To help you identify configuration gaps in your environment and understand their impact on overall security, Netwrix Auditor offers a dashboard with a number of metrics and drill-down reports on IT risk assessment. They pinpoint the weak points in your IT infrastructure such as overly broad assignment of access rights, loose password policies, and stale accounts. This information will help you to take corrective measures in the required area, ensuring the IT risks stay in the safe zone.
Risk assessment dashboard can be accessed by clicking the Risk assessment tile in the main window of Netwrix Auditor. For details about using the dashboard, see IT Risk Assessment Dashboard.
For details about metrics calculation, see How Risk Levels Are Estimated .
Providing Data for Risk Assessment
To provide data for metrics and reports that belong to different categories, you will need to configure monitoring plans that will process related data sources. These monitoring plans should have at least one item added. See the following table for the certain reports:
|Category||Report name||Collect data from|
Users and Computers
User accounts with "Password never expires"
|User accounts with "Password not required"||AD domain|
|Disabled computer accounts||AD domain|
|Inactive user accounts||AD domain|
|Inactive computer accounts||AD domain|
|Servers with Guest account enabled||Windows Server|
|Servers that have local user accounts with "Password never expires"||Windows Server|
|Permissions||User accounts with administrative permissions||AD domain|
|Administrative groups||AD domain|
|Administrative group membership sprawl||Windows Server|
|Empty security group||AD domain|
|Site collections with the "Get a link" feature enabled||SharePoint farm|
|Sites with the "Anonymous access" feature enabled||SharePoint farm|
|Site collections with broken inheritance||SharePoint farm|
|Data||Files and folders accessible by Everyone||Windows File Server|
|File and folder names containing sensitive data||Windows File Server|
|Potentially harmful files on file shares||Windows File Server|
|Direct permissions on files and folders||Windows File Server|
|Documents and list items accessible by Everyone and Authenticated Users||SharePoint farm|
|Infrastructure||Servers with inappropriate operating systems||Windows Server|
|Servers with under-governed Windows Update configurations||Windows Server|
|Servers with unauthorized antivirus software||Windows Server|
The monitoring plans also must be configured to store data to the audit database.
Also, all risk metrics and related reports require state-in-time data to be collected. You can select the relevant option when creating a new monitoring plan, as described in the New Monitoring Plan section.
To verify the necessary settings of the existing plan
- Select the monitoring plan you need and click the Edit button.
- In the right pane of the dialog displayed, select Edit settings from the Monitoring plan section.
- Go to the Audit Database section and make sure that Disable security intelligence ... checkbox is cleared. This will instruct Netwrix to store data to both Long-Term Archive and audit database:
- Save the settings and return to the window with the monitoring plan details. Make sure you have at least one monitored item in the plan. If necessary, add an item.
- Select the data source you need (for example, Active Directory) and click Edit data source from the Data source section on the right.
- Make sure that:
- Monitor this data source and collect activity data is switched ON.
- Collect data for state-in-time reports is switched ON.
- Save the settings and close the dialog.