data Classification:

The integration can be configured for the following Netwrix Auditor data sources:

  • Windows File Servers

  • SharePoint

  • SharePoint Online

  • SQL Server

The following integration options are available:

  1. NDC SQL database provider. This integration allows users to generate State-in-Time reports showing data categories for the sensitive data classified with Netwrix Data Classification. Available for Windows File Servers, SharePoint, and SharePoint Online.

  2. NDC endpoint provider. This integration allows users to receive alerts triggered by specific events related to the sensitive data classified with Netwrix Data Classification. When enabled, Netwrix users can also browse sensitive data with the Netwrix search. Available for Windows File Servers (Windows only), SharePoint Online, and SQL Server.

This section lists all requirements for monitoring plans configuration and required versions of Netwrix Auditor and Netwrix Data Classification. Also, it lists requirements for the accounts used by NDC Provider.

Review the following:

Requirements for monitoring plans in Netwrix Auditor

For Windows File Servers:

  • Monitoring plan for File Server data source with activity audit enabled in Netwrix Auditor;

  • Netwrix Data Classification instance configured to crawl from the same source (naming must exactly match);

For SharePoint:

  • Monitoring plan for SharePoint data source with activity audit enabled in Netwrix Auditor;

  • Netwrix Data Classification instance configured to crawl from the same source;

For SharePoint Online:

  • Monitoring plan for SharePoint Online data source with activity audit enabled in Netwrix Auditor;

  • Netwrix Data Classification instance configured to crawl from the same source;

For SQL Server:

  • Monitoring plan for SQL Server data source with activity audit enabled in Netwrix Auditor;

  • Netwrix Data Classification instance configured to crawl from the same source;

Software requirements

Component Version

Netwrix Auditor

10

Netwrix Data Classification

5.6.1

Enable and configure NDC Provider

This section contains instructions on how to enable and configure NDC Provider to include sensitive data in Netwrix Auditor reports, search, and alerts.

IMPORTANT! Ensure that your account meets the requirements and has all server roles assigned. Refer to For NDC Provider for detailed instructions on how to assign the required server roles.

To enable and configure NDC Provider:

  1. In Netwrix Auditor, navigate to Setting in the upper right corner.

  2. Select NDC Provider.

  3. Configure the following depending on your audit purpose:

Option Description

Enable NDC SQL database provider

Select Enable and then click Configure to specify NDC SQL database connection settings.

NDC SQL database settings

Configure Netwrix Auditor to access NDC SQL database and include sensitive data in the reports.

  • SQL Server instance – Specify the name of the SQL Server instance where the NDC SQL database resides.

  • Database – Specify the name of the database (NDC SQL database by default).

  • Authentication – Select the authentication type you want to use to connect to the SQL Server instance:

    • Windows authentication

    • SQL Server authentication

  • User name – Specify the account to be used to connect to the SQL Server instance. For example, WORKSTATIONNDC/integrator.

  • Password – Provide a password for that account.

Enable NDC endpoint provider

Select Enable and then click Configure to specify NDC endpoint connection settings.

NDC Web Console address

Provide the URL of your Netwrix Data Classification web console. For example: http://workstationndc/conceptQS.

User name

Provide the name of account that will be used to connect to Netwrix Data Classification web console. For example, WORKSTATIONNDC/integrator.

IMPORTANT! A user must be granted both: the 'REST API User' and 'Superuser' permissions in Netwrix Data Classification. Refer to the following Netwrix Data Classification help center article for more information: User Management.

Password

Provide a password for this account.

What is next

  1. Navigate to your Windows File Servers, SharePoint, SharePoint Online, or SQL Server monitoring plan.

  2. Run data collection.

    NOTE: Consider that data collection for SharePoint Online may take a while.

  3. Perform some changes and run data collection again.

  4. Review sensitive data.

Netwrix suggests the following integration scenario:

For NDC SQL database provider:

Review your sensitive data in Data Discovery and Classification reports. Refer to the following Netwrix Auditor help center article for more information about these reports: Requirements for Data Discovery and Classification Reports.

For NDC endpoint provider:

  1. Browse your data with Netwrix search.

    Please note that shortly after the data collection, changes related to sensitive content are reported without data categories. For example, if a user adds some sensitive data to the SharePoint Online document that initially does not contain sensitive data; this will be reported as document modification with empty "data categories" field. Another example: a user creates a new document containing sensitive data on a file server; this will be reported as a file add with empty "data categories" field. In this case, you have to wait until Netwrix Auditor processes information collected by Netwrix Data Collection. It takes a while depending on a number of processed objects in your infrastructure and reindexing settings configured in Netwrix Data Classification. Refer to the following article in the Netwrix Data Classification for more information: Manage Sources and Control Data Processing.

    TIP: Click the Select column in the Tools menu and review data categories (taxonomies) of your sensitive documents.

    TIP: Use filtering capabilities to narrow your search results. Review the following for additional information: Advanced Mode

  2. Create an alert triggered by speific actions with your sensitive data.

    TIP: Netwrix recommends enable threshold to trigger the new alert. In this case, a single alert will be sent instead of many alerts. This can be helpful when Netwrix Auditor detects many activity records matching the filters you specified. Refer to the following Netwrix Auditor help center article for more information about alerts: Alerts.