The image below provides overview of Netwrix Auditor architecture and gives a brief description of product components and incorporated technologies.
The AuditIntelligence technology, or simply Intelligence, is a brand new way of dealing with audit data, investigating incidents and enabling complete visibility across the entire IT infrastructure. Intelligence provides easy access to data and configuration for IT managers, business analysts and other relevant employees via a straightforward and user-friendly interface, Netwrix Auditor client. You can install as many Netwrix Auditor clients as needed on workstations in your network, so that your authorized team members can benefit from using audit data collected by a single Netwrix Auditor Server to investigate issues and keep track of changes.
AuditAssurance is a technology that consolidates data from multiple independent sources (event logs, configuration snapshots, change history records, etc.). This allows detecting who changed what, where and when each change was made, and who has access to what even if one or several sources of information do not contain all of the required data, for example because it was deleted, overwritten, and so on.
AuditAssurance is provided by Netwrix Auditor Server and Integration API. Netwrix Auditor Server is a core part of Netwrix Auditor that collects, transfers and processes data. It contains several internal components responsible for gathering data from data sources. Integration API is a RESTful API that leverages data with custom on-premises or cloud systems even if they are not supported as data sources yet. API enables integration with third-party SIEM solutions by importing and exporting data to and from Netwrix Auditor.
Netwrix Auditor Server and Integration API interact with the Two-Tiered AuditArchive that is a scalable repository used for storing audit data collected by Netwrix Auditor and imported from other data sources and IT systems using Integration API. The Two-Tiered AuditArchive includes:
- The file-based Long-Term Archive
- The SQL-based short-term Audit Database
By default, data is written to both the Audit Database and the Long-Term Archive that is designed to store data in a compressed format for a longer period of time . With two-tiered AuditArchive you can store your data as long as required in the Long-Term Archive (by default, 120 months), but keep your operational storage fast and clean and use it for browsing recent data (by default, 180 days). At the same time, Netwrix Auditor allows you to extract data from the Long-Term Archive and import it to the Audit Database if you want to investigate past issues.