From b5c5580614b3a87c56b52c0a2e8beca4d15670ec Mon Sep 17 00:00:00 2001 From: pavelshabanov2025 Date: Fri, 27 Feb 2026 21:24:28 +0500 Subject: [PATCH 1/5] Update filter combination logic in overview.md (#314) * Update filter combination logic in overview.md Clarified the logical operators used in filter combinations for search functionality. * Update docs/auditor/10.8/admin/search/overview.md Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * Fix typos and improve clarity in overview.md * Fix grammar and clarity in search overview documentation Corrected minor grammatical errors and improved clarity in the search overview documentation. * Fix formatting and link typo in search overview Corrected the formatting of the 'Tools' section and fixed a link typo in the search overview documentation. * Fix internal link anchor in search overview documentation Co-authored-by: Claude Code --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Konstantin Melnikov Co-authored-by: Claude Code --- docs/auditor/10.8/admin/search/overview.md | 23 +++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/docs/auditor/10.8/admin/search/overview.md b/docs/auditor/10.8/admin/search/overview.md index 083d6b4090..538ea55724 100644 --- a/docs/auditor/10.8/admin/search/overview.md +++ b/docs/auditor/10.8/admin/search/overview.md @@ -39,7 +39,7 @@ This functionality is currently available for the following data sources: Integration API - Netwrix Auditor Self-Audit - Netwrix Data Classification. See - [Sensitive Data Discovery ](/docs/auditor/10.8/admin/settings/sensitivedatadiscovery.md)for more information. + [Sensitive Data Discovery ](/docs/auditor/10.8/admin/settings/sensitivedatadiscovery.md) for more information. Netwrix Auditor executes interactive search queries against data stored in the audit databases, that is, on data collected in the last 180 days (default retention period). If you want to investigate @@ -56,14 +56,14 @@ You can add any elements (a dashboard, report, alert, risk, etc.) to the Auditor access them instantly. See the [Navigation](/docs/auditor/10.8/admin/navigation/overview.md) and [Customize Home Screen](/docs/auditor/10.8/admin/navigation/customizehome.md) topics for additional information. -There you can use the UI controls to run the variety of search queries that will fecth you exactly +There you can use the UI controls to run a variety of search queries that will fetch you exactly the data you need. -- To view all audit data stored in all Audit Databases by all monitoring plans, click **Search** +- To view all audit data stored in all Audit Databases by all monitoring plans, click the **Search** button in the center. Be aware that this type of search query may take time due to a large amount of data. Thus, it is - recommended that instead of retrieveing a massive data set, you pre-configure your search query + recommended that instead of retrieving a massive data set, you pre-configure your search query using filters. By default, Netwrix Auditor shows only the top 2,000 entries in the search results. @@ -78,19 +78,24 @@ the data you need. ![search_filter](/images/auditor/10.8/admin/search/search_filter.webp) +- Regardless of the selected filtering mode, Netwrix Auditor combines conditions as follows: + - Filters of the same type with positive operators are combined using the OR logical operator. + - Filters of different types are combined using the AND logical operator. + - All filters with negative operators, regardless of type, are combined using the AND logical operator. Negative operators include: not equal to, does not contain, not in group. + - By default, search results are open in the same window, so the subsequent search results will overwrite the previous search results. To view them in different windows, click Open in new window. - In addition, you can customize your view by selecting columns to display. Use search results for your own needs: save, share, create search-based alerts, subscribe to -periodic delivery of search query results, etc. See Make Search Results Actionnable for more +periodic delivery of search query results, etc. See [Make Search Results Actionable](#make-search-results-actionable) for more information. ![search_nofilter_1](/images/auditor/10.8/admin/search/search_nofilter_1.webp) You can also use the **Search** window to examine details for the selected activity record, or watch -a video recording (for User Ativity data). +a video recording (for User Activity data). ### Examining Activity Record in Detail @@ -140,12 +145,12 @@ To include or exclude data Your exclusions and inclusions will automatically be added to the search filters, limiting the amount of data shown in the results pane. -## Make Search Results Actionnable +## Make Search Results Actionable You can export your search query results, save them as a custom report, subscribe to periodic -delivery of this search results, create a search-based alert. +delivery of these search results, create a search-based alert. -Navigate to Tools in the top right corner of the Search window and select the required action. +Navigate to **Tools** in the top right corner of the Search window and select the required action. | Use... | To... | | -------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | From dbb1bd2eb188b7083192e946badd413eeae76939 Mon Sep 17 00:00:00 2001 From: pavelshabanov2025 Date: Fri, 27 Feb 2026 21:33:31 +0500 Subject: [PATCH 2/5] Added info about WebView2 runtime (#317) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Added info about WebView2 runtime Updated recommendations regarding SQL Server installation on domain controllers. Removed outdated information about printing reports. Added information about WebView2 * Several punctuation and spelling corrections * Update docs/auditor/10.8/requirements/software.md Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * Correct capitalization of 'Auditor Server' in documentation * Capitalization of some terms has been corrected * Fix typo in Auditor Client documentation Replace Cyrillic 'С' (U+0421) to Latin 'C' (U+0043) --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Claude Code claude-code@kilocode.dev --- docs/auditor/10.8/requirements/software.md | 28 ++++++++-------------- 1 file changed, 10 insertions(+), 18 deletions(-) diff --git a/docs/auditor/10.8/requirements/software.md b/docs/auditor/10.8/requirements/software.md index 9040c5c874..0ccb4cf025 100644 --- a/docs/auditor/10.8/requirements/software.md +++ b/docs/auditor/10.8/requirements/software.md @@ -30,29 +30,21 @@ Server, in the monitored environment, or in both locations. ## Using SSRS-based Reports -SQL Server Reporting Services are needed for this kind of reports. See the -[Requirements for SQL Server to Store Audit Data](/docs/auditor/10.8/requirements/sqlserver.md) topic for additional information. If -you plan to export or print such reports, check the requirements below. +SQL Server Reporting Services are needed for these types of reports. See the +[Requirements for SQL Server to Store Audit Data](/docs/auditor/10.8/requirements/sqlserver.md) topic for additional information. -**NOTE:** Please note that if you are going to use SQL Express plan, do not install SSRS and Auditor -on the domain controller. +**NOTE:** It is not recommended to install SQL Server (including Express edition), SQL Server Reporting Services (SSRS), or Netwrix Auditor on a domain controller. +**Microsoft Edge WebView2** -Printing - -To print SSRS-based reports, SSRS Report Viewer and Auditor Client require ActiveX Control to be -installed and enabled on the local machine. See the -[Impossible to Export a Report ](/docs/kb/auditor/reports-alerts-and-notifications/report-generation/impossible-to-export-a-report) -Netwrix knowledge base article for additional information. - -You can, for example, open any SSRS-based report using your default web browser and click **Print**. -The browser will prompt for installation of the additional components it needs for printing. Having -them installed, you will be able to print the reports from Auditor UI as well. +To view SSRS-based reports in Netwrix Auditor, the WebView2 runtime component must be installed. +If the component is not detected on the system, it will be automatically installed during the Netwrix Auditor setup process. +See the following Microsoft article for additional information about the WebView2 runtime component: [Microsoft Edge WebView2](https://developer.microsoft.com/en-us/microsoft-edge/webview2). ## Server and Client -It is recommended to deploy Auditor server on the virtualized server – to simplify backup, provide -scalability for future growth, and facilitate hardware configuration updates. Auditor client can be +It is recommended to deploy Auditor Server on the virtualized server – to simplify backup, provide +scalability for future growth, and facilitate hardware configuration updates. Auditor Client can be deployed on a physical or virtual workstation, as it only provides the UI. You can deploy Netwrix Auditor on the VM running on any of the following hypervisors: @@ -111,7 +103,7 @@ In this scenario, multiple Auditor clients are installed on different machines. Follow the steps to perform distributed deployment. -**Step 1 –** Install Auditor server and default client, selecting Full installation during the +**Step 1 –** Install Auditor Server and default Client, selecting Full installation during the product setup. **Step 2 –** Then install as many clients as you need, running the setup on the remote machines and From 424a40bd5b60062eb0cbb9bc43fd5e98b8f27282 Mon Sep 17 00:00:00 2001 From: james-haytko_nwx Date: Fri, 27 Feb 2026 11:06:23 -0600 Subject: [PATCH 3/5] Replace suggestion-format inline comments with plain inline comments Reviewer now posts plain inline comments showing the suggested change as a code block, with a footer instructing users to reply with @claude apply suggestion or @claude add suggestion to batch. Fixer now handles pull_request_review_comment events in addition to issue_comment events. When a user replies to an inline comment, it fetches the parent comment, extracts the suggested change, and routes to Claude with a prompt covering apply and batch cases. Batch tracking uses a comment in the PR. Generated with AI Co-Authored-By: Claude Code --- .../workflows/claude-documentation-fixer.yml | 82 ++++++++++++++++--- .../claude-documentation-reviewer.yml | 22 +++-- 2 files changed, 86 insertions(+), 18 deletions(-) diff --git a/.github/workflows/claude-documentation-fixer.yml b/.github/workflows/claude-documentation-fixer.yml index b40e9dfa38..5d00ec5a22 100644 --- a/.github/workflows/claude-documentation-fixer.yml +++ b/.github/workflows/claude-documentation-fixer.yml @@ -3,15 +3,23 @@ name: Documentation Fixer on: issue_comment: types: [created] + pull_request_review_comment: + types: [created] jobs: claude-response: runs-on: ubuntu-latest - # Only run on PR comments that mention @claude, and not on bot comments if: | - github.event.issue.pull_request && - contains(github.event.comment.body, '@claude') && - github.event.comment.user.login != 'github-actions[bot]' + ( + github.event_name == 'issue_comment' && + github.event.issue.pull_request && + contains(github.event.comment.body, '@claude') && + github.event.comment.user.login != 'github-actions[bot]' + ) || ( + github.event_name == 'pull_request_review_comment' && + contains(github.event.comment.body, '@claude') && + github.event.comment.user.login != 'github-actions[bot]' + ) permissions: contents: write pull-requests: write @@ -24,7 +32,13 @@ jobs: env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - PR_DATA=$(gh pr view ${{ github.event.issue.number }} --repo ${{ github.repository }} --json headRefName,isCrossRepository) + if [ "${{ github.event_name }}" = "issue_comment" ]; then + PR_NUMBER="${{ github.event.issue.number }}" + else + PR_NUMBER="${{ github.event.pull_request.number }}" + fi + PR_DATA=$(gh pr view $PR_NUMBER --repo ${{ github.repository }} --json headRefName,isCrossRepository) + echo "number=$PR_NUMBER" >> "$GITHUB_OUTPUT" echo "branch=$(echo "$PR_DATA" | jq -r '.headRefName')" >> "$GITHUB_OUTPUT" echo "is_fork=$(echo "$PR_DATA" | jq -r '.isCrossRepository')" >> "$GITHUB_OUTPUT" @@ -33,24 +47,70 @@ jobs: env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - gh pr comment ${{ github.event.issue.number }} --repo ${{ github.repository }} \ - --body "This PR is from a fork. Automated fixes cannot be pushed directly. Apply the inline suggestions from the review manually, or use GitHub's batch feature to commit them all at once." + gh pr comment ${{ steps.pr-info.outputs.number }} --repo ${{ github.repository }} \ + --body "This PR is from a fork. Automated fixes cannot be pushed directly. Apply the suggested changes from the inline comments manually." - name: Checkout repository if: steps.pr-info.outputs.is_fork == 'false' uses: actions/checkout@v4 with: - # Check out the branch by name so git push works. ref: ${{ steps.pr-info.outputs.branch }} fetch-depth: 0 - - name: Apply fixes - if: steps.pr-info.outputs.is_fork == 'false' + - name: Build prompt for review comment reply + id: build-prompt + if: steps.pr-info.outputs.is_fork == 'false' && github.event_name == 'pull_request_review_comment' + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + IN_REPLY_TO="${{ github.event.comment.in_reply_to_id }}" + + if [ -n "$IN_REPLY_TO" ] && [ "$IN_REPLY_TO" != "0" ]; then + PARENT_BODY=$(gh api repos/${{ github.repository }}/pulls/comments/$IN_REPLY_TO --jq '.body') + else + PARENT_BODY="${{ github.event.comment.body }}" + fi + + FILE_PATH="${{ github.event.comment.path }}" + LINE="${{ github.event.comment.line }}" + COMMENT_BODY="${{ github.event.comment.body }}" + + { + echo "prompt<'. Add this suggestion (file: \`$FILE_PATH\`, line: $LINE, text: the 'Suggested change:' code block content) to the list. Post a reply to the inline comment thread confirming it was added, and tell the user to comment \`@claude apply batch\` on the PR when ready to apply all batched suggestions at once." + echo "EOF" + } >> "$GITHUB_OUTPUT" + + - name: Apply fixes (PR comment) + if: steps.pr-info.outputs.is_fork == 'false' && github.event_name == 'issue_comment' + uses: anthropics/claude-code-action@v1 + with: + anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} + github_token: ${{ secrets.GITHUB_TOKEN }} + show_full_output: true + claude_args: | + --model claude-sonnet-4-5-20250929 + --allowedTools "Read,Write,Edit,Bash(gh pr view:*),Bash(gh pr diff:*),Bash(gh pr comment:*),Bash(gh api:*),Bash(git config:*),Bash(git add:*),Bash(git commit:*),Bash(git push:*),Bash(git status:*),Bash(git diff:*)" + + - name: Apply fixes (review comment reply) + if: steps.pr-info.outputs.is_fork == 'false' && github.event_name == 'pull_request_review_comment' uses: anthropics/claude-code-action@v1 with: anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} github_token: ${{ secrets.GITHUB_TOKEN }} show_full_output: true + prompt: ${{ steps.build-prompt.outputs.prompt }} claude_args: | --model claude-sonnet-4-5-20250929 - --allowedTools "Read,Write,Edit,Bash(gh pr view:*),Bash(gh pr diff:*),Bash(gh pr comment:*),Bash(git config:*),Bash(git add:*),Bash(git commit:*),Bash(git push:*),Bash(git status:*),Bash(git diff:*)" + --allowedTools "Read,Write,Edit,Bash(gh pr view:*),Bash(gh pr diff:*),Bash(gh pr comment:*),Bash(gh api:*),Bash(git config:*),Bash(git add:*),Bash(git commit:*),Bash(git push:*),Bash(git status:*),Bash(git diff:*)" diff --git a/.github/workflows/claude-documentation-reviewer.yml b/.github/workflows/claude-documentation-reviewer.yml index 82b436404a..b3952a56a2 100644 --- a/.github/workflows/claude-documentation-reviewer.yml +++ b/.github/workflows/claude-documentation-reviewer.yml @@ -132,10 +132,11 @@ jobs: FOOTER = ( "\n---\n\n" - "There are two ways to apply fixes:\n" - "- View them in the comments and apply them individually or in a batch." - " This only applies to changes made to the file.\n" - "- Reply with `@claude` here, followed by your instructions" + "To apply individual fixes, reply to the inline comments on this review" + " with `@claude apply suggestion`.\n" + "To batch fixes, reply with `@claude add suggestion to batch` on each inline comment," + " then comment `@claude apply batch` on this PR when ready.\n" + "To fix issues in bulk, reply with `@claude` here, followed by your instructions" " (e.g. `@claude fix all issues` or `@claude fix only the spelling errors`" " or `@claude fix all other existing issues`" " or `@claude fix all linting issues`)." @@ -143,6 +144,12 @@ jobs: "Note: Automated fixes are only available for branches in this repository, not forks." ) + INLINE_FOOTER = ( + "\n\n---\n\n" + "Reply with `@claude`, followed by your instructions" + " (e.g. `@claude apply suggestion` or `@claude add suggestion to batch`)." + ) + def parse_diff_to_suggestions(diff_text): suggestions = [] current_file = None @@ -216,14 +223,15 @@ jobs: def make_suggestion(path, old_start, old_chunk, new_chunk): if not old_chunk: - return None # Pure insertions cannot be placed as inline suggestions + return None # Pure insertions cannot be placed as inline comments end_line = old_start + len(old_chunk) - 1 - suggestion_body = '```suggestion\n' + '\n'.join(new_chunk) + '\n```' + new_text = '\n'.join(new_chunk) + comment_body = f"Suggested change:\n```\n{new_text}\n```{INLINE_FOOTER}" comment = { 'path': path, 'line': end_line, 'side': 'RIGHT', - 'body': suggestion_body, + 'body': comment_body, } if len(old_chunk) > 1: comment['start_line'] = old_start From ddc287f7e2dfe9108d599dca1b88f56cc9e36304 Mon Sep 17 00:00:00 2001 From: james-haytko_nwx Date: Fri, 27 Feb 2026 11:12:13 -0600 Subject: [PATCH 4/5] Specify exact format for batch tracker comment Locks down the comment to always show a bold count header, a table of pending suggestions with file/line/text, and instructions to apply. The reply to each inline comment also includes the running total. Generated with AI Co-Authored-By: Claude Code --- .github/workflows/claude-documentation-fixer.yml | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/.github/workflows/claude-documentation-fixer.yml b/.github/workflows/claude-documentation-fixer.yml index 5d00ec5a22..b3e5670e95 100644 --- a/.github/workflows/claude-documentation-fixer.yml +++ b/.github/workflows/claude-documentation-fixer.yml @@ -88,7 +88,18 @@ jobs: echo "" echo "Based on the user's reply:" echo "- If they asked to apply the suggestion: extract the text from the 'Suggested change:' code block in the parent comment. Open \`$FILE_PATH\`, replace the content at line $LINE with that text, then stage, commit, and push the change." - echo "- If they asked to add the suggestion to a batch: find or create a PR comment from github-actions[bot] that starts with ''. Add this suggestion (file: \`$FILE_PATH\`, line: $LINE, text: the 'Suggested change:' code block content) to the list. Post a reply to the inline comment thread confirming it was added, and tell the user to comment \`@claude apply batch\` on the PR when ready to apply all batched suggestions at once." + echo "- If they asked to add the suggestion to a batch: find or create a PR comment from github-actions[bot] that starts with ''. Add this suggestion to the list and rewrite the comment using exactly this format (replacing N with the updated count and updating the list):" + echo "" + echo " " + echo " **Batched suggestions: N**" + echo " Comment \`@claude apply batch\` on this PR to apply all of them." + echo "" + echo " | # | File | Line | Suggested change |" + echo " |---|------|------|------------------|" + echo " | 1 | \`path/to/file.md\` | 12 | suggested text |" + echo " | 2 | \`path/to/file.md\` | 34 | suggested text |" + echo "" + echo " Then post a reply to the inline comment thread: 'Added to batch (N total). Comment \`@claude apply batch\` on this PR to apply all batched suggestions.'" echo "EOF" } >> "$GITHUB_OUTPUT" From 1a87c0cc3186df2b8b06051b03cb3e040cb7b2c2 Mon Sep 17 00:00:00 2001 From: james-haytko_nwx Date: Fri, 27 Feb 2026 11:18:58 -0600 Subject: [PATCH 5/5] Fix code injection vulnerability in fixer workflow Move user-controlled GitHub event values (comment body, path, line, in_reply_to_id) from direct shell interpolation into env: variables. GitHub Actions evaluates ${{ }} expressions before the shell runs, so interpolating comment.body directly allows command injection if the comment contains shell metacharacters. Passing values through env: causes the shell to treat them as plain strings. Generated with AI Co-Authored-By: Claude Code --- .github/workflows/claude-documentation-fixer.yml | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/.github/workflows/claude-documentation-fixer.yml b/.github/workflows/claude-documentation-fixer.yml index b3e5670e95..d522174223 100644 --- a/.github/workflows/claude-documentation-fixer.yml +++ b/.github/workflows/claude-documentation-fixer.yml @@ -62,19 +62,17 @@ jobs: if: steps.pr-info.outputs.is_fork == 'false' && github.event_name == 'pull_request_review_comment' env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + COMMENT_BODY: ${{ github.event.comment.body }} + FILE_PATH: ${{ github.event.comment.path }} + LINE: ${{ github.event.comment.line }} + IN_REPLY_TO: ${{ github.event.comment.in_reply_to_id }} run: | - IN_REPLY_TO="${{ github.event.comment.in_reply_to_id }}" - if [ -n "$IN_REPLY_TO" ] && [ "$IN_REPLY_TO" != "0" ]; then PARENT_BODY=$(gh api repos/${{ github.repository }}/pulls/comments/$IN_REPLY_TO --jq '.body') else - PARENT_BODY="${{ github.event.comment.body }}" + PARENT_BODY="$COMMENT_BODY" fi - FILE_PATH="${{ github.event.comment.path }}" - LINE="${{ github.event.comment.line }}" - COMMENT_BODY="${{ github.event.comment.body }}" - { echo "prompt<