Review of Netwrix Auditor for SharePoint
Product overview by Vlad Catrinescu – requested by Netwrix, but thoughts are my own.
With companies getting hacked every day, security is becoming a more and more important part of every IT department. An important part is being able to know what happens in all your systems and be able to monitor it for security flaws. While every product has a way of logging information, it’s impractical to analyze each log individually, especially when you have hundreds, or even thousands of different servers, systems and applications to monitor. This is where an enterprise user activity monitoring can come in handy. In this blog, we will talk about Netwrix Auditor, a visibility and governance platform that that enables
control over changes, configurations and access in hybrid cloud IT environments, in most of the Microsoft Stack such as SharePoint, Exchange, SQL, Windows Server, File Shares, AD and Office 365.
As we will focus mostly on the SharePoint features of Netwrix Auditor, here is an introduction about the product directly from the Netwrix Auditor site.
Gain deep insight into all changes that impact compliance, security and availability across your SharePoint sites, including changes to farm configuration; changes to security, from the farm level down to single document permissions; and the creation, deletion and modification of any SharePoint content.
Netwrix Auditor for SharePoint Review
The Netwrix Auditor platform comes split in two. You have the Administrator Console in which you can define what systems you want to connect to as well as the credentials to connect to those systems.
To connect to a SharePoint Farm, you will need to connect to the SharePoint Central Admin site, and specify an account that has the required rights!
After the Admin Part is setup, you can consume all the auditing from a Netwrix Client. And I think the way they built it is very smart, because the Netwrix Auditor Client can be installed on an unlimited number of computers, and you can delegate access to audit data to different teams when they need it. For example you could give access to a team doing a Compliance Report. The Netwrix Auditor client start screen looks like the screenshot below, and it provides you with a quick access to the Overview dashboards for each System.
The SharePoint Overview dashboard gives you a quick glance at how many changes were done on your SharePoint Farm(s), on what Site Collections as well as what types of items were changed.
The overview dashboard can be useful to present to a Manager, and even measure adoption. They are pretty laconic, but if you need more details, you can get them by clicking any specific graph in the dashboard. Luckily, Netwrix has a dozen out-of-the-box SharePoint reports that you can easily run to get more detailed information.
Some of the ones I liked most are finding all the SharePoint Changes done by a certain SharePoint User. Being able to run this report across multiple SharePoint Farms from one client is pretty useful!
You can also do reports on what users accessed, and even filter on a certain user, or an object type.
Another feature of Netwrix Auditor is out-of-the-box Compliance Reports. While I am not a big compliance guy and don’t know what all those standards mean, Netwrix Auditor has out-of-the-box reports that are mapped to specific regulatory compliance standards including PCI DSS, HIPAA, SOX, FISMA/NIST800-53 and ISO/IEC 27001. If you are a company that needs to respect any of those compliance standards, it’s a real perk to have them created by people who know those standards, and easily available to generate data.
Lastly, Netwrix Auditor also has an Interactive Search that allows users to search either on a system, or on all audited systems. You can filter by User, Action, Date, System and a lot of other filters.
I wish that it was a bit more like Power BI, and using artificial intelligence to understand Simple Langue Queries like “Show me all the users who modified a SharePoint Group in the last 10 days”, but I understand that for security software, being accurate is a lot more important than having that consumer AI in place. It’s still pretty easy to build Search Queries and find what you need from all your connected systems.
In this blog post we reviewed Netwrix Auditor, a visibility and governance platform that that enables
control over changes, configurations and access in hybrid cloud IT environments, and focused only on the SharePoint related features. I would say that I am pretty impressed with the software and how easy it makes it for users to do view logs from all your SharePoint Farms, which you wouldn’t be able to do without a custom solution looking in the SharePoint Audit database. The point I think I found the most useful is separation of the Admin Console and Client.
Having all of the Reports that Netwrix Auditor has out-of-the-box as well as all the compliance reports can save you hundreds of hours of work, and I think that if you run an enterprise with hundreds of services, and thousands of servers, you need a tool like this to make sure you respect your compliance standards, and keep your network safe.
If you’re interested in visibility software for enterprises that also integrates well with SharePoint, make sure to check out Netwrix Auditor by clicking the logo below.