From 2d6242cc912649a2e4f0ed5c13d595d4784a1440 Mon Sep 17 00:00:00 2001 From: TM-PO-Netwrix Date: Tue, 17 Mar 2026 12:37:44 +0100 Subject: [PATCH 01/13] Fix Linux lightweight directory bridging wording --- .../administration/systemmanagement/linuxandmac.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/privilegesecurediscovery/administration/systemmanagement/linuxandmac.md b/docs/privilegesecurediscovery/administration/systemmanagement/linuxandmac.md index 08d4e61bcc..b8595b0510 100644 --- a/docs/privilegesecurediscovery/administration/systemmanagement/linuxandmac.md +++ b/docs/privilegesecurediscovery/administration/systemmanagement/linuxandmac.md @@ -1,22 +1,22 @@ --- -title: "Linux and Mac Lightweight Directory Bridging - JWT and Passwords" -description: "Linux and Mac Lightweight Directory Bridging - JWT and Passwords" +title: "Linux Lightweight Directory Bridging - JWT and Passwords" +description: "Linux Lightweight Directory Bridging - JWT and Passwords" sidebar_position: 10 --- -# Linux and Mac Lightweight Directory Bridging - JWT and Passwords +# Linux Lightweight Directory Bridging - JWT and Passwords -Linux and Mac Lightweight Directory Bridging - JWT and Passwords +Linux Lightweight Directory Bridging - JWT and Passwords -# Linux and Mac Lightweight Directory Bridging - JWT and Passwords +# Linux Lightweight Directory Bridging - JWT and Passwords -This purpose of this article is to walk through the underpinnings for Linux and MacOS endpoints in +This purpose of this article is to walk through the underpinnings for Linux endpoints in regards to storing passwords in the JWT access token. **NOTE:** This is farily technical and any questions or concerns can be addressed with the Support Team. -## Granting Access to Linux/ MacOS systems +## Granting Access to Linux systems When the user requests access to a system: From 0eb5f6897a08378369ed383197f3fae27e17c06f Mon Sep 17 00:00:00 2001 From: TM-PO-Netwrix Date: Tue, 17 Mar 2026 15:10:37 +0100 Subject: [PATCH 02/13] Version Privilege Secure Discovery docs under 2.22 --- .../{ => 2.22}/administration/_category_.json | 0 .../configuration/_category_.json | 0 .../configuration/accountinventorycolors.md | 0 .../configuration/addadomain.md | 0 .../configuration/addcertificateauthority.md | 0 .../configuration/adfailover.md | 0 .../configuration/advancedfields.md | 6 ++-- .../configuration/applyserviceaccount.md | 0 .../administration/configuration/azuresso.md | 0 .../configuration/certificatesslfiles.md | 0 .../configuration/changepasswords.md | 0 .../configuration/configureadfs.md | 0 .../configuration/duoaccessgateway.md | 6 ++-- .../configuration/duohostedsso.md | 6 ++-- .../administration/configuration/gpos.md | 4 ++- .../configuration/jitasessionduration.md | 0 .../administration/configuration/linux.md | 8 +++-- .../configuration/linuxandad.md | 4 ++- .../configuration/linuxsimplified2.18+.md | 0 .../configuration/logchanges2.20.md | 0 .../configuration/oampasswordconfig.md | 0 .../configuration/oktaintegration.md | 0 .../configuration/quickstartscript.md | 0 .../administration/configuration/radius.md | 0 .../configuration/removepersistence.md | 6 ++-- .../configuration/resetmfatokens.md | 6 ++-- .../configuration/saslkerberos.md | 0 .../configuration/sessiontimeouts.md | 0 .../configuration/spinitiatedsso.md | 0 .../administration/configuration/sslcsr.md | 0 .../configuration/ssoconfiguration.md | 0 .../configuration/uibranding.md | 0 .../configuration/webservercertificate.md | 4 ++- .../onpremmaintenance/_category_.json | 0 .../onpremmaintenance/dellr430r440idrac9.md | 0 .../onpremmaintenance/failback.md | 4 ++- .../onpremmaintenance/linuxremovesnapbin.md | 0 .../onpremmaintenance/operational.md | 4 ++- .../administration/onpremmaintenance/ssh.md | 0 .../onpremmaintenance/updateosonappliances.md | 4 ++- .../administration/reporting/_category_.json | 0 .../administration/reporting/accessrisk.md | 0 .../reporting/applicationlogbasics.md | 0 .../reporting/dashboardguide.md | 0 .../reporting/licensingdetails.md | 0 .../administration/reporting/logparsing.md | 0 .../reporting/standingprivilegescript.md | 0 .../reporting/systemmanagementscreen.md | 0 .../systemmanagement/403zerousns.md | 0 .../systemmanagement/_category_.json | 0 .../systemmanagement/adduserorgroup.md | 8 +++-- .../systemmanagement/bulkactions.md | 0 .../systemmanagement/commonuierrors.md | 6 ++-- .../systemmanagement/firstlogin.md | 0 .../systemmanagement/jitasessions.md | 0 .../systemmanagement/linuxaddsudouser.md | 0 .../systemmanagement/linuxandmac.md | 0 .../systemmanagement/linuxgranularsudo.md | 0 .../systemmanagement/linuxsudopermissions.md | 0 .../systemmanagement/oamextended.md | 0 .../systemmanagement/quickstartfields.md | 0 .../systemmanagement/removeasystem.md | 0 .../systemmanagement/restoreasystem.md | 0 .../{ => 2.22}/gettingstarted.md | 20 ++++++----- .../{ => 2.22}/index.md | 11 +++--- .../{ => 2.22}/installation/_category_.json | 0 .../{ => 2.22}/installation/dellpoweredge.md | 0 .../{ => 2.22}/installation/dockersecrets.md | 4 ++- .../installation/machineprovisionidrac.md | 0 .../installation/s1clihelperutility.md | 0 .../{ => 2.22}/integrations/_category_.json | 0 .../integrations/api/_category_.json | 0 .../integrations/api/advancedapireference.md | 6 ++-- .../integrations/api/apikeymanagement.md | 0 .../integrations/api/apikeyrevocation.md | 0 .../integrations/api/postmanauthenticate.md | 4 ++- .../integrations/api/postmanlinux.md | 0 .../integrations/edr/_category_.json | 0 .../integrations/edr/carbonblack.md | 0 .../integrations/edr/crowdstrike.md | 0 .../integrations/edr/sentinelone.md | 0 .../integrations/siem/_category_.json | 0 .../integrations/siem/additionallogs.md | 0 .../integrations/siem/forwardlogs.md | 4 ++- .../{ => 2.22}/integrations/siem/logs.md | 4 ++- .../integrations/siem/splunkjson.md | 4 ++- .../integrations/siem/splunkqueries.md | 0 .../{ => 2.22}/partners/_category_.json | 0 .../technicalpartnerdocu/_category_.json | 0 .../technicalpartnerdocu/core_services.md | 0 .../{ => 2.22}/requirements/_category_.json | 0 .../requirements/architectureoverview.md | 0 .../{ => 2.22}/requirements/haanddr.md | 4 ++- .../{ => 2.22}/requirements/overview.md | 34 ++++++++++--------- .../requirements/portsandfirewalls.md | 0 .../requirements/serverstoragesizing.md | 0 .../requirements/supportedosandbrowsers.md | 6 ++-- .../technicalpreparation/_category_.json | 0 .../technicalpreparation/accountsecurity.md | 0 .../technicalpreparation/freeze_mode.md | 0 .../technicalpreparation/golivechecklist.md | 0 ...at's_different_about_domain_controllers.md | 0 .../linuxregistrationsprerequisites.md | 6 ++-- .../postman_-_installing_and_configuring_.md | 0 .../postmanlinuxregistration.md | 4 ++- .../productmodeaccount.md | 0 .../proxyfirewallwhitelist.md | 0 .../technicalpreparation/riskregister.md | 0 .../scangposerver2012or2008dcs.md | 4 ++- .../scangposerver2016+dcs.md | 4 ++- .../technicalpreparation/serviceaccounts.md | 0 .../requirements/virtualmachines.md | 4 ++- sidebars/privilegesecurediscovery/2.22.js | 8 +++++ src/config/products.js | 7 ++-- 114 files changed, 141 insertions(+), 73 deletions(-) rename docs/privilegesecurediscovery/{ => 2.22}/administration/_category_.json (100%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/configuration/_category_.json (100%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/configuration/accountinventorycolors.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/configuration/addadomain.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/configuration/addcertificateauthority.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/configuration/adfailover.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/configuration/advancedfields.md (97%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/configuration/applyserviceaccount.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/configuration/azuresso.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/configuration/certificatesslfiles.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/configuration/changepasswords.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/configuration/configureadfs.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/configuration/duoaccessgateway.md (94%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/configuration/duohostedsso.md (93%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/configuration/gpos.md (93%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/configuration/jitasessionduration.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/configuration/linux.md (93%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/configuration/linuxandad.md (98%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/configuration/linuxsimplified2.18+.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/configuration/logchanges2.20.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/configuration/oampasswordconfig.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/configuration/oktaintegration.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/configuration/quickstartscript.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/configuration/radius.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/configuration/removepersistence.md (96%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/configuration/resetmfatokens.md (93%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/configuration/saslkerberos.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/configuration/sessiontimeouts.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/configuration/spinitiatedsso.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/configuration/sslcsr.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/configuration/ssoconfiguration.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/configuration/uibranding.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/configuration/webservercertificate.md (98%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/onpremmaintenance/_category_.json (100%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/onpremmaintenance/dellr430r440idrac9.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/onpremmaintenance/failback.md (98%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/onpremmaintenance/linuxremovesnapbin.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/onpremmaintenance/operational.md (98%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/onpremmaintenance/ssh.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/onpremmaintenance/updateosonappliances.md (97%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/reporting/_category_.json (100%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/reporting/accessrisk.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/reporting/applicationlogbasics.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/reporting/dashboardguide.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/reporting/licensingdetails.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/reporting/logparsing.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/reporting/standingprivilegescript.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/reporting/systemmanagementscreen.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/systemmanagement/403zerousns.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/systemmanagement/_category_.json (100%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/systemmanagement/adduserorgroup.md (91%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/systemmanagement/bulkactions.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/systemmanagement/commonuierrors.md (99%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/systemmanagement/firstlogin.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/systemmanagement/jitasessions.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/systemmanagement/linuxaddsudouser.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/systemmanagement/linuxandmac.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/systemmanagement/linuxgranularsudo.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/systemmanagement/linuxsudopermissions.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/systemmanagement/oamextended.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/systemmanagement/quickstartfields.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/systemmanagement/removeasystem.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/administration/systemmanagement/restoreasystem.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/gettingstarted.md (89%) rename docs/privilegesecurediscovery/{ => 2.22}/index.md (66%) rename docs/privilegesecurediscovery/{ => 2.22}/installation/_category_.json (100%) rename docs/privilegesecurediscovery/{ => 2.22}/installation/dellpoweredge.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/installation/dockersecrets.md (96%) rename docs/privilegesecurediscovery/{ => 2.22}/installation/machineprovisionidrac.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/installation/s1clihelperutility.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/integrations/_category_.json (100%) rename docs/privilegesecurediscovery/{ => 2.22}/integrations/api/_category_.json (100%) rename docs/privilegesecurediscovery/{ => 2.22}/integrations/api/advancedapireference.md (98%) rename docs/privilegesecurediscovery/{ => 2.22}/integrations/api/apikeymanagement.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/integrations/api/apikeyrevocation.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/integrations/api/postmanauthenticate.md (96%) rename docs/privilegesecurediscovery/{ => 2.22}/integrations/api/postmanlinux.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/integrations/edr/_category_.json (100%) rename docs/privilegesecurediscovery/{ => 2.22}/integrations/edr/carbonblack.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/integrations/edr/crowdstrike.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/integrations/edr/sentinelone.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/integrations/siem/_category_.json (100%) rename docs/privilegesecurediscovery/{ => 2.22}/integrations/siem/additionallogs.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/integrations/siem/forwardlogs.md (98%) rename docs/privilegesecurediscovery/{ => 2.22}/integrations/siem/logs.md (97%) rename docs/privilegesecurediscovery/{ => 2.22}/integrations/siem/splunkjson.md (97%) rename docs/privilegesecurediscovery/{ => 2.22}/integrations/siem/splunkqueries.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/partners/_category_.json (100%) rename docs/privilegesecurediscovery/{ => 2.22}/partners/technicalpartnerdocu/_category_.json (100%) rename docs/privilegesecurediscovery/{ => 2.22}/partners/technicalpartnerdocu/core_services.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/requirements/_category_.json (100%) rename docs/privilegesecurediscovery/{ => 2.22}/requirements/architectureoverview.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/requirements/haanddr.md (96%) rename docs/privilegesecurediscovery/{ => 2.22}/requirements/overview.md (88%) rename docs/privilegesecurediscovery/{ => 2.22}/requirements/portsandfirewalls.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/requirements/serverstoragesizing.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/requirements/supportedosandbrowsers.md (97%) rename docs/privilegesecurediscovery/{ => 2.22}/requirements/technicalpreparation/_category_.json (100%) rename docs/privilegesecurediscovery/{ => 2.22}/requirements/technicalpreparation/accountsecurity.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/requirements/technicalpreparation/freeze_mode.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/requirements/technicalpreparation/golivechecklist.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/requirements/technicalpreparation/info_-_what's_different_about_domain_controllers.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/requirements/technicalpreparation/linuxregistrationsprerequisites.md (96%) rename docs/privilegesecurediscovery/{ => 2.22}/requirements/technicalpreparation/postman_-_installing_and_configuring_.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/requirements/technicalpreparation/postmanlinuxregistration.md (95%) rename docs/privilegesecurediscovery/{ => 2.22}/requirements/technicalpreparation/productmodeaccount.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/requirements/technicalpreparation/proxyfirewallwhitelist.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/requirements/technicalpreparation/riskregister.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/requirements/technicalpreparation/scangposerver2012or2008dcs.md (96%) rename docs/privilegesecurediscovery/{ => 2.22}/requirements/technicalpreparation/scangposerver2016+dcs.md (96%) rename docs/privilegesecurediscovery/{ => 2.22}/requirements/technicalpreparation/serviceaccounts.md (100%) rename docs/privilegesecurediscovery/{ => 2.22}/requirements/virtualmachines.md (94%) create mode 100644 sidebars/privilegesecurediscovery/2.22.js diff --git a/docs/privilegesecurediscovery/administration/_category_.json b/docs/privilegesecurediscovery/2.22/administration/_category_.json similarity index 100% rename from docs/privilegesecurediscovery/administration/_category_.json rename to docs/privilegesecurediscovery/2.22/administration/_category_.json diff --git a/docs/privilegesecurediscovery/administration/configuration/_category_.json b/docs/privilegesecurediscovery/2.22/administration/configuration/_category_.json similarity index 100% rename from docs/privilegesecurediscovery/administration/configuration/_category_.json rename to docs/privilegesecurediscovery/2.22/administration/configuration/_category_.json diff --git a/docs/privilegesecurediscovery/administration/configuration/accountinventorycolors.md b/docs/privilegesecurediscovery/2.22/administration/configuration/accountinventorycolors.md similarity index 100% rename from docs/privilegesecurediscovery/administration/configuration/accountinventorycolors.md rename to docs/privilegesecurediscovery/2.22/administration/configuration/accountinventorycolors.md diff --git a/docs/privilegesecurediscovery/administration/configuration/addadomain.md b/docs/privilegesecurediscovery/2.22/administration/configuration/addadomain.md similarity index 100% rename from docs/privilegesecurediscovery/administration/configuration/addadomain.md rename to docs/privilegesecurediscovery/2.22/administration/configuration/addadomain.md diff --git a/docs/privilegesecurediscovery/administration/configuration/addcertificateauthority.md b/docs/privilegesecurediscovery/2.22/administration/configuration/addcertificateauthority.md similarity index 100% rename from docs/privilegesecurediscovery/administration/configuration/addcertificateauthority.md rename to docs/privilegesecurediscovery/2.22/administration/configuration/addcertificateauthority.md diff --git a/docs/privilegesecurediscovery/administration/configuration/adfailover.md b/docs/privilegesecurediscovery/2.22/administration/configuration/adfailover.md similarity index 100% rename from docs/privilegesecurediscovery/administration/configuration/adfailover.md rename to docs/privilegesecurediscovery/2.22/administration/configuration/adfailover.md diff --git a/docs/privilegesecurediscovery/administration/configuration/advancedfields.md b/docs/privilegesecurediscovery/2.22/administration/configuration/advancedfields.md similarity index 97% rename from docs/privilegesecurediscovery/administration/configuration/advancedfields.md rename to docs/privilegesecurediscovery/2.22/administration/configuration/advancedfields.md index f1ff75bfbf..00ece057d9 100644 --- a/docs/privilegesecurediscovery/administration/configuration/advancedfields.md +++ b/docs/privilegesecurediscovery/2.22/administration/configuration/advancedfields.md @@ -197,11 +197,11 @@ System: VMTEMP1 [+] System: VMTEMP2 Linux registration prerequisites: -- [Linux Registrations Prerequisites](/docs/privilegesecurediscovery/requirements/technicalpreparation/linuxregistrationsprerequisites.md) +- [Linux Registrations Prerequisites](../../requirements/technicalpreparation/linuxregistrationsprerequisites.md) Guide on registering linux system with Postman (using API): -- [Postman Linux Registration](/docs/privilegesecurediscovery/requirements/technicalpreparation/postmanlinuxregistration.md) +- [Postman Linux Registration](../../requirements/technicalpreparation/postmanlinuxregistration.md) Troubleshooting Linux Registration: @@ -223,3 +223,5 @@ The full Excel file layout of the QuickStart file is detailed in the picture bel ![LOAM-S1-1824.webp](/images/privilegesecure/4.2/discovery/admin/configuration/360042878654_oam-s1-1824_941x297.webp) ``` + + diff --git a/docs/privilegesecurediscovery/administration/configuration/applyserviceaccount.md b/docs/privilegesecurediscovery/2.22/administration/configuration/applyserviceaccount.md similarity index 100% rename from docs/privilegesecurediscovery/administration/configuration/applyserviceaccount.md rename to docs/privilegesecurediscovery/2.22/administration/configuration/applyserviceaccount.md diff --git a/docs/privilegesecurediscovery/administration/configuration/azuresso.md b/docs/privilegesecurediscovery/2.22/administration/configuration/azuresso.md similarity index 100% rename from docs/privilegesecurediscovery/administration/configuration/azuresso.md rename to docs/privilegesecurediscovery/2.22/administration/configuration/azuresso.md diff --git a/docs/privilegesecurediscovery/administration/configuration/certificatesslfiles.md b/docs/privilegesecurediscovery/2.22/administration/configuration/certificatesslfiles.md similarity index 100% rename from docs/privilegesecurediscovery/administration/configuration/certificatesslfiles.md rename to docs/privilegesecurediscovery/2.22/administration/configuration/certificatesslfiles.md diff --git a/docs/privilegesecurediscovery/administration/configuration/changepasswords.md b/docs/privilegesecurediscovery/2.22/administration/configuration/changepasswords.md similarity index 100% rename from docs/privilegesecurediscovery/administration/configuration/changepasswords.md rename to docs/privilegesecurediscovery/2.22/administration/configuration/changepasswords.md diff --git a/docs/privilegesecurediscovery/administration/configuration/configureadfs.md b/docs/privilegesecurediscovery/2.22/administration/configuration/configureadfs.md similarity index 100% rename from docs/privilegesecurediscovery/administration/configuration/configureadfs.md rename to docs/privilegesecurediscovery/2.22/administration/configuration/configureadfs.md diff --git a/docs/privilegesecurediscovery/administration/configuration/duoaccessgateway.md b/docs/privilegesecurediscovery/2.22/administration/configuration/duoaccessgateway.md similarity index 94% rename from docs/privilegesecurediscovery/administration/configuration/duoaccessgateway.md rename to docs/privilegesecurediscovery/2.22/administration/configuration/duoaccessgateway.md index ad7d3fc8a2..25fd7c7164 100644 --- a/docs/privilegesecurediscovery/administration/configuration/duoaccessgateway.md +++ b/docs/privilegesecurediscovery/2.22/administration/configuration/duoaccessgateway.md @@ -14,7 +14,7 @@ SSO: Duo Access Gateway (DAG) This topic covers integrating Privilege Secure with Duo using a Duo on-premise Duo Access Gateway (DAG) SSO. Please find an article detailing the Privilege Secure terms here: -[SSO Configuration](/docs/privilegesecurediscovery/administration/configuration/ssoconfiguration.md) +[SSO Configuration](./ssoconfiguration.md) ## Prerequisites @@ -112,7 +112,7 @@ or disable SSO when appropriate: If you are using ADFS as an authentication source and receive a "SAML Assertion Not Yet Valid" while trying to log in, please see:  -[Configure ADFS (Active Directory Federation Services) SSO](/docs/privilegesecurediscovery/administration/configuration/configureadfs.md) +[Configure ADFS (Active Directory Federation Services) SSO](./configureadfs.md) ## Additional Information @@ -121,3 +121,5 @@ trying to log in, please see:  [https://duo.com/docs/sso-generic](https://duo.com/docs/sso-generic) [https://duo.com/docs/sso](https://duo.com/docs/sso) + + diff --git a/docs/privilegesecurediscovery/administration/configuration/duohostedsso.md b/docs/privilegesecurediscovery/2.22/administration/configuration/duohostedsso.md similarity index 93% rename from docs/privilegesecurediscovery/administration/configuration/duohostedsso.md rename to docs/privilegesecurediscovery/2.22/administration/configuration/duohostedsso.md index d30638070e..cb432d2467 100644 --- a/docs/privilegesecurediscovery/administration/configuration/duohostedsso.md +++ b/docs/privilegesecurediscovery/2.22/administration/configuration/duohostedsso.md @@ -14,7 +14,7 @@ Duo Hosted SSO This topic covers integrating Privilege Secure with Duo using a Duo hosted SSO. Please find an article detailing the Privilege Secure SSO terms here: -[SSO Configuration](/docs/privilegesecurediscovery/administration/configuration/ssoconfiguration.md) +[SSO Configuration](./ssoconfiguration.md) ## Preqrequisites @@ -91,7 +91,7 @@ URL provided by Duo.  This is found in the application's "Metadata" section. If you are using ADFS as an authentication source and receive a "SAML Assertion Not Yet Valid" while trying to log in, please see:  -[Configure ADFS (Active Directory Federation Services) SSO](/docs/privilegesecurediscovery/administration/configuration/configureadfs.md) +[Configure ADFS (Active Directory Federation Services) SSO](./configureadfs.md) ## Additional Information @@ -100,3 +100,5 @@ trying to log in, please see:  [https://duo.com/docs/sso-generic](https://duo.com/docs/sso-generic) [https://duo.com/docs/sso](https://duo.com/docs/sso) + + diff --git a/docs/privilegesecurediscovery/administration/configuration/gpos.md b/docs/privilegesecurediscovery/2.22/administration/configuration/gpos.md similarity index 93% rename from docs/privilegesecurediscovery/administration/configuration/gpos.md rename to docs/privilegesecurediscovery/2.22/administration/configuration/gpos.md index fe98ddfe4a..3bdd675051 100644 --- a/docs/privilegesecurediscovery/administration/configuration/gpos.md +++ b/docs/privilegesecurediscovery/2.22/administration/configuration/gpos.md @@ -34,4 +34,6 @@ accounts) and GPO, using Restricted Groups, is removing them again. - Example of how to use GPO to add the Privilege Secure service account (the "Protect Mode" account). - [Add Privilege Secure Protect Mode Account to Windows Endpoints via GPO](/docs/privilegesecurediscovery/requirements/technicalpreparation/productmodeaccount.md) + [Add Privilege Secure Protect Mode Account to Windows Endpoints via GPO](../../requirements/technicalpreparation/productmodeaccount.md) + + diff --git a/docs/privilegesecurediscovery/administration/configuration/jitasessionduration.md b/docs/privilegesecurediscovery/2.22/administration/configuration/jitasessionduration.md similarity index 100% rename from docs/privilegesecurediscovery/administration/configuration/jitasessionduration.md rename to docs/privilegesecurediscovery/2.22/administration/configuration/jitasessionduration.md diff --git a/docs/privilegesecurediscovery/administration/configuration/linux.md b/docs/privilegesecurediscovery/2.22/administration/configuration/linux.md similarity index 93% rename from docs/privilegesecurediscovery/administration/configuration/linux.md rename to docs/privilegesecurediscovery/2.22/administration/configuration/linux.md index 9bac83be5e..25ff123bf9 100644 --- a/docs/privilegesecurediscovery/administration/configuration/linux.md +++ b/docs/privilegesecurediscovery/2.22/administration/configuration/linux.md @@ -37,7 +37,7 @@ be completed prior registering Linux systems. - For users experienced with Linux, add line to /etc/sudoers file with the permissions for user, ‘example_user’ show here: `example_user ALL=(ALL) NOPASSWD: ALL` - - [Linux: Add Sudo User to Ubuntu System](/docs/privilegesecurediscovery/administration/systemmanagement/linuxaddsudouser.md) + - [Linux: Add Sudo User to Ubuntu System](../systemmanagement/linuxaddsudouser.md) ### Linux Registration - (pre 2.18.0) @@ -47,9 +47,9 @@ Linux registration can be completed via either of the below methods. The Postman for a single system registration and the QuickStart option will allow for bulk systems registration. - Postman program (used for individual system registration) - - [Postman Linux Registration](/docs/privilegesecurediscovery/requirements/technicalpreparation/postmanlinuxregistration.md) + [Postman Linux Registration](../../requirements/technicalpreparation/postmanlinuxregistration.md) - QuickStart script (used for bulk system registration) - - [QuickStart Script](/docs/privilegesecurediscovery/administration/configuration/quickstartscript.md) + [QuickStart Script](./quickstartscript.md) ## JITA Request for Linux Systems @@ -126,3 +126,5 @@ Privilege Secure reads the sudoers file, within the /etc directory, to check for privilege specifications. During JITA sessions and expirations Privilege Secure will modify the /etc/sudoers file. + + diff --git a/docs/privilegesecurediscovery/administration/configuration/linuxandad.md b/docs/privilegesecurediscovery/2.22/administration/configuration/linuxandad.md similarity index 98% rename from docs/privilegesecurediscovery/administration/configuration/linuxandad.md rename to docs/privilegesecurediscovery/2.22/administration/configuration/linuxandad.md index 725a7a3375..530a2468f5 100644 --- a/docs/privilegesecurediscovery/administration/configuration/linuxandad.md +++ b/docs/privilegesecurediscovery/2.22/administration/configuration/linuxandad.md @@ -52,7 +52,7 @@ local accounts or AD Directory accounts, we have you covered. - Privilege Secure manages Linux systems without using an agent, and this requires a registration step to establish a local service account with SSH access and Sudo permissions. - - [Privilege Secure and Linux](/docs/privilegesecurediscovery/administration/configuration/linux.md) + - [Privilege Secure and Linux](./linux.md) - AD-joined Linux systems (Using Centrify, PB Open, SSSD/RealmD) will be discovered in AD by Privilege Secure before "registration" occurs but can not be Scanned or protected until a Privilege Secure service account is established on the system. @@ -160,3 +160,5 @@ local accounts or AD Directory accounts, we have you covered. Depending on the bridging configuration the systems might accept short names or fully qualified names. We expect the fully qualified name to always work. A user could theoretically log in with `domain\username` OR `username@domain`. + + diff --git a/docs/privilegesecurediscovery/administration/configuration/linuxsimplified2.18+.md b/docs/privilegesecurediscovery/2.22/administration/configuration/linuxsimplified2.18+.md similarity index 100% rename from docs/privilegesecurediscovery/administration/configuration/linuxsimplified2.18+.md rename to docs/privilegesecurediscovery/2.22/administration/configuration/linuxsimplified2.18+.md diff --git a/docs/privilegesecurediscovery/administration/configuration/logchanges2.20.md b/docs/privilegesecurediscovery/2.22/administration/configuration/logchanges2.20.md similarity index 100% rename from docs/privilegesecurediscovery/administration/configuration/logchanges2.20.md rename to docs/privilegesecurediscovery/2.22/administration/configuration/logchanges2.20.md diff --git a/docs/privilegesecurediscovery/administration/configuration/oampasswordconfig.md b/docs/privilegesecurediscovery/2.22/administration/configuration/oampasswordconfig.md similarity index 100% rename from docs/privilegesecurediscovery/administration/configuration/oampasswordconfig.md rename to docs/privilegesecurediscovery/2.22/administration/configuration/oampasswordconfig.md diff --git a/docs/privilegesecurediscovery/administration/configuration/oktaintegration.md b/docs/privilegesecurediscovery/2.22/administration/configuration/oktaintegration.md similarity index 100% rename from docs/privilegesecurediscovery/administration/configuration/oktaintegration.md rename to docs/privilegesecurediscovery/2.22/administration/configuration/oktaintegration.md diff --git a/docs/privilegesecurediscovery/administration/configuration/quickstartscript.md b/docs/privilegesecurediscovery/2.22/administration/configuration/quickstartscript.md similarity index 100% rename from docs/privilegesecurediscovery/administration/configuration/quickstartscript.md rename to docs/privilegesecurediscovery/2.22/administration/configuration/quickstartscript.md diff --git a/docs/privilegesecurediscovery/administration/configuration/radius.md b/docs/privilegesecurediscovery/2.22/administration/configuration/radius.md similarity index 100% rename from docs/privilegesecurediscovery/administration/configuration/radius.md rename to docs/privilegesecurediscovery/2.22/administration/configuration/radius.md diff --git a/docs/privilegesecurediscovery/administration/configuration/removepersistence.md b/docs/privilegesecurediscovery/2.22/administration/configuration/removepersistence.md similarity index 96% rename from docs/privilegesecurediscovery/administration/configuration/removepersistence.md rename to docs/privilegesecurediscovery/2.22/administration/configuration/removepersistence.md index 417a34aea5..3c57a30db9 100644 --- a/docs/privilegesecurediscovery/administration/configuration/removepersistence.md +++ b/docs/privilegesecurediscovery/2.22/administration/configuration/removepersistence.md @@ -13,7 +13,7 @@ Remove Persistence on Machines ## Overview Once freeze mode has been implemented -([Freeze Mode](/docs/privilegesecurediscovery/requirements/technicalpreparation/freeze_mode.md)), +([Freeze Mode](../../requirements/technicalpreparation/freeze_mode.md)), persistent access needs to be reduced. This should be done in a risk-based approach, by targeting the groups that convey most access. This activity can be split by @@ -70,7 +70,7 @@ interactive group can easily be done by Quickstart. The method for carrying this out is detailed in the “Applying a Service Account Directly to a Machine” article -([](https://remediant.zendesk.com/hc/en-us/articles/4995338773655-Applying-a-Service-Account-from-an-existing-AD-group-Directly-to-a-Machine)[Apply a Service Account from an existing AD group Directly to a Machine](/docs/privilegesecurediscovery/administration/configuration/applyserviceaccount.md)). +([](https://remediant.zendesk.com/hc/en-us/articles/4995338773655-Applying-a-Service-Account-from-an-existing-AD-group-Directly-to-a-Machine)[Apply a Service Account from an existing AD group Directly to a Machine](./applyserviceaccount.md)). ### Pull Quickstart File @@ -154,3 +154,5 @@ managed easier: Version Requirements All + + diff --git a/docs/privilegesecurediscovery/administration/configuration/resetmfatokens.md b/docs/privilegesecurediscovery/2.22/administration/configuration/resetmfatokens.md similarity index 93% rename from docs/privilegesecurediscovery/administration/configuration/resetmfatokens.md rename to docs/privilegesecurediscovery/2.22/administration/configuration/resetmfatokens.md index fbaa878b64..39ccbffddd 100644 --- a/docs/privilegesecurediscovery/administration/configuration/resetmfatokens.md +++ b/docs/privilegesecurediscovery/2.22/administration/configuration/resetmfatokens.md @@ -21,7 +21,7 @@ token at next login. Please see the Privilege Secure User Guide - First Time Logging In for setting new MFA: -- [First Login](/docs/privilegesecurediscovery/administration/systemmanagement/firstlogin.md) +- [First Login](../systemmanagement/firstlogin.md) ## Reset MFA Inherited by AD Group @@ -54,4 +54,6 @@ appropriate user's MFA token: Please see the Privilege Secure User Guide - First Time Logging In for setting new MFA: -- [First Login](/docs/privilegesecurediscovery/administration/systemmanagement/firstlogin.md) +- [First Login](../systemmanagement/firstlogin.md) + + diff --git a/docs/privilegesecurediscovery/administration/configuration/saslkerberos.md b/docs/privilegesecurediscovery/2.22/administration/configuration/saslkerberos.md similarity index 100% rename from docs/privilegesecurediscovery/administration/configuration/saslkerberos.md rename to docs/privilegesecurediscovery/2.22/administration/configuration/saslkerberos.md diff --git a/docs/privilegesecurediscovery/administration/configuration/sessiontimeouts.md b/docs/privilegesecurediscovery/2.22/administration/configuration/sessiontimeouts.md similarity index 100% rename from docs/privilegesecurediscovery/administration/configuration/sessiontimeouts.md rename to docs/privilegesecurediscovery/2.22/administration/configuration/sessiontimeouts.md diff --git a/docs/privilegesecurediscovery/administration/configuration/spinitiatedsso.md b/docs/privilegesecurediscovery/2.22/administration/configuration/spinitiatedsso.md similarity index 100% rename from docs/privilegesecurediscovery/administration/configuration/spinitiatedsso.md rename to docs/privilegesecurediscovery/2.22/administration/configuration/spinitiatedsso.md diff --git a/docs/privilegesecurediscovery/administration/configuration/sslcsr.md b/docs/privilegesecurediscovery/2.22/administration/configuration/sslcsr.md similarity index 100% rename from docs/privilegesecurediscovery/administration/configuration/sslcsr.md rename to docs/privilegesecurediscovery/2.22/administration/configuration/sslcsr.md diff --git a/docs/privilegesecurediscovery/administration/configuration/ssoconfiguration.md b/docs/privilegesecurediscovery/2.22/administration/configuration/ssoconfiguration.md similarity index 100% rename from docs/privilegesecurediscovery/administration/configuration/ssoconfiguration.md rename to docs/privilegesecurediscovery/2.22/administration/configuration/ssoconfiguration.md diff --git a/docs/privilegesecurediscovery/administration/configuration/uibranding.md b/docs/privilegesecurediscovery/2.22/administration/configuration/uibranding.md similarity index 100% rename from docs/privilegesecurediscovery/administration/configuration/uibranding.md rename to docs/privilegesecurediscovery/2.22/administration/configuration/uibranding.md diff --git a/docs/privilegesecurediscovery/administration/configuration/webservercertificate.md b/docs/privilegesecurediscovery/2.22/administration/configuration/webservercertificate.md similarity index 98% rename from docs/privilegesecurediscovery/administration/configuration/webservercertificate.md rename to docs/privilegesecurediscovery/2.22/administration/configuration/webservercertificate.md index 0918fb5ea0..2a23a900f6 100644 --- a/docs/privilegesecurediscovery/administration/configuration/webservercertificate.md +++ b/docs/privilegesecurediscovery/2.22/administration/configuration/webservercertificate.md @@ -30,7 +30,7 @@ the like, it is recommended to add the public certificate chain for the CA to th the Privilege Secure nodes. See the -[Add a Certificate Authority to the Ubuntu Trusted Authorities Repository](/docs/privilegesecurediscovery/administration/configuration/addcertificateauthority.md) +[Add a Certificate Authority to the Ubuntu Trusted Authorities Repository](./addcertificateauthority.md) topic for additional information. **NOTE:** If the Privilege Secure web application does not function after updating the certificate, @@ -279,3 +279,5 @@ Unencrypted headers look like this: **CAUTION:** Be aware that having an unencrypted private key adds a security risk by making it easier to obtain your private key if the private key file is stolen. For more information on OpenSSL please visit: [www.openssl.org](http://www.openssl.org/) + + diff --git a/docs/privilegesecurediscovery/administration/onpremmaintenance/_category_.json b/docs/privilegesecurediscovery/2.22/administration/onpremmaintenance/_category_.json similarity index 100% rename from docs/privilegesecurediscovery/administration/onpremmaintenance/_category_.json rename to docs/privilegesecurediscovery/2.22/administration/onpremmaintenance/_category_.json diff --git a/docs/privilegesecurediscovery/administration/onpremmaintenance/dellr430r440idrac9.md b/docs/privilegesecurediscovery/2.22/administration/onpremmaintenance/dellr430r440idrac9.md similarity index 100% rename from docs/privilegesecurediscovery/administration/onpremmaintenance/dellr430r440idrac9.md rename to docs/privilegesecurediscovery/2.22/administration/onpremmaintenance/dellr430r440idrac9.md diff --git a/docs/privilegesecurediscovery/administration/onpremmaintenance/failback.md b/docs/privilegesecurediscovery/2.22/administration/onpremmaintenance/failback.md similarity index 98% rename from docs/privilegesecurediscovery/administration/onpremmaintenance/failback.md rename to docs/privilegesecurediscovery/2.22/administration/onpremmaintenance/failback.md index 1b0ca2f4f9..9fb5dc1878 100644 --- a/docs/privilegesecurediscovery/administration/onpremmaintenance/failback.md +++ b/docs/privilegesecurediscovery/2.22/administration/onpremmaintenance/failback.md @@ -14,7 +14,7 @@ This Failback article covers the process of restoring Privilege Secure operation environment from a previously completed failover to DR. This guideline is in the general flow process and can/will be adjusted based on organizational needs or requirements. More information on DR (Disater Recovery) can be viewed in the following topic: -[High Availability (HA) and Disaster Recovery (DR) Options](/docs/privilegesecurediscovery/requirements/haanddr.md). +[High Availability (HA) and Disaster Recovery (DR) Options](../../requirements/haanddr.md). ![failback.jpg](/images/privilegesecure/4.2/discovery/admin/maintenance/1500001380942_failback_782x153.webp) @@ -179,3 +179,5 @@ At this point the failover process has been completed and you should be able to: - Lastly, users should be able to search, load, and request access to systems that you have access to via the Access > Grant Access page. Once access has been granted, confirm you can RDP/SSH into the Windows/Linux machines. + + diff --git a/docs/privilegesecurediscovery/administration/onpremmaintenance/linuxremovesnapbin.md b/docs/privilegesecurediscovery/2.22/administration/onpremmaintenance/linuxremovesnapbin.md similarity index 100% rename from docs/privilegesecurediscovery/administration/onpremmaintenance/linuxremovesnapbin.md rename to docs/privilegesecurediscovery/2.22/administration/onpremmaintenance/linuxremovesnapbin.md diff --git a/docs/privilegesecurediscovery/administration/onpremmaintenance/operational.md b/docs/privilegesecurediscovery/2.22/administration/onpremmaintenance/operational.md similarity index 98% rename from docs/privilegesecurediscovery/administration/onpremmaintenance/operational.md rename to docs/privilegesecurediscovery/2.22/administration/onpremmaintenance/operational.md index ee76ab431e..fd26f43c06 100644 --- a/docs/privilegesecurediscovery/administration/onpremmaintenance/operational.md +++ b/docs/privilegesecurediscovery/2.22/administration/onpremmaintenance/operational.md @@ -74,7 +74,7 @@ Test (suggested minimum yearly) - Typically a SIEM solution is best placed to report any issues that can be captured in Privilege Secure logs. - An example set of queries for Splunk is included here: - [Splunk and SIEM Queries](/docs/privilegesecurediscovery/integrations/siem/splunkqueries.md) + [Splunk and SIEM Queries](../../integrations/siem/splunkqueries.md) - The "change system policy" output should be reviewed for any removal of protect mode. - The "slow JITA access" and "time it takes for JITA access" can give an indication if users are being slowed down in their ability to elevate privilege when utilizing Privilege Secure. @@ -133,3 +133,5 @@ sudo docker exec -it $(sudo docker ps | grep mongo | cut -d' ' -f1) mongo Secure - Ensure quarterly meeting to review updates to Privilege Secure version and OS patches/updates. - Patches can be applied monthly. The Customer Success team can be contacted prior to updates to ensure no known issues. + + diff --git a/docs/privilegesecurediscovery/administration/onpremmaintenance/ssh.md b/docs/privilegesecurediscovery/2.22/administration/onpremmaintenance/ssh.md similarity index 100% rename from docs/privilegesecurediscovery/administration/onpremmaintenance/ssh.md rename to docs/privilegesecurediscovery/2.22/administration/onpremmaintenance/ssh.md diff --git a/docs/privilegesecurediscovery/administration/onpremmaintenance/updateosonappliances.md b/docs/privilegesecurediscovery/2.22/administration/onpremmaintenance/updateosonappliances.md similarity index 97% rename from docs/privilegesecurediscovery/administration/onpremmaintenance/updateosonappliances.md rename to docs/privilegesecurediscovery/2.22/administration/onpremmaintenance/updateosonappliances.md index d6885563ad..77478cfe6b 100644 --- a/docs/privilegesecurediscovery/administration/onpremmaintenance/updateosonappliances.md +++ b/docs/privilegesecurediscovery/2.22/administration/onpremmaintenance/updateosonappliances.md @@ -25,7 +25,7 @@ Privilege Secure will be offline for 30-60 minutes. ## Requirements - 30-60 minute scheduled maintenance window with expected downtim -- [Install the S1 CLI Helper Utility ](/docs/privilegesecurediscovery/installation/s1clihelperutility.md) +- [Install the S1 CLI Helper Utility ](../../installation/s1clihelperutility.md) ## Use Case: Cluster In-Place (1 node at a Time, No Downtime) @@ -163,3 +163,5 @@ existing configurations, setting, or file. **Step 5 –** After reboot complete, log in and check Privilege Secure services and nodes status: - s1 status; s1 nodes + + diff --git a/docs/privilegesecurediscovery/administration/reporting/_category_.json b/docs/privilegesecurediscovery/2.22/administration/reporting/_category_.json similarity index 100% rename from docs/privilegesecurediscovery/administration/reporting/_category_.json rename to docs/privilegesecurediscovery/2.22/administration/reporting/_category_.json diff --git a/docs/privilegesecurediscovery/administration/reporting/accessrisk.md b/docs/privilegesecurediscovery/2.22/administration/reporting/accessrisk.md similarity index 100% rename from docs/privilegesecurediscovery/administration/reporting/accessrisk.md rename to docs/privilegesecurediscovery/2.22/administration/reporting/accessrisk.md diff --git a/docs/privilegesecurediscovery/administration/reporting/applicationlogbasics.md b/docs/privilegesecurediscovery/2.22/administration/reporting/applicationlogbasics.md similarity index 100% rename from docs/privilegesecurediscovery/administration/reporting/applicationlogbasics.md rename to docs/privilegesecurediscovery/2.22/administration/reporting/applicationlogbasics.md diff --git a/docs/privilegesecurediscovery/administration/reporting/dashboardguide.md b/docs/privilegesecurediscovery/2.22/administration/reporting/dashboardguide.md similarity index 100% rename from docs/privilegesecurediscovery/administration/reporting/dashboardguide.md rename to docs/privilegesecurediscovery/2.22/administration/reporting/dashboardguide.md diff --git a/docs/privilegesecurediscovery/administration/reporting/licensingdetails.md b/docs/privilegesecurediscovery/2.22/administration/reporting/licensingdetails.md similarity index 100% rename from docs/privilegesecurediscovery/administration/reporting/licensingdetails.md rename to docs/privilegesecurediscovery/2.22/administration/reporting/licensingdetails.md diff --git a/docs/privilegesecurediscovery/administration/reporting/logparsing.md b/docs/privilegesecurediscovery/2.22/administration/reporting/logparsing.md similarity index 100% rename from docs/privilegesecurediscovery/administration/reporting/logparsing.md rename to docs/privilegesecurediscovery/2.22/administration/reporting/logparsing.md diff --git a/docs/privilegesecurediscovery/administration/reporting/standingprivilegescript.md b/docs/privilegesecurediscovery/2.22/administration/reporting/standingprivilegescript.md similarity index 100% rename from docs/privilegesecurediscovery/administration/reporting/standingprivilegescript.md rename to docs/privilegesecurediscovery/2.22/administration/reporting/standingprivilegescript.md diff --git a/docs/privilegesecurediscovery/administration/reporting/systemmanagementscreen.md b/docs/privilegesecurediscovery/2.22/administration/reporting/systemmanagementscreen.md similarity index 100% rename from docs/privilegesecurediscovery/administration/reporting/systemmanagementscreen.md rename to docs/privilegesecurediscovery/2.22/administration/reporting/systemmanagementscreen.md diff --git a/docs/privilegesecurediscovery/administration/systemmanagement/403zerousns.md b/docs/privilegesecurediscovery/2.22/administration/systemmanagement/403zerousns.md similarity index 100% rename from docs/privilegesecurediscovery/administration/systemmanagement/403zerousns.md rename to docs/privilegesecurediscovery/2.22/administration/systemmanagement/403zerousns.md diff --git a/docs/privilegesecurediscovery/administration/systemmanagement/_category_.json b/docs/privilegesecurediscovery/2.22/administration/systemmanagement/_category_.json similarity index 100% rename from docs/privilegesecurediscovery/administration/systemmanagement/_category_.json rename to docs/privilegesecurediscovery/2.22/administration/systemmanagement/_category_.json diff --git a/docs/privilegesecurediscovery/administration/systemmanagement/adduserorgroup.md b/docs/privilegesecurediscovery/2.22/administration/systemmanagement/adduserorgroup.md similarity index 91% rename from docs/privilegesecurediscovery/administration/systemmanagement/adduserorgroup.md rename to docs/privilegesecurediscovery/2.22/administration/systemmanagement/adduserorgroup.md index b533953004..a9c0bae083 100644 --- a/docs/privilegesecurediscovery/administration/systemmanagement/adduserorgroup.md +++ b/docs/privilegesecurediscovery/2.22/administration/systemmanagement/adduserorgroup.md @@ -76,9 +76,11 @@ Data Sheet, Provision Account column. For additional information, see the following topics: -- [QuickStart Script](/docs/privilegesecurediscovery/administration/configuration/quickstartscript.md) -- [Quickstart Fields Demystified](/docs/privilegesecurediscovery/administration/systemmanagement/quickstartfields.md) +- [QuickStart Script](../configuration/quickstartscript.md) +- [Quickstart Fields Demystified](./quickstartfields.md) Replicate sudo permissions to one or many systems: -- [Linux: Replicate Sudo Permissions to Many Systems Using QuickStart](/docs/privilegesecurediscovery/administration/systemmanagement/linuxsudopermissions.md) +- [Linux: Replicate Sudo Permissions to Many Systems Using QuickStart](./linuxsudopermissions.md) + + diff --git a/docs/privilegesecurediscovery/administration/systemmanagement/bulkactions.md b/docs/privilegesecurediscovery/2.22/administration/systemmanagement/bulkactions.md similarity index 100% rename from docs/privilegesecurediscovery/administration/systemmanagement/bulkactions.md rename to docs/privilegesecurediscovery/2.22/administration/systemmanagement/bulkactions.md diff --git a/docs/privilegesecurediscovery/administration/systemmanagement/commonuierrors.md b/docs/privilegesecurediscovery/2.22/administration/systemmanagement/commonuierrors.md similarity index 99% rename from docs/privilegesecurediscovery/administration/systemmanagement/commonuierrors.md rename to docs/privilegesecurediscovery/2.22/administration/systemmanagement/commonuierrors.md index 3400497a64..5fbbf9dab2 100644 --- a/docs/privilegesecurediscovery/administration/systemmanagement/commonuierrors.md +++ b/docs/privilegesecurediscovery/2.22/administration/systemmanagement/commonuierrors.md @@ -22,9 +22,9 @@ Dynamic DNS records. - Cause 1 – Privilege Secure scan account does not have permissions to enumerate the local Administrators group. The GPO allowing the scan account to make remote calls to SAM. - Solution 1 – - [Scan GPO Guide (Server 2016+ Domain Controllers)](/docs/privilegesecurediscovery/requirements/technicalpreparation/scangposerver2016+dcs.md) + [Scan GPO Guide (Server 2016+ Domain Controllers)](../../requirements/technicalpreparation/scangposerver2016+dcs.md) or - [Scan GPO Guide (Server 2012 or 2008 Domain Controllers)](/docs/privilegesecurediscovery/requirements/technicalpreparation/scangposerver2012or2008dcs.md) + [Scan GPO Guide (Server 2012 or 2008 Domain Controllers)](../../requirements/technicalpreparation/scangposerver2012or2008dcs.md) - Cause 2 – System can not reach a domain controller for AD account authentication.  Can verify by receiving an error to that affect while attempting to RDP to that system using an AD account.  If a terminal is available via EDR or remote management solution, you can also verify by running a @@ -138,3 +138,5 @@ Indicates an operation that is incompatible with built-in accounts has been atte | SAMR Session Error: unknown error code: 0xc000a08b Note: This is a passthrough error from Windows, it is not generated by Privilege Secure and is generated on the endpoint during the attempted action. | Microsoft LAPS is preventing password changes to the local Administrator account (RID 500).  You can verify Microsoft LAPS is blocking the password change the Event Viewer logs under: Applications and Services > Microsoft > Windows > LAPS > Operational Reference [https://learn.microsoft.com/en-us/windows-server/identity/laps/laps-management-event-log](https://learn.microsoft.com/en-us/windows-server/identity/laps/laps-management-event-log) | - Solution – Prevent LAPS Group Policy Object from being applied to the system. - Workaround – Disable Privilege Secure OAM rotating the local Administrator account password.  This will allow Privilege Secure to still keep the local Administrator account disabled, and manage an alternate administrator account. | | SAMR SessionError: unknown error code: 0xc000030c Note: This is a passthrough error from Windows, it is not generated by Privilege Secure and is generated on the endpoint during the attempted action. | The local Administrator (RID 500 account) password was never set and is blank. EAS policy requires that the user change their password before this operation can be performed. | Set a local Administrator (RID 500 account) password. | | (Popup) The file does not have a header with value "Name" | When using the "Select By File" on the Management => Systems page, a CSV is being uploaded that was edited and saved in Excel as a CSV file.  This removed the quote marks that a CSV upload requires. | - Solution 1 – Save a CSV edited in Excel as an Excel  \*.xlsx file - Solution 2 – Edit and save CSV with a text edition | + + diff --git a/docs/privilegesecurediscovery/administration/systemmanagement/firstlogin.md b/docs/privilegesecurediscovery/2.22/administration/systemmanagement/firstlogin.md similarity index 100% rename from docs/privilegesecurediscovery/administration/systemmanagement/firstlogin.md rename to docs/privilegesecurediscovery/2.22/administration/systemmanagement/firstlogin.md diff --git a/docs/privilegesecurediscovery/administration/systemmanagement/jitasessions.md b/docs/privilegesecurediscovery/2.22/administration/systemmanagement/jitasessions.md similarity index 100% rename from docs/privilegesecurediscovery/administration/systemmanagement/jitasessions.md rename to docs/privilegesecurediscovery/2.22/administration/systemmanagement/jitasessions.md diff --git a/docs/privilegesecurediscovery/administration/systemmanagement/linuxaddsudouser.md b/docs/privilegesecurediscovery/2.22/administration/systemmanagement/linuxaddsudouser.md similarity index 100% rename from docs/privilegesecurediscovery/administration/systemmanagement/linuxaddsudouser.md rename to docs/privilegesecurediscovery/2.22/administration/systemmanagement/linuxaddsudouser.md diff --git a/docs/privilegesecurediscovery/administration/systemmanagement/linuxandmac.md b/docs/privilegesecurediscovery/2.22/administration/systemmanagement/linuxandmac.md similarity index 100% rename from docs/privilegesecurediscovery/administration/systemmanagement/linuxandmac.md rename to docs/privilegesecurediscovery/2.22/administration/systemmanagement/linuxandmac.md diff --git a/docs/privilegesecurediscovery/administration/systemmanagement/linuxgranularsudo.md b/docs/privilegesecurediscovery/2.22/administration/systemmanagement/linuxgranularsudo.md similarity index 100% rename from docs/privilegesecurediscovery/administration/systemmanagement/linuxgranularsudo.md rename to docs/privilegesecurediscovery/2.22/administration/systemmanagement/linuxgranularsudo.md diff --git a/docs/privilegesecurediscovery/administration/systemmanagement/linuxsudopermissions.md b/docs/privilegesecurediscovery/2.22/administration/systemmanagement/linuxsudopermissions.md similarity index 100% rename from docs/privilegesecurediscovery/administration/systemmanagement/linuxsudopermissions.md rename to docs/privilegesecurediscovery/2.22/administration/systemmanagement/linuxsudopermissions.md diff --git a/docs/privilegesecurediscovery/administration/systemmanagement/oamextended.md b/docs/privilegesecurediscovery/2.22/administration/systemmanagement/oamextended.md similarity index 100% rename from docs/privilegesecurediscovery/administration/systemmanagement/oamextended.md rename to docs/privilegesecurediscovery/2.22/administration/systemmanagement/oamextended.md diff --git a/docs/privilegesecurediscovery/administration/systemmanagement/quickstartfields.md b/docs/privilegesecurediscovery/2.22/administration/systemmanagement/quickstartfields.md similarity index 100% rename from docs/privilegesecurediscovery/administration/systemmanagement/quickstartfields.md rename to docs/privilegesecurediscovery/2.22/administration/systemmanagement/quickstartfields.md diff --git a/docs/privilegesecurediscovery/administration/systemmanagement/removeasystem.md b/docs/privilegesecurediscovery/2.22/administration/systemmanagement/removeasystem.md similarity index 100% rename from docs/privilegesecurediscovery/administration/systemmanagement/removeasystem.md rename to docs/privilegesecurediscovery/2.22/administration/systemmanagement/removeasystem.md diff --git a/docs/privilegesecurediscovery/administration/systemmanagement/restoreasystem.md b/docs/privilegesecurediscovery/2.22/administration/systemmanagement/restoreasystem.md similarity index 100% rename from docs/privilegesecurediscovery/administration/systemmanagement/restoreasystem.md rename to docs/privilegesecurediscovery/2.22/administration/systemmanagement/restoreasystem.md diff --git a/docs/privilegesecurediscovery/gettingstarted.md b/docs/privilegesecurediscovery/2.22/gettingstarted.md similarity index 89% rename from docs/privilegesecurediscovery/gettingstarted.md rename to docs/privilegesecurediscovery/2.22/gettingstarted.md index 4ad08920e2..5a474bdaea 100644 --- a/docs/privilegesecurediscovery/gettingstarted.md +++ b/docs/privilegesecurediscovery/2.22/gettingstarted.md @@ -41,7 +41,7 @@ on VMs. Some key questions need to be determined prior to install: The Customer Success team can provide guidance and documentation to determine the best approach for DR. For a VM installation, the required virtual machine sizes are in this article: -[Virtual Machines](/docs/privilegesecurediscovery/requirements/virtualmachines.md) +[Virtual Machines](./requirements/virtualmachines.md) Allow for a two hour window to install the production environment and another two hour window to install the DR environment. A further 2hr window should be setup for backup and restore scripts to be @@ -61,7 +61,7 @@ Configuration). This is domain specific and is opened by clicking the > sign nex - The scan mode account should then be used to rollout a GPO change to ensure all Windows machines are able to be scanned. The details on how to make this GPO change are detailed in this article: - [Scan GPO Guide (Server 2012 or 2008 Domain Controllers)](/docs/privilegesecurediscovery/requirements/technicalpreparation/scangposerver2012or2008dcs.md) + [Scan GPO Guide (Server 2012 or 2008 Domain Controllers)](./requirements/technicalpreparation/scangposerver2012or2008dcs.md) - Set the domain to be scanned Once these are set the domain can be scanned. @@ -71,13 +71,13 @@ Groups, OUs, Users, etc. A load balanced connection will cause group updates to correctly. The dashboard can now be reviewed. An explanation of the dashboard is available in this article: -[Dashboard Guide](/docs/privilegesecurediscovery/administration/reporting/dashboardguide.md) +[Dashboard Guide](./administration/reporting/dashboardguide.md) ## Adding Users To Privilege Secure Privilege Secure utilizes two levels of user accounts, User and Administrator. These are explained in the article below: -[Add a User or Group to a Systems' Administrator Account Inventory](/docs/privilegesecurediscovery/administration/systemmanagement/adduserorgroup.md) +[Add a User or Group to a Systems' Administrator Account Inventory](./administration/systemmanagement/adduserorgroup.md) Before protect mode is rolled out users that would require privileged access should be added to Privilege Secure. This is typically done by means of an AD group. The Config/Users and Groups page is used to @@ -132,7 +132,7 @@ detail toPrivilege Secure for multiple systems in one go. ## Install Python Version 2.7 Follow the following article to install Python: -[Linux Registrations Prerequisites](/docs/privilegesecurediscovery/requirements/technicalpreparation/linuxregistrationsprerequisites.md) +[Linux Registrations Prerequisites](./requirements/technicalpreparation/linuxregistrationsprerequisites.md) ## Download Privilege Secure Reporting Tools (Quickstart) @@ -141,7 +141,7 @@ way of understanding the full access across the organization by system and also of making changes to Privilege Secure in bulk. - Download the script zip file from: - [QuickStart Script](/docs/privilegesecurediscovery/administration/configuration/quickstartscript.md) + [QuickStart Script](./administration/configuration/quickstartscript.md) - Run `pip install -r requirements.txt` with the path to the requirements.txt file that comes with the latest quickstart script. This requires Python 2.7 and PIP to be installed (PIP is installed by default with Python). @@ -155,7 +155,7 @@ Install and configure Postman in preparation for running the Quickstart process. for updating and enrolling multiple machines into Privilege Secure. Part of the initial configuration of this requires Postman. Postman is a tool for running APIs within Privilege Secure. -- [Postman: Installing and Configuring ](/docs/privilegesecurediscovery/requirements/technicalpreparation/postman_-_installing_and_configuring_.md) +- [Postman: Installing and Configuring ](./requirements/technicalpreparation/postman_-_installing_and_configuring_.md) ## Running Quickstart @@ -180,8 +180,10 @@ More information for running Quickstart is available from the following articles How To: Offline Access Management (OAM) - Extended: -- [Offline Access Management (OAM) - Extended](/docs/privilegesecurediscovery/administration/systemmanagement/oamextended.md) +- [Offline Access Management (OAM) - Extended](./administration/systemmanagement/oamextended.md) How To: QuickStart - Offline Access Management and Registering Linux Computers -- [QuickStart Advanced Fields](/docs/privilegesecurediscovery/administration/configuration/advancedfields.md) +- [QuickStart Advanced Fields](./administration/configuration/advancedfields.md) + + diff --git a/docs/privilegesecurediscovery/index.md b/docs/privilegesecurediscovery/2.22/index.md similarity index 66% rename from docs/privilegesecurediscovery/index.md rename to docs/privilegesecurediscovery/2.22/index.md index a40f47eeea..16940596cb 100644 --- a/docs/privilegesecurediscovery/index.md +++ b/docs/privilegesecurediscovery/2.22/index.md @@ -1,14 +1,14 @@ --- -title: "Netwrix Privilege Secure for Discovery v2.21 Documentation" -description: "Netwrix Privilege Secure for Discovery v2.21 Documentation" +title: "Netwrix Privilege Secure for Discovery v2.22 Documentation" +description: "Netwrix Privilege Secure for Discovery v2.22 Documentation" sidebar_position: 1 --- -# Netwrix Privilege Secure for Discovery v2.21 Documentation +# Netwrix Privilege Secure for Discovery v2.22 Documentation -Netwrix Privilege Secure for Discovery v2.21 Documentation +Netwrix Privilege Secure for Discovery v2.22 Documentation -# Netwrix Privilege Secure for Discovery v2.21 Documentation +# Netwrix Privilege Secure for Discovery v2.22 Documentation Netwrix Privilege Secure for Discovery (formerly Remediant SecureONE) enables IT administrators and security analysts to have dynamic and continuous visibility into their organization's privileged @@ -16,3 +16,4 @@ accounts and manage them with a single click. Users then self-administer privile access to only the right resource, at the right moment and for the length of time they need to complete their job. This approach eliminates standing privileges, effectively preventing lateral movement attacks, and significantly reducing an organization’s attack surface. + diff --git a/docs/privilegesecurediscovery/installation/_category_.json b/docs/privilegesecurediscovery/2.22/installation/_category_.json similarity index 100% rename from docs/privilegesecurediscovery/installation/_category_.json rename to docs/privilegesecurediscovery/2.22/installation/_category_.json diff --git a/docs/privilegesecurediscovery/installation/dellpoweredge.md b/docs/privilegesecurediscovery/2.22/installation/dellpoweredge.md similarity index 100% rename from docs/privilegesecurediscovery/installation/dellpoweredge.md rename to docs/privilegesecurediscovery/2.22/installation/dellpoweredge.md diff --git a/docs/privilegesecurediscovery/installation/dockersecrets.md b/docs/privilegesecurediscovery/2.22/installation/dockersecrets.md similarity index 96% rename from docs/privilegesecurediscovery/installation/dockersecrets.md rename to docs/privilegesecurediscovery/2.22/installation/dockersecrets.md index c7410e0a96..89351d90fd 100644 --- a/docs/privilegesecurediscovery/installation/dockersecrets.md +++ b/docs/privilegesecurediscovery/2.22/installation/dockersecrets.md @@ -29,7 +29,7 @@ here:  [Docker: Manage sensitive data with Docker secrets](https://docs.docker ### Requirements This guide utilizes -the [Install the S1 CLI Helper Utility ](/docs/privilegesecurediscovery/installation/s1clihelperutility.md) +the [Install the S1 CLI Helper Utility ](./s1clihelperutility.md) ### Retrieve the Docker Secret from Current Privilege Secure Instance @@ -88,3 +88,5 @@ Troubleshooting section above. ### More Information [Docker: Manage sensitive data with Docker secrets](https://docs.docker.com/engine/swarm/secrets/) + + diff --git a/docs/privilegesecurediscovery/installation/machineprovisionidrac.md b/docs/privilegesecurediscovery/2.22/installation/machineprovisionidrac.md similarity index 100% rename from docs/privilegesecurediscovery/installation/machineprovisionidrac.md rename to docs/privilegesecurediscovery/2.22/installation/machineprovisionidrac.md diff --git a/docs/privilegesecurediscovery/installation/s1clihelperutility.md b/docs/privilegesecurediscovery/2.22/installation/s1clihelperutility.md similarity index 100% rename from docs/privilegesecurediscovery/installation/s1clihelperutility.md rename to docs/privilegesecurediscovery/2.22/installation/s1clihelperutility.md diff --git a/docs/privilegesecurediscovery/integrations/_category_.json b/docs/privilegesecurediscovery/2.22/integrations/_category_.json similarity index 100% rename from docs/privilegesecurediscovery/integrations/_category_.json rename to docs/privilegesecurediscovery/2.22/integrations/_category_.json diff --git a/docs/privilegesecurediscovery/integrations/api/_category_.json b/docs/privilegesecurediscovery/2.22/integrations/api/_category_.json similarity index 100% rename from docs/privilegesecurediscovery/integrations/api/_category_.json rename to docs/privilegesecurediscovery/2.22/integrations/api/_category_.json diff --git a/docs/privilegesecurediscovery/integrations/api/advancedapireference.md b/docs/privilegesecurediscovery/2.22/integrations/api/advancedapireference.md similarity index 98% rename from docs/privilegesecurediscovery/integrations/api/advancedapireference.md rename to docs/privilegesecurediscovery/2.22/integrations/api/advancedapireference.md index cbf1434ae1..e9523c66b9 100644 --- a/docs/privilegesecurediscovery/integrations/api/advancedapireference.md +++ b/docs/privilegesecurediscovery/2.22/integrations/api/advancedapireference.md @@ -227,5 +227,7 @@ Administrator linked API key/authentication will need to be used for access to t Below are the API articles that give more details on creating and authenticating using API keys for such processes. -- [API Key Management](/docs/privilegesecurediscovery/integrations/api/apikeymanagement.md) -- [Postman: Authenticate using an API key](/docs/privilegesecurediscovery/integrations/api/postmanauthenticate.md) +- [API Key Management](./apikeymanagement.md) +- [Postman: Authenticate using an API key](./postmanauthenticate.md) + + diff --git a/docs/privilegesecurediscovery/integrations/api/apikeymanagement.md b/docs/privilegesecurediscovery/2.22/integrations/api/apikeymanagement.md similarity index 100% rename from docs/privilegesecurediscovery/integrations/api/apikeymanagement.md rename to docs/privilegesecurediscovery/2.22/integrations/api/apikeymanagement.md diff --git a/docs/privilegesecurediscovery/integrations/api/apikeyrevocation.md b/docs/privilegesecurediscovery/2.22/integrations/api/apikeyrevocation.md similarity index 100% rename from docs/privilegesecurediscovery/integrations/api/apikeyrevocation.md rename to docs/privilegesecurediscovery/2.22/integrations/api/apikeyrevocation.md diff --git a/docs/privilegesecurediscovery/integrations/api/postmanauthenticate.md b/docs/privilegesecurediscovery/2.22/integrations/api/postmanauthenticate.md similarity index 96% rename from docs/privilegesecurediscovery/integrations/api/postmanauthenticate.md rename to docs/privilegesecurediscovery/2.22/integrations/api/postmanauthenticate.md index db62071959..40a8a3989e 100644 --- a/docs/privilegesecurediscovery/integrations/api/postmanauthenticate.md +++ b/docs/privilegesecurediscovery/2.22/integrations/api/postmanauthenticate.md @@ -11,7 +11,7 @@ Postman: Authenticate using an API key # Postman: Authenticate using an API key You will need a userID and an API Key that has been generated for that user.Ref: -[API Key Management](/docs/privilegesecurediscovery/integrations/api/apikeymanagement.md) +[API Key Management](./apikeymanagement.md) Follow the steps to authenticate using an API key. @@ -66,3 +66,5 @@ Now you can send GET and POST requests. Each 8 hours, you will have to run the ‘Authenticate using an API key’ POST request to refresh the token. ```` + + diff --git a/docs/privilegesecurediscovery/integrations/api/postmanlinux.md b/docs/privilegesecurediscovery/2.22/integrations/api/postmanlinux.md similarity index 100% rename from docs/privilegesecurediscovery/integrations/api/postmanlinux.md rename to docs/privilegesecurediscovery/2.22/integrations/api/postmanlinux.md diff --git a/docs/privilegesecurediscovery/integrations/edr/_category_.json b/docs/privilegesecurediscovery/2.22/integrations/edr/_category_.json similarity index 100% rename from docs/privilegesecurediscovery/integrations/edr/_category_.json rename to docs/privilegesecurediscovery/2.22/integrations/edr/_category_.json diff --git a/docs/privilegesecurediscovery/integrations/edr/carbonblack.md b/docs/privilegesecurediscovery/2.22/integrations/edr/carbonblack.md similarity index 100% rename from docs/privilegesecurediscovery/integrations/edr/carbonblack.md rename to docs/privilegesecurediscovery/2.22/integrations/edr/carbonblack.md diff --git a/docs/privilegesecurediscovery/integrations/edr/crowdstrike.md b/docs/privilegesecurediscovery/2.22/integrations/edr/crowdstrike.md similarity index 100% rename from docs/privilegesecurediscovery/integrations/edr/crowdstrike.md rename to docs/privilegesecurediscovery/2.22/integrations/edr/crowdstrike.md diff --git a/docs/privilegesecurediscovery/integrations/edr/sentinelone.md b/docs/privilegesecurediscovery/2.22/integrations/edr/sentinelone.md similarity index 100% rename from docs/privilegesecurediscovery/integrations/edr/sentinelone.md rename to docs/privilegesecurediscovery/2.22/integrations/edr/sentinelone.md diff --git a/docs/privilegesecurediscovery/integrations/siem/_category_.json b/docs/privilegesecurediscovery/2.22/integrations/siem/_category_.json similarity index 100% rename from docs/privilegesecurediscovery/integrations/siem/_category_.json rename to docs/privilegesecurediscovery/2.22/integrations/siem/_category_.json diff --git a/docs/privilegesecurediscovery/integrations/siem/additionallogs.md b/docs/privilegesecurediscovery/2.22/integrations/siem/additionallogs.md similarity index 100% rename from docs/privilegesecurediscovery/integrations/siem/additionallogs.md rename to docs/privilegesecurediscovery/2.22/integrations/siem/additionallogs.md diff --git a/docs/privilegesecurediscovery/integrations/siem/forwardlogs.md b/docs/privilegesecurediscovery/2.22/integrations/siem/forwardlogs.md similarity index 98% rename from docs/privilegesecurediscovery/integrations/siem/forwardlogs.md rename to docs/privilegesecurediscovery/2.22/integrations/siem/forwardlogs.md index 08bd43543e..ac870620b4 100644 --- a/docs/privilegesecurediscovery/integrations/siem/forwardlogs.md +++ b/docs/privilegesecurediscovery/2.22/integrations/siem/forwardlogs.md @@ -20,7 +20,7 @@ Information and Event Management (SIEM) solutions, such as: - AlienVault See the -[Splunk and SIEM Queries](/docs/privilegesecurediscovery/integrations/siem/splunkqueries.md) +[Splunk and SIEM Queries](./splunkqueries.md) topic for additional information. ## Prerequisites @@ -163,3 +163,5 @@ all the SecureONE listed services are not displaying. - -n=no dns lookup; -e=link-level header; -q=quiet (less protocol info); -i=interface; dst=destination + + diff --git a/docs/privilegesecurediscovery/integrations/siem/logs.md b/docs/privilegesecurediscovery/2.22/integrations/siem/logs.md similarity index 97% rename from docs/privilegesecurediscovery/integrations/siem/logs.md rename to docs/privilegesecurediscovery/2.22/integrations/siem/logs.md index 053d6ff3c6..cb03ccd6e8 100644 --- a/docs/privilegesecurediscovery/integrations/siem/logs.md +++ b/docs/privilegesecurediscovery/2.22/integrations/siem/logs.md @@ -14,7 +14,7 @@ Logs Most log lines are output in JSON format. The exact structure varies by service. See Service-Specific Log Format section below. See the -[Splunk (JSON) Source Type](/docs/privilegesecurediscovery/integrations/siem/splunkjson.md) +[Splunk (JSON) Source Type](./splunkjson.md) topic for additional information. ### Event Logs vs Debugging Logs @@ -140,3 +140,5 @@ Example ## Logging Configuration Privilege Secure log levels can be set in the UI for each service. + + diff --git a/docs/privilegesecurediscovery/integrations/siem/splunkjson.md b/docs/privilegesecurediscovery/2.22/integrations/siem/splunkjson.md similarity index 97% rename from docs/privilegesecurediscovery/integrations/siem/splunkjson.md rename to docs/privilegesecurediscovery/2.22/integrations/siem/splunkjson.md index ce6902cd8f..e04ce0335b 100644 --- a/docs/privilegesecurediscovery/integrations/siem/splunkjson.md +++ b/docs/privilegesecurediscovery/2.22/integrations/siem/splunkjson.md @@ -16,7 +16,7 @@ type, which is used to properly format Privilege Secure's events within Splunk. **NOTE:** JSON is the format of all Privilege Secure event logs by default. See the -[Splunk and SIEM Queries](/docs/privilegesecurediscovery/integrations/siem/splunkqueries.md) +[Splunk and SIEM Queries](./splunkqueries.md) topic for additional information. ## Examples @@ -102,3 +102,5 @@ reference the Privilege Secureapplication within Splunk. More information on Splunk source types can be viewed here:  [https://docs.splunk.com/Documentation/SplunkCloud/8.2.2203/Data/Whysourcetypesmatter](https://docs.splunk.com/Documentation/SplunkCloud/8.2.2203/Data/Whysourcetypesmatter) + + diff --git a/docs/privilegesecurediscovery/integrations/siem/splunkqueries.md b/docs/privilegesecurediscovery/2.22/integrations/siem/splunkqueries.md similarity index 100% rename from docs/privilegesecurediscovery/integrations/siem/splunkqueries.md rename to docs/privilegesecurediscovery/2.22/integrations/siem/splunkqueries.md diff --git a/docs/privilegesecurediscovery/partners/_category_.json b/docs/privilegesecurediscovery/2.22/partners/_category_.json similarity index 100% rename from docs/privilegesecurediscovery/partners/_category_.json rename to docs/privilegesecurediscovery/2.22/partners/_category_.json diff --git a/docs/privilegesecurediscovery/partners/technicalpartnerdocu/_category_.json b/docs/privilegesecurediscovery/2.22/partners/technicalpartnerdocu/_category_.json similarity index 100% rename from docs/privilegesecurediscovery/partners/technicalpartnerdocu/_category_.json rename to docs/privilegesecurediscovery/2.22/partners/technicalpartnerdocu/_category_.json diff --git a/docs/privilegesecurediscovery/partners/technicalpartnerdocu/core_services.md b/docs/privilegesecurediscovery/2.22/partners/technicalpartnerdocu/core_services.md similarity index 100% rename from docs/privilegesecurediscovery/partners/technicalpartnerdocu/core_services.md rename to docs/privilegesecurediscovery/2.22/partners/technicalpartnerdocu/core_services.md diff --git a/docs/privilegesecurediscovery/requirements/_category_.json b/docs/privilegesecurediscovery/2.22/requirements/_category_.json similarity index 100% rename from docs/privilegesecurediscovery/requirements/_category_.json rename to docs/privilegesecurediscovery/2.22/requirements/_category_.json diff --git a/docs/privilegesecurediscovery/requirements/architectureoverview.md b/docs/privilegesecurediscovery/2.22/requirements/architectureoverview.md similarity index 100% rename from docs/privilegesecurediscovery/requirements/architectureoverview.md rename to docs/privilegesecurediscovery/2.22/requirements/architectureoverview.md diff --git a/docs/privilegesecurediscovery/requirements/haanddr.md b/docs/privilegesecurediscovery/2.22/requirements/haanddr.md similarity index 96% rename from docs/privilegesecurediscovery/requirements/haanddr.md rename to docs/privilegesecurediscovery/2.22/requirements/haanddr.md index fe9cbb8c84..7994150220 100644 --- a/docs/privilegesecurediscovery/requirements/haanddr.md +++ b/docs/privilegesecurediscovery/2.22/requirements/haanddr.md @@ -31,7 +31,7 @@ Privilege Secure up and running. Three nodes for a HA cluster have been found to work for a wide range of environment sizes. These can be virtual or physical appliances. The VM requirements are listed in this -article: [Virtual Machines](/docs/privilegesecurediscovery/requirements/virtualmachines.md) +article: [Virtual Machines](./virtualmachines.md) ## Disaster Recovery (DR) @@ -59,3 +59,5 @@ The Customer Success Team are available to discuss HA and DR approaches. More in available in the attached document. Official Attachment: + + diff --git a/docs/privilegesecurediscovery/requirements/overview.md b/docs/privilegesecurediscovery/2.22/requirements/overview.md similarity index 88% rename from docs/privilegesecurediscovery/requirements/overview.md rename to docs/privilegesecurediscovery/2.22/requirements/overview.md index 79cce059d5..439f14610f 100644 --- a/docs/privilegesecurediscovery/requirements/overview.md +++ b/docs/privilegesecurediscovery/2.22/requirements/overview.md @@ -23,9 +23,9 @@ Privilege Secure can be consumed as an 'on-premises' solution. A scaled-down dep ### On Prem - Data Center or IaaS -- [Architectue Overview](/docs/privilegesecurediscovery/requirements/architectureoverview.md) +- [Architectue Overview](./architectureoverview.md) - - [High Availability (HA) and Disaster Recovery (DR) Options](/docs/privilegesecurediscovery/requirements/haanddr.md) + - [High Availability (HA) and Disaster Recovery (DR) Options](./haanddr.md) Privilege Secure Deployed on VMWare OR Cloud (Azure, AWS, GCP) @@ -141,7 +141,7 @@ configured as service accounts to disallow interactive logon and be set with com **All** accounts are required for configuring the domain to be scanned and protected within Privilege Secure. More information can be found here: -[Service Accounts](/docs/privilegesecurediscovery/requirements/technicalpreparation/serviceaccounts.md) +[Service Accounts](./technicalpreparation/serviceaccounts.md) **NOTE:** We require a static DC to ensure S1 can correctly detect and account for changes made to Groups, OUs, Users, etc. A load balanced connection will cause group updates to not be recognized @@ -162,9 +162,9 @@ required uses Group Policy Preferences (GPP). There are separate guides dependin Controller version.  - 2008-2012 Domain Controllers – - [Scan GPO Guide (Server 2012 or 2008 Domain Controllers)](/docs/privilegesecurediscovery/requirements/technicalpreparation/scangposerver2012or2008dcs.md) + [Scan GPO Guide (Server 2012 or 2008 Domain Controllers)](./technicalpreparation/scangposerver2012or2008dcs.md) - 2016+ Domain Controllers – - [Scan GPO Guide (Server 2016+ Domain Controllers)](/docs/privilegesecurediscovery/requirements/technicalpreparation/scangposerver2016+dcs.md) + [Scan GPO Guide (Server 2016+ Domain Controllers)](./technicalpreparation/scangposerver2016+dcs.md) Microsoft by default (Windows 2016 & Windows 10 Creators Edition or later) restricted the ability to remotely enumerate members of local groups including the local Administrators group. Older operating @@ -242,7 +242,7 @@ Bulk Actions - Operations currently supported: JITA, Scan Mode, Protect Mode, Scan Systems, Set EDR Config, Set OAM, Set Accounts Persistent, Add/Update Account, Remove Account - More information and instruction can be found here: - [Bulk Actions](/docs/privilegesecurediscovery/administration/systemmanagement/bulkactions.md) + [Bulk Actions](../administration/systemmanagement/bulkactions.md) QuickStart @@ -254,7 +254,7 @@ QuickStart - Historical solution for managing endpoints en masse. - Supports JITA, Scan Mode, Protect Mode, OAM, EDR, Linux Registration, etc. More information can be found here: - [QuickStart Advanced Fields](/docs/privilegesecurediscovery/administration/configuration/advancedfields.md) + [QuickStart Advanced Fields](../administration/configuration/advancedfields.md) API @@ -263,10 +263,10 @@ API - Any individual action in the UI can be accomplished via the API. - The Privilege Secure API documentation can be found here: - [API Key Management](/docs/privilegesecurediscovery/integrations/api/apikeymanagement.md), - [API Key Revocation](/docs/privilegesecurediscovery/integrations/api/apikeyrevocation.md). + [API Key Management](../integrations/api/apikeymanagement.md), + [API Key Revocation](../integrations/api/apikeyrevocation.md). Additional information on the Advanced API is available - here:[Advanced API Reference](/docs/privilegesecurediscovery/integrations/api/advancedapireference.md) + here:[Advanced API Reference](../integrations/api/advancedapireference.md) ### Supported endpoint OS versions @@ -300,12 +300,14 @@ additional PAM agent. More information can be found below: -- [Carbon Black](/docs/privilegesecurediscovery/integrations/edr/carbonblack.md) -- [CrowdStrike](/docs/privilegesecurediscovery/integrations/edr/crowdstrike.md) -- [SentinelOne](/docs/privilegesecurediscovery/integrations/edr/sentinelone.md) +- [Carbon Black](../integrations/edr/carbonblack.md) +- [CrowdStrike](../integrations/edr/crowdstrike.md) +- [SentinelOne](../integrations/edr/sentinelone.md) ### Additional Resources -- [Architectue Overview](/docs/privilegesecurediscovery/requirements/architectureoverview.md) -- [Port, Firewall, and Datacenter Requirements](/docs/privilegesecurediscovery/requirements/portsandfirewalls.md) -- [High Availability (HA) and Disaster Recovery (DR) Options](/docs/privilegesecurediscovery/requirements/haanddr.md) +- [Architectue Overview](./architectureoverview.md) +- [Port, Firewall, and Datacenter Requirements](./portsandfirewalls.md) +- [High Availability (HA) and Disaster Recovery (DR) Options](./haanddr.md) + + diff --git a/docs/privilegesecurediscovery/requirements/portsandfirewalls.md b/docs/privilegesecurediscovery/2.22/requirements/portsandfirewalls.md similarity index 100% rename from docs/privilegesecurediscovery/requirements/portsandfirewalls.md rename to docs/privilegesecurediscovery/2.22/requirements/portsandfirewalls.md diff --git a/docs/privilegesecurediscovery/requirements/serverstoragesizing.md b/docs/privilegesecurediscovery/2.22/requirements/serverstoragesizing.md similarity index 100% rename from docs/privilegesecurediscovery/requirements/serverstoragesizing.md rename to docs/privilegesecurediscovery/2.22/requirements/serverstoragesizing.md diff --git a/docs/privilegesecurediscovery/requirements/supportedosandbrowsers.md b/docs/privilegesecurediscovery/2.22/requirements/supportedosandbrowsers.md similarity index 97% rename from docs/privilegesecurediscovery/requirements/supportedosandbrowsers.md rename to docs/privilegesecurediscovery/2.22/requirements/supportedosandbrowsers.md index 6be9be2429..5ccbfac682 100644 --- a/docs/privilegesecurediscovery/requirements/supportedosandbrowsers.md +++ b/docs/privilegesecurediscovery/2.22/requirements/supportedosandbrowsers.md @@ -30,8 +30,8 @@ the OS requirements, please reach out to Netwrix Support. | Debian 7 | Netwrix AWS | Success | | | Debian 11 | Netwrix AWS | Success | | | Windows | | | | -| Windows XP and onwards | Netwrix AWS | Success | Netwrix cannot guarantee support of Kerberos for out-of-support versions of Windows. See the [SASL Kerberos](/docs/privilegesecurediscovery/administration/configuration/saslkerberos.md) topic for additional information. | -| Windows Server 2003 and Netwrix cannot guarantee support of Kerberos for out-of-support versions of Windows.onwards | Netwrix AWS | Success | Netwrix cannot guarantee support of Kerberos for out-of-support versions of Windows. See the [SASL Kerberos](/docs/privilegesecurediscovery/administration/configuration/saslkerberos.md) topic for additional information. | +| Windows XP and onwards | Netwrix AWS | Success | Netwrix cannot guarantee support of Kerberos for out-of-support versions of Windows. See the [SASL Kerberos](../administration/configuration/saslkerberos.md) topic for additional information. | +| Windows Server 2003 and Netwrix cannot guarantee support of Kerberos for out-of-support versions of Windows.onwards | Netwrix AWS | Success | Netwrix cannot guarantee support of Kerberos for out-of-support versions of Windows. See the [SASL Kerberos](../administration/configuration/saslkerberos.md) topic for additional information. | ## Browser Requirements @@ -39,3 +39,5 @@ Privilege Secure requires a Chromium based browser. Microsoft Edge was originall non-chromium browser but has since been refactored to be Chromium based (In June 2020, Microsoft began automatic rollout of Chromium-based Edge via Windows Update for Windows 7, 8.1, and all Windows 10 versions from version 1803 to version 2004). + + diff --git a/docs/privilegesecurediscovery/requirements/technicalpreparation/_category_.json b/docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/_category_.json similarity index 100% rename from docs/privilegesecurediscovery/requirements/technicalpreparation/_category_.json rename to docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/_category_.json diff --git a/docs/privilegesecurediscovery/requirements/technicalpreparation/accountsecurity.md b/docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/accountsecurity.md similarity index 100% rename from docs/privilegesecurediscovery/requirements/technicalpreparation/accountsecurity.md rename to docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/accountsecurity.md diff --git a/docs/privilegesecurediscovery/requirements/technicalpreparation/freeze_mode.md b/docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/freeze_mode.md similarity index 100% rename from docs/privilegesecurediscovery/requirements/technicalpreparation/freeze_mode.md rename to docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/freeze_mode.md diff --git a/docs/privilegesecurediscovery/requirements/technicalpreparation/golivechecklist.md b/docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/golivechecklist.md similarity index 100% rename from docs/privilegesecurediscovery/requirements/technicalpreparation/golivechecklist.md rename to docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/golivechecklist.md diff --git a/docs/privilegesecurediscovery/requirements/technicalpreparation/info_-_what's_different_about_domain_controllers.md b/docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/info_-_what's_different_about_domain_controllers.md similarity index 100% rename from docs/privilegesecurediscovery/requirements/technicalpreparation/info_-_what's_different_about_domain_controllers.md rename to docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/info_-_what's_different_about_domain_controllers.md diff --git a/docs/privilegesecurediscovery/requirements/technicalpreparation/linuxregistrationsprerequisites.md b/docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/linuxregistrationsprerequisites.md similarity index 96% rename from docs/privilegesecurediscovery/requirements/technicalpreparation/linuxregistrationsprerequisites.md rename to docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/linuxregistrationsprerequisites.md index bef93cfa17..70700db90d 100644 --- a/docs/privilegesecurediscovery/requirements/technicalpreparation/linuxregistrationsprerequisites.md +++ b/docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/linuxregistrationsprerequisites.md @@ -93,8 +93,10 @@ are more distributions of Linux supported by Privilege Secure. The full list is Guide on registering linux system with Postman (using API) -- [Postman Linux Registration](/docs/privilegesecurediscovery/requirements/technicalpreparation/postmanlinuxregistration.md) +- [Postman Linux Registration](./postmanlinuxregistration.md) Guide on registering linux system with QuickStart -- [Linux Simplified - 2.18+](/docs/privilegesecurediscovery/administration/configuration/linuxsimplified2.18+.md) +- [Linux Simplified - 2.18+](../../administration/configuration/linuxsimplified2.18+.md) + + diff --git a/docs/privilegesecurediscovery/requirements/technicalpreparation/postman_-_installing_and_configuring_.md b/docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/postman_-_installing_and_configuring_.md similarity index 100% rename from docs/privilegesecurediscovery/requirements/technicalpreparation/postman_-_installing_and_configuring_.md rename to docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/postman_-_installing_and_configuring_.md diff --git a/docs/privilegesecurediscovery/requirements/technicalpreparation/postmanlinuxregistration.md b/docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/postmanlinuxregistration.md similarity index 95% rename from docs/privilegesecurediscovery/requirements/technicalpreparation/postmanlinuxregistration.md rename to docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/postmanlinuxregistration.md index b70376a424..fe1a9281bc 100644 --- a/docs/privilegesecurediscovery/requirements/technicalpreparation/postmanlinuxregistration.md +++ b/docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/postmanlinuxregistration.md @@ -17,7 +17,7 @@ files locate in /etc/sudoers.d) into the /etc/sudoers file, and disable sudo per acquired from those sources. Linux registration -prerequisites: [Linux Registrations Prerequisites](/docs/privilegesecurediscovery/requirements/technicalpreparation/linuxregistrationsprerequisites.md) +prerequisites: [Linux Registrations Prerequisites](./linuxregistrationsprerequisites.md) ## Adding Linux Machines to Privilege Secure @@ -69,3 +69,5 @@ script provided by the Remediant team. Using a spreadsheet as an input, it is po many Linux devices at once in a scripted fashion. **NOTE:** Linux passwords and usernames are case sensitive. + + diff --git a/docs/privilegesecurediscovery/requirements/technicalpreparation/productmodeaccount.md b/docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/productmodeaccount.md similarity index 100% rename from docs/privilegesecurediscovery/requirements/technicalpreparation/productmodeaccount.md rename to docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/productmodeaccount.md diff --git a/docs/privilegesecurediscovery/requirements/technicalpreparation/proxyfirewallwhitelist.md b/docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/proxyfirewallwhitelist.md similarity index 100% rename from docs/privilegesecurediscovery/requirements/technicalpreparation/proxyfirewallwhitelist.md rename to docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/proxyfirewallwhitelist.md diff --git a/docs/privilegesecurediscovery/requirements/technicalpreparation/riskregister.md b/docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/riskregister.md similarity index 100% rename from docs/privilegesecurediscovery/requirements/technicalpreparation/riskregister.md rename to docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/riskregister.md diff --git a/docs/privilegesecurediscovery/requirements/technicalpreparation/scangposerver2012or2008dcs.md b/docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/scangposerver2012or2008dcs.md similarity index 96% rename from docs/privilegesecurediscovery/requirements/technicalpreparation/scangposerver2012or2008dcs.md rename to docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/scangposerver2012or2008dcs.md index 6b87e013a3..b63dbe758f 100644 --- a/docs/privilegesecurediscovery/requirements/technicalpreparation/scangposerver2012or2008dcs.md +++ b/docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/scangposerver2012or2008dcs.md @@ -42,7 +42,7 @@ admin group. **NOTE:** For environments with any 2012 and 2008 domain controllers.  For environments with only Server 2016 only domain controllers, please see this -article:  [Scan GPO Guide (Server 2016+ Domain Controllers)](/docs/privilegesecurediscovery/requirements/technicalpreparation/scangposerver2016+dcs.md) +article:  [Scan GPO Guide (Server 2016+ Domain Controllers)](./scangposerver2016+dcs.md) Opening the “Group Policy Management Editor” and create or open a policy for the domain.  This GPO should be applied to servers and workstation to be managed by SecureONE. "Local Admin GPO" policy is @@ -94,3 +94,5 @@ If the policy was added to domain controller(s) by mistake, to remove this setti - Delete this registry key from all affected domain controllers: - HKLM\SYSTEM\CurrentControlSet\Control\Lsa\restrictremotesam + + diff --git a/docs/privilegesecurediscovery/requirements/technicalpreparation/scangposerver2016+dcs.md b/docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/scangposerver2016+dcs.md similarity index 96% rename from docs/privilegesecurediscovery/requirements/technicalpreparation/scangposerver2016+dcs.md rename to docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/scangposerver2016+dcs.md index 47f07a98f7..4e7da62493 100644 --- a/docs/privilegesecurediscovery/requirements/technicalpreparation/scangposerver2016+dcs.md +++ b/docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/scangposerver2016+dcs.md @@ -47,7 +47,7 @@ members. **NOTE:** For environments with any 2012 and 2008 domain controllers, please see this article: -- [Scan GPO Guide (Server 2012 or 2008 Domain Controllers)](/docs/privilegesecurediscovery/requirements/technicalpreparation/scangposerver2012or2008dcs.md) +- [Scan GPO Guide (Server 2012 or 2008 Domain Controllers)](./scangposerver2012or2008dcs.md) Opening the “Group Policy Management Editor” and create or open a policy for the domain.  This GPO policy should be applied to servers and workstation to be managed by Privilege Secure.  "Privilege @@ -100,3 +100,5 @@ If the policy was added to domain controller(s) by mistake, to remove this setti - Delete this registry key from all affected domain controllers: - HKLM\SYSTEM\CurrentControlSet\Control\Lsa\restrictremotesam + + diff --git a/docs/privilegesecurediscovery/requirements/technicalpreparation/serviceaccounts.md b/docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/serviceaccounts.md similarity index 100% rename from docs/privilegesecurediscovery/requirements/technicalpreparation/serviceaccounts.md rename to docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/serviceaccounts.md diff --git a/docs/privilegesecurediscovery/requirements/virtualmachines.md b/docs/privilegesecurediscovery/2.22/requirements/virtualmachines.md similarity index 94% rename from docs/privilegesecurediscovery/requirements/virtualmachines.md rename to docs/privilegesecurediscovery/2.22/requirements/virtualmachines.md index 540bfcc0b6..f98246c1c7 100644 --- a/docs/privilegesecurediscovery/requirements/virtualmachines.md +++ b/docs/privilegesecurediscovery/2.22/requirements/virtualmachines.md @@ -54,8 +54,10 @@ Privilege Secure. Further information for storage small environments can be found here: -[](https://remediant.zendesk.com/hc/en-us/articles/360059753713-Info-Server-Sizing)[Server Storage Sizing](/docs/privilegesecurediscovery/requirements/serverstoragesizing.md) +[](https://remediant.zendesk.com/hc/en-us/articles/360059753713-Info-Server-Sizing)[Server Storage Sizing](./serverstoragesizing.md) **NOTE:** Bandwidth: We roughly estimate 0.3 to 0.5 Mbps per endpoint. As an example for 30,000 endpoints expect to use 50-100GB per month. This is a general guideline and not a hard set value. Amounts may vary depending on use and other factors. + + diff --git a/sidebars/privilegesecurediscovery/2.22.js b/sidebars/privilegesecurediscovery/2.22.js new file mode 100644 index 0000000000..f4e8941a40 --- /dev/null +++ b/sidebars/privilegesecurediscovery/2.22.js @@ -0,0 +1,8 @@ +module.exports = { + sidebar: [ + { + type: 'autogenerated', + dirName: '.', + }, + ], +}; diff --git a/src/config/products.js b/src/config/products.js index 1952c00f9e..09c8542fa7 100644 --- a/src/config/products.js +++ b/src/config/products.js @@ -521,12 +521,13 @@ export const PRODUCTS = [ icon: '', versions: [ { - version: 'current', - label: 'current', + version: '2.22', + label: '2.22', isLatest: true, - sidebarFile: './sidebars/privilegesecurediscovery.js', + sidebarFile: './sidebars/privilegesecurediscovery/2.22.js', }, ], + defaultVersion: '2.22', }, { id: 'recoveryforactivedirectory', From cc8cd14aa36d65aa91b5d4d136300d8700ad2bf9 Mon Sep 17 00:00:00 2001 From: TM-PO-Netwrix Date: Tue, 17 Mar 2026 16:12:12 +0100 Subject: [PATCH 03/13] Adjust PSD wording for Dale review --- .../administration/configuration/applyserviceaccount.md | 2 +- .../2.22/administration/configuration/linuxandad.md | 4 ++-- .../2.22/administration/configuration/logchanges2.20.md | 4 ++-- .../2.22/administration/configuration/quickstartscript.md | 2 +- .../administration/configuration/removepersistence.md | 4 ++-- .../2.22/administration/configuration/sessiontimeouts.md | 2 +- .../2.22/administration/configuration/uibranding.md | 2 +- .../administration/configuration/webservercertificate.md | 4 ++-- .../2.22/administration/onpremmaintenance/operational.md | 2 +- .../administration/reporting/systemmanagementscreen.md | 2 +- .../2.22/administration/systemmanagement/403zerousns.md | 2 +- .../2.22/administration/systemmanagement/oamextended.md | 8 ++++---- .../2.22/integrations/api/advancedapireference.md | 2 +- .../2.22/integrations/api/apikeymanagement.md | 2 +- .../2.22/integrations/edr/sentinelone.md | 2 +- .../2.22/requirements/technicalpreparation/freeze_mode.md | 2 +- .../technicalpreparation/postmanlinuxregistration.md | 2 +- .../requirements/technicalpreparation/serviceaccounts.md | 2 +- 18 files changed, 25 insertions(+), 25 deletions(-) diff --git a/docs/privilegesecurediscovery/2.22/administration/configuration/applyserviceaccount.md b/docs/privilegesecurediscovery/2.22/administration/configuration/applyserviceaccount.md index 8ab6a6584b..a2c7ce6e86 100644 --- a/docs/privilegesecurediscovery/2.22/administration/configuration/applyserviceaccount.md +++ b/docs/privilegesecurediscovery/2.22/administration/configuration/applyserviceaccount.md @@ -13,7 +13,7 @@ Apply a Service Account from an existing AD group Directly to a Machine ## Overview All interactive accounts should not have standing privilege, instead these should be using Privilege -Secure to elevate access when required. This is easy to arrange with Privilege Secure. These +Secure to elevate access when required. This can be arranged with Privilege Secure. These interactive groups should be set as non-persistent. However, sometimes interactive and non-interactive (service) accounts exist in the same group. In this case removing the persistence of the group would break any process or application that is using the service account. The purpose of diff --git a/docs/privilegesecurediscovery/2.22/administration/configuration/linuxandad.md b/docs/privilegesecurediscovery/2.22/administration/configuration/linuxandad.md index 530a2468f5..74b83275d6 100644 --- a/docs/privilegesecurediscovery/2.22/administration/configuration/linuxandad.md +++ b/docs/privilegesecurediscovery/2.22/administration/configuration/linuxandad.md @@ -18,7 +18,7 @@ acquired from those sources.ux and Active Directory ## Approach to Linux -Netwrix believes that Just-In-Time privileged access should be easy to deliver and work well with +Netwrix believes that Just-In-Time privileged access should work well with modern IT practices. We've designed our Linux privileged access solution to fit into common on-prem, hybrid and @@ -44,7 +44,7 @@ local accounts or AD Directory accounts, we have you covered. - Lightweight & Powerful - Scans, parses and stores privileged access permissions centrally - Simple reporting on every account with privileged access - - View the specific privileged access of a user of group simply - no need to understand Sudo + - View the specific privileged access of a user or group without needing to understand Sudo syntax - Skilled Linux admins can use the full capability of Sudo without interference diff --git a/docs/privilegesecurediscovery/2.22/administration/configuration/logchanges2.20.md b/docs/privilegesecurediscovery/2.22/administration/configuration/logchanges2.20.md index 856073bf8c..163e62a92c 100644 --- a/docs/privilegesecurediscovery/2.22/administration/configuration/logchanges2.20.md +++ b/docs/privilegesecurediscovery/2.22/administration/configuration/logchanges2.20.md @@ -22,9 +22,9 @@ organization is using for reporting or in their SIEM. message - all other log fields that had a string value starting with "Exception: " now have subfields with error type and message -- change the log message that was simply "Exception: " to "Exception in Windows scan." +- change the log message that was only "Exception: " to "Exception in Windows scan." -**NOTE:** There may still be log messages that are simply "Exception: " in other places, where the +**NOTE:** There may still be log messages that are only "Exception: " in other places, where the exception does not have a message. Example 1: diff --git a/docs/privilegesecurediscovery/2.22/administration/configuration/quickstartscript.md b/docs/privilegesecurediscovery/2.22/administration/configuration/quickstartscript.md index 11cbcc5860..489e0afcb8 100644 --- a/docs/privilegesecurediscovery/2.22/administration/configuration/quickstartscript.md +++ b/docs/privilegesecurediscovery/2.22/administration/configuration/quickstartscript.md @@ -54,7 +54,7 @@ Notes: At this point you will need to generate an API Key within the UI. When you run the QuickStart script for the first time it will ask you input the API Key. We recommend storing this securely given the level of access it grants. **_Note: You will not be able to see the key again after closing the -dialogue box. If you did not save it, simply revoke the key in the UI and create a new one._** +dialogue box. If you did not save it, revoke the key in the UI and create a new one._** Next edit the reports\*.py and update the config block values to suite the environment and user. diff --git a/docs/privilegesecurediscovery/2.22/administration/configuration/removepersistence.md b/docs/privilegesecurediscovery/2.22/administration/configuration/removepersistence.md index 3c57a30db9..bcdb7efb77 100644 --- a/docs/privilegesecurediscovery/2.22/administration/configuration/removepersistence.md +++ b/docs/privilegesecurediscovery/2.22/administration/configuration/removepersistence.md @@ -67,7 +67,7 @@ continue to run. Applying these service accounts directly to the machines that they exist on as part of the interactive -group can easily be done by Quickstart. The method for carrying this out is detailed in the +group can be done by using Quickstart. The method for carrying this out is detailed in the “Applying a Service Account Directly to a Machine” article ([](https://remediant.zendesk.com/hc/en-us/articles/4995338773655-Applying-a-Service-Account-from-an-existing-AD-group-Directly-to-a-Machine)[Apply a Service Account from an existing AD group Directly to a Machine](./applyserviceaccount.md)). @@ -94,7 +94,7 @@ This produces an Excel file with two tabs, Computer Data and Admin List. ### Update Quickstart File -Updating the excel file to remove persistence is easy. Using the Admin List tab, filter for the +Updating the excel file to remove persistence is straightforward. Using the Admin List tab, filter for the group that needs persistence to be reverted, in this case Domain Admins. diff --git a/docs/privilegesecurediscovery/2.22/administration/configuration/sessiontimeouts.md b/docs/privilegesecurediscovery/2.22/administration/configuration/sessiontimeouts.md index c3892de180..89b08ba895 100644 --- a/docs/privilegesecurediscovery/2.22/administration/configuration/sessiontimeouts.md +++ b/docs/privilegesecurediscovery/2.22/administration/configuration/sessiontimeouts.md @@ -24,7 +24,7 @@ Summary when the user is logged out or the system reboots. Cached credentials are generally valid until the user password is changed. - This behavior can create confusion because with respect to remote connections, the session must be - explicitly logged out and not simply disconnected in order for the session with the privilege to + explicitly logged out and not disconnected in order for the session with the privilege to truly be terminated, **regardless** of the method used to interface with the Windows endpoint. Problem Statement diff --git a/docs/privilegesecurediscovery/2.22/administration/configuration/uibranding.md b/docs/privilegesecurediscovery/2.22/administration/configuration/uibranding.md index 13718b2c71..c7676928b8 100644 --- a/docs/privilegesecurediscovery/2.22/administration/configuration/uibranding.md +++ b/docs/privilegesecurediscovery/2.22/administration/configuration/uibranding.md @@ -49,5 +49,5 @@ especially helpful to ensure changes are made to the correct environment. ![Screen_Shot_2022-06-03_at_9.34.L07_AM.webp](/images/privilegesecure/4.2/discovery/admin/configuration/6472930856855_screen_shot_2022-06-03_at_9.34.07_am.webp) -The defaults are easily updated as needed. No services need to be restarted or changed for this to +The default settings can be updated as needed. No services need to be restarted or changed for this to take effect. Once you hit the save icon it will take immediate effect. diff --git a/docs/privilegesecurediscovery/2.22/administration/configuration/webservercertificate.md b/docs/privilegesecurediscovery/2.22/administration/configuration/webservercertificate.md index 2a23a900f6..ab4569890d 100644 --- a/docs/privilegesecurediscovery/2.22/administration/configuration/webservercertificate.md +++ b/docs/privilegesecurediscovery/2.22/administration/configuration/webservercertificate.md @@ -13,7 +13,7 @@ Create Web Server Certificate with SANs ## SSL Installation Most of our customers will wish to install a proper web server certificate on their Privilege Secure -application. This ensures a safe and easy user experience for users and admins of Privilege Secure, +application. This helps provide a safe user experience for users and admins of Privilege Secure, by eliminating any SSL handshake errors received when they try to connect via a web browser to the Privilege Secure UI. @@ -134,7 +134,7 @@ of SSL on a server. What are PFX and PEM Files? PEM or Privacy Enhanced Mail is a Base64 encoded DER certificate. PEM certificates are frequently -used for web servers as they can easily be translated into readable data using a simple text editor. +used for web servers because they can be translated into readable data using a simple text editor. Generally when a PEM encoded file is opened in a text editor, it contains very distinct headers and footers. Process: diff --git a/docs/privilegesecurediscovery/2.22/administration/onpremmaintenance/operational.md b/docs/privilegesecurediscovery/2.22/administration/onpremmaintenance/operational.md index fd26f43c06..d0eccd89e2 100644 --- a/docs/privilegesecurediscovery/2.22/administration/onpremmaintenance/operational.md +++ b/docs/privilegesecurediscovery/2.22/administration/onpremmaintenance/operational.md @@ -63,7 +63,7 @@ Test (suggested minimum yearly) ## Run Quickstart to Review Protect Mode and Persistence (suggested weekly) - Quickstart should be run frequently to ensure that all machines remain in protect mode. The output - from Quickstart can easily be filtered for any machines that do not show in protect mode. This + from Quickstart can be filtered for any machines that do not show in protect mode. This ensures that the build process and addition or protect mode is being executed as expected. - Quickstart can also be used for a review of persistent access. This should be minimized to service accounts. A review to look for user accounts set to persistent should be carried out. If these are diff --git a/docs/privilegesecurediscovery/2.22/administration/reporting/systemmanagementscreen.md b/docs/privilegesecurediscovery/2.22/administration/reporting/systemmanagementscreen.md index 4f096edc75..ab8d224587 100644 --- a/docs/privilegesecurediscovery/2.22/administration/reporting/systemmanagementscreen.md +++ b/docs/privilegesecurediscovery/2.22/administration/reporting/systemmanagementscreen.md @@ -36,4 +36,4 @@ system to update the configuration and inventory of the system as required. ![Screen_Shot_2021-11-16_at_7.22.L02_PM.webp](/images/privilegesecure/4.2/discovery/admin/reporting/4413252324887_screen_shot_2021-11-16_at_7.22.02_pm.webp) -These shortcuts can also be bookmarked for easy access to the system required. +These shortcuts can also be bookmarked for quicker access to the required system. diff --git a/docs/privilegesecurediscovery/2.22/administration/systemmanagement/403zerousns.md b/docs/privilegesecurediscovery/2.22/administration/systemmanagement/403zerousns.md index dfa2dd7305..125dd5bfd2 100644 --- a/docs/privilegesecurediscovery/2.22/administration/systemmanagement/403zerousns.md +++ b/docs/privilegesecurediscovery/2.22/administration/systemmanagement/403zerousns.md @@ -14,7 +14,7 @@ Privilege Secure must point to a single Domain Controller (DC). This is because uses the USN values from Active Directory to determine when a group has been changed. These do no propagate between DCs. -When a DC is unavailable a new one can easily be connected to using the Privilege Secure UI. +When a DC is unavailable, a new one can be connected to by using the Privilege Secure UI. However, when this occurs, if the USN number is lower, Privilege Secure will not be aware of changes to groups. This will impact access from changed groups. diff --git a/docs/privilegesecurediscovery/2.22/administration/systemmanagement/oamextended.md b/docs/privilegesecurediscovery/2.22/administration/systemmanagement/oamextended.md index 3ef77aaff9..29e4ca1c67 100644 --- a/docs/privilegesecurediscovery/2.22/administration/systemmanagement/oamextended.md +++ b/docs/privilegesecurediscovery/2.22/administration/systemmanagement/oamextended.md @@ -37,8 +37,8 @@ It automates the coordination of: - Disabling the built-in administrator account. - Rotation and management of passwords of those accounts. -It provides a range of configuration settings which can be as simple as just enabling a single “Best -Practices” configuration, or simply “Manage the Built-in Account”, or configure fine grained +It provides a range of configuration settings which can start with enabling a single “Best +Practices” configuration, or “Manage the Built-in Account”, or configure fine grained settings as desired with a “Custom” strategy. These settings may be set: @@ -219,7 +219,7 @@ The screenshot below shows access using Postman to test access to the API end-po ## Querying the database by OAM policy settings -When the OAM policy is set, even though it may be possible to simply set a `Strategy` option of say +When the OAM policy is set, even though it may be possible to set a `Strategy` option of say `'os-best-practice'` or `'managed-built-in'`, the default fine-grained policy options will be persisted to the database so that querying the data is simple. @@ -238,7 +238,7 @@ option `true`. db.getCollection("ldap_store").find( { "config.policies.offline_access_management.enabled": true, "config.policies.offline_access_management.disable_built_in_admin": true }) ``` -It is important to note that while an OAM policy can simply be set to just +It is important to note that while an OAM policy can be set to s`trategy:"os-best-practice"`, it is also possible to set `strategy:"custom"` with ALL of the same best practice options. So, querying by options is preferable to querying by strategy alone. The following correctly retrieves the systems which follow best practices. diff --git a/docs/privilegesecurediscovery/2.22/integrations/api/advancedapireference.md b/docs/privilegesecurediscovery/2.22/integrations/api/advancedapireference.md index e9523c66b9..92e9f1ace8 100644 --- a/docs/privilegesecurediscovery/2.22/integrations/api/advancedapireference.md +++ b/docs/privilegesecurediscovery/2.22/integrations/api/advancedapireference.md @@ -70,7 +70,7 @@ The Privilege Secure Advanced API: - A user may not select private fields (schema has select:false, or when we select certain fields in the schema hooks) -**NOTE:** Select could be enhanced, relatively easily, to allow for dropping fields from the default +**NOTE:** Select could be enhanced to allow for dropping fields from the default selection. ex. `?select=-foo,-bar` ## Queries diff --git a/docs/privilegesecurediscovery/2.22/integrations/api/apikeymanagement.md b/docs/privilegesecurediscovery/2.22/integrations/api/apikeymanagement.md index 59c74656f6..04129d6f72 100644 --- a/docs/privilegesecurediscovery/2.22/integrations/api/apikeymanagement.md +++ b/docs/privilegesecurediscovery/2.22/integrations/api/apikeymanagement.md @@ -35,5 +35,5 @@ be displayed. ## Revoking API Keys -Revoking an API Key is easily handled through the UI. The column "last accessed date" can be useful +API Keys can be revoked through the UI. The column "last accessed date" can be useful in identifying unused keys. diff --git a/docs/privilegesecurediscovery/2.22/integrations/edr/sentinelone.md b/docs/privilegesecurediscovery/2.22/integrations/edr/sentinelone.md index feae83df0e..c611f3eae1 100644 --- a/docs/privilegesecurediscovery/2.22/integrations/edr/sentinelone.md +++ b/docs/privilegesecurediscovery/2.22/integrations/edr/sentinelone.md @@ -53,7 +53,7 @@ instead it would need to be revoked and recreated: ### Account ID -Next the Account ID would be required this is easily accessible by selecting the Accounts option at +Next the Account ID is required. It is available by selecting the Accounts option at the  top from the Settings menu. ![Screen_Shot_2022-10-10_at_10.18.L06_AM.webp](/images/privilegesecure/4.2/discovery/integrations/edr/4406186645143_screen_shot_2022-10-10_at_10.18.06_am.webp) diff --git a/docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/freeze_mode.md b/docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/freeze_mode.md index 9f531ca1f9..d0c80647b4 100644 --- a/docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/freeze_mode.md +++ b/docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/freeze_mode.md @@ -178,7 +178,7 @@ We can update to remove persistence on a single machine through the UI by using ![LScreenshot_2022-03-30_211436.webp](/images/privilegesecure/4.2/discovery/4412001676439_screenshot_2022-03-30_211436_199x110.webp) -This only forces the users of the DBA group to go through Privilege Secure on this ONE server. This would leave this group (the DBA administrators) in a mix of using Privilege Secure for some server and not others. It is better to remove persistence for ALL machines that have the DBA_Admins group. This can easily be achieved using Quickstart. Once this is done all the DBA Administrators will go through Privilege Secure for the servers that they need access to. Optionally a review and approval of the users who exist in the targeted group can also be carried out in conjunction with the owner of the group (machines that this group applies to can be shared with group and machine owners as required) +This only forces the users of the DBA group to go through Privilege Secure on this ONE server. This would leave this group (the DBA administrators) in a mix of using Privilege Secure for some server and not others. It is better to remove persistence for ALL machines that have the DBA_Admins group. This can be achieved using Quickstart. Once this is done all the DBA Administrators will go through Privilege Secure for the servers that they need access to. Optionally a review and approval of the users who exist in the targeted group can also be carried out in conjunction with the owner of the group (machines that this group applies to can be shared with group and machine owners as required) The updates to the Quickstart spreadsheet would be as follows: diff --git a/docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/postmanlinuxregistration.md b/docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/postmanlinuxregistration.md index fe1a9281bc..ca330be1a8 100644 --- a/docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/postmanlinuxregistration.md +++ b/docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/postmanlinuxregistration.md @@ -28,7 +28,7 @@ Use Postman to craft the following GET: https:///api/v1/ping ``` -The response coming back should simply be “pong” if the API connection is intact. Modify the POST +The response coming back should be “pong” if the API connection is intact. Modify the POST string in the URL field to read the following: ![LRegister_device_URL.webp](/images/privilegesecure/4.2/discovery/admin/systemmanagement/360022103414_register_device_url_632x71.webp) diff --git a/docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/serviceaccounts.md b/docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/serviceaccounts.md index b09e1425a1..e8fc193785 100644 --- a/docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/serviceaccounts.md +++ b/docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/serviceaccounts.md @@ -75,5 +75,5 @@ alone, having a separate account for scanning is recommended so that the roles o the configured environment are clearly delineated.  In addition, because the Protect Mode account is a privileged account on the domain, it does and should have greater capabilities than the Scan Mode account, with greater attention paid to it.  If the same account is used for both Scan and Protect -Mode, this can easily lead to accidentally setting entire domains to enforce Protect Mode before the +Mode, this can lead to accidentally setting entire domains to enforce Protect Mode before the correct preparations have been made, with potentially disastrous consequences for an organization. From b61c5611a86089412aec3cba5d71a146283780e9 Mon Sep 17 00:00:00 2001 From: TM-PO-Netwrix Date: Tue, 17 Mar 2026 16:24:03 +0100 Subject: [PATCH 04/13] Refine PSD wording for remaining Dale findings --- .../2.22/administration/configuration/configureadfs.md | 4 ++-- .../2.22/administration/configuration/duoaccessgateway.md | 2 +- .../2.22/administration/configuration/linux.md | 2 +- .../2.22/administration/systemmanagement/bulkactions.md | 4 ++-- .../2.22/administration/systemmanagement/linuxandmac.md | 2 +- .../2.22/administration/systemmanagement/removeasystem.md | 2 +- .../2.22/integrations/edr/sentinelone.md | 4 ++-- .../technicalpreparation/postmanlinuxregistration.md | 2 +- 8 files changed, 11 insertions(+), 11 deletions(-) diff --git a/docs/privilegesecurediscovery/2.22/administration/configuration/configureadfs.md b/docs/privilegesecurediscovery/2.22/administration/configuration/configureadfs.md index 9c27ec3c44..c8d286a889 100644 --- a/docs/privilegesecurediscovery/2.22/administration/configuration/configureadfs.md +++ b/docs/privilegesecurediscovery/2.22/administration/configuration/configureadfs.md @@ -35,8 +35,8 @@ as see in the example below.  It should be entered as a lower case d. **Step 1 –** Navigate to **Configure** > **Server**. -**Step 2 –** As Privilege Secure is unable to perform Service Provider initiated (SP-initiated) -logon, you must specified an Identity Provider initiated (IdP-intiatied) URL. +**Step 2 –** Privilege Secure uses an Identity Provider initiated (IdP-intiatied) URL for this +configuration, so specify the IdP-initiated URL here. - Entrypoint: `https:///adfs/ls/idpinitiatedsignon.aspx?LoginToRP=https://SecureONE_URL` - Issuer: `http://ADFS_URL/adfs/services/trust` diff --git a/docs/privilegesecurediscovery/2.22/administration/configuration/duoaccessgateway.md b/docs/privilegesecurediscovery/2.22/administration/configuration/duoaccessgateway.md index 25fd7c7164..4523e26b13 100644 --- a/docs/privilegesecurediscovery/2.22/administration/configuration/duoaccessgateway.md +++ b/docs/privilegesecurediscovery/2.22/administration/configuration/duoaccessgateway.md @@ -57,7 +57,7 @@ file’ to get the file in JSON format. **Step 7 –** Add application, select choose file. -**Step 8 –** Locate the file you just downloaded and click ‘open’, then upload. +**Step 8 –** Locate the downloaded file and click ‘open’, then upload. **Step 9 –** Return to the **Duo Admin Panel.** diff --git a/docs/privilegesecurediscovery/2.22/administration/configuration/linux.md b/docs/privilegesecurediscovery/2.22/administration/configuration/linux.md index 25ff123bf9..f5dfc6d1d4 100644 --- a/docs/privilegesecurediscovery/2.22/administration/configuration/linux.md +++ b/docs/privilegesecurediscovery/2.22/administration/configuration/linux.md @@ -65,7 +65,7 @@ Linux JITA Session Behavior - Example entry into /etc/passwd for user ‘s1_user’: `s1_user:x:1005:1005:PrivilegeSecure AD Bridged Account:/home/s1_user:/bin/sh` - - User can then SSH to the linux box with just username (case sensitive), no domain required. + - User can then SSH to the linux box with the username only (case sensitive), with no domain required. - Privilege Secure also create an entry for that account in the `/etc/sudoers/` providing sudo capabilities. diff --git a/docs/privilegesecurediscovery/2.22/administration/systemmanagement/bulkactions.md b/docs/privilegesecurediscovery/2.22/administration/systemmanagement/bulkactions.md index 18ee341806..128c2a8642 100644 --- a/docs/privilegesecurediscovery/2.22/administration/systemmanagement/bulkactions.md +++ b/docs/privilegesecurediscovery/2.22/administration/systemmanagement/bulkactions.md @@ -31,7 +31,7 @@ machines, possibly by OU. ![screen_shot_2022-06-01_at_8](/images/privilegesecure/4.2/discovery/admin/systemmanagement/screen_shot_2022-06-01_at_8.22.45_am.webp) -When filtered, all of the machines can be selected, or just a few as desired. +When filtered, all of the machines can be selected, or a subset as desired. ![screen_shot_2022-06-01_at_8](/images/privilegesecure/4.2/discovery/admin/systemmanagement/screen_shot_2022-06-01_at_8.24.07_am.webp) @@ -61,7 +61,7 @@ Once the bulk action has been selected the specific configurations for that bulk ## Bulk Actions -Please note this is not an exhaustive representation of bulk actions, just a few that are relevant +Please note this is not an exhaustive representation of bulk actions, but a few examples that are relevant for getting setup and started. You can also use bulk actions for Linux endpoints, bulk expire and extend, and bulk archive and bulk restore. diff --git a/docs/privilegesecurediscovery/2.22/administration/systemmanagement/linuxandmac.md b/docs/privilegesecurediscovery/2.22/administration/systemmanagement/linuxandmac.md index b8595b0510..29ab4c2ed7 100644 --- a/docs/privilegesecurediscovery/2.22/administration/systemmanagement/linuxandmac.md +++ b/docs/privilegesecurediscovery/2.22/administration/systemmanagement/linuxandmac.md @@ -55,7 +55,7 @@ In either case, Privilege Secure does not store this password after issuing / up ## JWT access tokens in Privilege Secure -**CAUTION:** This is just a brief overview. For more information on how the JWT works, see +**CAUTION:** This is a brief overview. For more information on how the JWT works, see [jwt.io](https://jwt.io/). - A obtains an access token by calling an API endpoint on the Privilege Secure API: diff --git a/docs/privilegesecurediscovery/2.22/administration/systemmanagement/removeasystem.md b/docs/privilegesecurediscovery/2.22/administration/systemmanagement/removeasystem.md index a1b8c2fb97..f51af4c4ce 100644 --- a/docs/privilegesecurediscovery/2.22/administration/systemmanagement/removeasystem.md +++ b/docs/privilegesecurediscovery/2.22/administration/systemmanagement/removeasystem.md @@ -34,7 +34,7 @@ This article covers the proper sequence to remove Privilege Secure OAM and prote Privilege Secure now has no access to change local Administrators group. -**NOTE:** If you just remove the Privilege Secure service account from the system, one or more of +**NOTE:** If you remove only the Privilege Secure service account from the system, one or more of the following can result: - OAM alternate administrator account remains in the system diff --git a/docs/privilegesecurediscovery/2.22/integrations/edr/sentinelone.md b/docs/privilegesecurediscovery/2.22/integrations/edr/sentinelone.md index c611f3eae1..42cfc3db42 100644 --- a/docs/privilegesecurediscovery/2.22/integrations/edr/sentinelone.md +++ b/docs/privilegesecurediscovery/2.22/integrations/edr/sentinelone.md @@ -46,8 +46,8 @@ menu: ![Screen_Shot_2022-10-10_at_10.15.L37_AM.webp](/images/privilegesecure/4.2/discovery/integrations/edr/4406186645143_screen_shot_2022-10-10_at_10.15.37_am_420x358.webp) -The API key will only be displayed while it is visible on the screen. It cannot be recovered, -instead it would need to be revoked and recreated: +The API key will only be displayed while it is visible on the screen. After the UI is closed, revoke +the key and create a new one if you need another copy: ![Screen_Shot_2022-10-10_at_10.16.L00_AM.webp](/images/privilegesecure/4.2/discovery/integrations/edr/4406186645143_screen_shot_2022-10-10_at_10.16.00_am_392x224.webp) diff --git a/docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/postmanlinuxregistration.md b/docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/postmanlinuxregistration.md index ca330be1a8..b5cc152009 100644 --- a/docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/postmanlinuxregistration.md +++ b/docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/postmanlinuxregistration.md @@ -58,7 +58,7 @@ Bridging solution other than Privilege Secure.  Valid entries are:  centrify, ## Locating a Linux System in the UI In the Privilege Secure browser, navigate to the "Grant Access" page and search for the system that -was just added to confirm that is has been registered with Privilege Secure successfully. The Domain +was added to confirm that is has been registered with Privilege Secure successfully. The Domain will be: `NONE\` Once it has been verified that this account was added successfully, the template that was created From 57d960ab785839240f2c9ea46e6c93b711769fa9 Mon Sep 17 00:00:00 2001 From: TM-PO-Netwrix Date: Tue, 17 Mar 2026 16:32:58 +0100 Subject: [PATCH 05/13] Remove final Dale wording issues --- .../2.22/administration/configuration/removepersistence.md | 2 +- .../2.22/administration/systemmanagement/oamextended.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/privilegesecurediscovery/2.22/administration/configuration/removepersistence.md b/docs/privilegesecurediscovery/2.22/administration/configuration/removepersistence.md index bcdb7efb77..059f584f62 100644 --- a/docs/privilegesecurediscovery/2.22/administration/configuration/removepersistence.md +++ b/docs/privilegesecurediscovery/2.22/administration/configuration/removepersistence.md @@ -94,7 +94,7 @@ This produces an Excel file with two tabs, Computer Data and Admin List. ### Update Quickstart File -Updating the excel file to remove persistence is straightforward. Using the Admin List tab, filter for the +To update the excel file for removing persistence, use the Admin List tab and filter for the group that needs persistence to be reverted, in this case Domain Admins. diff --git a/docs/privilegesecurediscovery/2.22/administration/systemmanagement/oamextended.md b/docs/privilegesecurediscovery/2.22/administration/systemmanagement/oamextended.md index 29e4ca1c67..04214cbe59 100644 --- a/docs/privilegesecurediscovery/2.22/administration/systemmanagement/oamextended.md +++ b/docs/privilegesecurediscovery/2.22/administration/systemmanagement/oamextended.md @@ -29,7 +29,7 @@ disable the built-in administrator account. ## Main Document -Privilege Secures OAM feature provides a simple solution to manage offline access to local computer +Privilege Secures OAM feature provides a way to manage offline access to local computer administrator/root accounts on Windows. It automates the coordination of: From 2141bd6818fc7d73bd28fe7319071c7e265401aa Mon Sep 17 00:00:00 2001 From: TM-PO-Netwrix Date: Tue, 17 Mar 2026 16:43:05 +0100 Subject: [PATCH 06/13] Address additional Dale wording patterns --- .../2.22/administration/configuration/adfailover.md | 2 +- .../2.22/administration/systemmanagement/bulkactions.md | 2 +- .../2.22/administration/systemmanagement/commonuierrors.md | 4 ++-- .../2.22/requirements/technicalpreparation/freeze_mode.md | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/privilegesecurediscovery/2.22/administration/configuration/adfailover.md b/docs/privilegesecurediscovery/2.22/administration/configuration/adfailover.md index cd3d71c071..6c3c98f0db 100644 --- a/docs/privilegesecurediscovery/2.22/administration/configuration/adfailover.md +++ b/docs/privilegesecurediscovery/2.22/administration/configuration/adfailover.md @@ -80,7 +80,7 @@ domain **CAUTION:** This is not a `full_sync`! - `init_sync` will do a group flattening process, but **will not move stale objects** -- `full_sync`**will not do a group flattening process,** but _will_ move stale objects +- `full_sync` moves stale objects and does not perform a group flattening process - We have decided to do an `init_sync` as this mimics what Customer Success currently does to recover from an AD failure. This feature “automates” this approach within the product. diff --git a/docs/privilegesecurediscovery/2.22/administration/systemmanagement/bulkactions.md b/docs/privilegesecurediscovery/2.22/administration/systemmanagement/bulkactions.md index 128c2a8642..cfdc36dd6a 100644 --- a/docs/privilegesecurediscovery/2.22/administration/systemmanagement/bulkactions.md +++ b/docs/privilegesecurediscovery/2.22/administration/systemmanagement/bulkactions.md @@ -61,7 +61,7 @@ Once the bulk action has been selected the specific configurations for that bulk ## Bulk Actions -Please note this is not an exhaustive representation of bulk actions, but a few examples that are relevant +Please note this section provides only a few relevant examples of bulk actions for getting setup and started. You can also use bulk actions for Linux endpoints, bulk expire and extend, and bulk archive and bulk restore. diff --git a/docs/privilegesecurediscovery/2.22/administration/systemmanagement/commonuierrors.md b/docs/privilegesecurediscovery/2.22/administration/systemmanagement/commonuierrors.md index 5fbbf9dab2..8974b9b7ad 100644 --- a/docs/privilegesecurediscovery/2.22/administration/systemmanagement/commonuierrors.md +++ b/docs/privilegesecurediscovery/2.22/administration/systemmanagement/commonuierrors.md @@ -111,8 +111,8 @@ Indicates an operation that is incompatible with built-in accounts has been atte | Unable to connect to system: (SessionError(), ('STATUS_LOGON_FAILURE', 'The attempted logon is invalid. This is either due to a bad username or authentication information.')) - **177696** | This could be one of two reasons: - Cause 1 – The DNS is not up to date and causes Privilege Secure to connect to the wrong IP, and thus use the wrong credentials. - Cause 2 – Credentials on the system have been changed by another Admin. | | | Unable to connect to system: (SessionError(), ('STATUS_ACCOUNT_LOCKED_OUT', 'The user account has been automatically locked because too many invalid logon attempts or password change attempts have been requested.')) - **20234** | The Privilege Secure service account is locked out, due to the same reasons as STATUS_LOGON_FAILURE | | | Unable to connect to system: (SessionError(), ('STATUS_LOGON_TYPE_NOT_GRANTED', 'A user has requested a type of logon (for example, interactive or network) that has not been granted. An administrator has control over who may logon interactively and through the network.')) - **12575** | This message most likely means Privilege Secure is connecting to the incorrect system, due to the same reason as STATUS_LOGON_FAILURE. | | -| Access Error: STATUS_MEMBER_IN_ALIAS - The specified account name is already a member of the group. - **1031** | Privilege Secure attempted to add a user to the admin group but that account was already present. | | -| Access Error: STATUS_MEMBER_NOT_IN_ALIAS - The specified account name is not a member of the group. - **138** | Privilege Secure attempted to remove a user from the local admin group, but the user was not present in the group. | | +| Access Error: STATUS_MEMBER_IN_ALIAS - The specified account name is already a member of the group. - **1031** | Privilege Secure attempted to add a user to the admin group. That account was already present. | | +| Access Error: STATUS_MEMBER_NOT_IN_ALIAS - The specified account name is not a member of the group. - **138** | Privilege Secure attempted to remove a user from the local admin group. The user was not present in the group. | | | System hostname does not match: (details) - **995** | DNS is not up to date and causes Privilege Secure to connect to the wrong IP | | | Access Error: STATUS_ACCESS_DENIED - \{Access Denied\} A process has requested access to an object but has not been granted those access rights. - **928** | Authentication to the system succeeded for the Privilege Secure service account, but access was denied. | - Verify Service Account (Protect/Scan) is on the local admin group – The service account must be **On System: Yes** and **Persistent: Yes** on every machine that needs scanned. Typically these are managed by a team, process, or GPO. Immediate resolution is to SSH onto the affected box and add the missing Service Account to the local administrator group. - If OAM is Enabled – Disable OAM and in DB $pull any admins found under "config.accounts".  Please contact Customer Success team for assistance. | | (SessionError(), ('STATUS_ACCOUNT_LOCKED_OUT', 'The user account has been automatically locked because too many invalid logon attempts or password change attempts have been requested.')) - **391** | The Privilege Secure service account is locked out, due to too many incorrect login attempts. | | diff --git a/docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/freeze_mode.md b/docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/freeze_mode.md index d0c80647b4..1115f4a662 100644 --- a/docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/freeze_mode.md +++ b/docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/freeze_mode.md @@ -18,8 +18,8 @@ There are two main methods of rolling out Privilege Secure, by machine or by gro Rolling out by machine can be done by individual machines through the UI or en mass using Quickstart. The challenge with this can be that all people needing administrative access to the -machine must be familiar with Privilege Secure and how to gain access. Given the simplicity of -Privilege Secure, this is not a major issue, but it can add to the logistical challenge of rollout. +machine must be familiar with Privilege Secure and how to gain access. This can add to the +logistical challenge of rollout. ### By Group From b4e494be59bff4b27be0456b1913cf2c11b559ed Mon Sep 17 00:00:00 2001 From: TM-PO-Netwrix Date: Tue, 17 Mar 2026 17:07:40 +0100 Subject: [PATCH 07/13] Refine PSD docs for Dale review rules --- .../2.22/administration/configuration/adfailover.md | 6 +++--- .../administration/configuration/advancedfields.md | 2 +- .../configuration/applyserviceaccount.md | 2 +- .../2.22/administration/configuration/gpos.md | 2 +- .../2.22/administration/configuration/linuxandad.md | 8 ++++---- .../administration/configuration/removepersistence.md | 4 ++-- .../administration/configuration/ssoconfiguration.md | 2 +- .../configuration/webservercertificate.md | 2 +- .../2.22/administration/onpremmaintenance/failback.md | 2 +- .../administration/reporting/applicationlogbasics.md | 2 +- .../administration/systemmanagement/commonuierrors.md | 2 +- .../administration/systemmanagement/jitasessions.md | 2 +- .../systemmanagement/linuxaddsudouser.md | 2 +- .../administration/systemmanagement/oamextended.md | 10 +++++----- docs/privilegesecurediscovery/2.22/gettingstarted.md | 2 +- .../2.22/integrations/api/advancedapireference.md | 4 ++-- .../2.22/integrations/api/apikeymanagement.md | 2 +- .../2.22/integrations/siem/additionallogs.md | 2 +- .../2.22/integrations/siem/logs.md | 4 ++-- .../requirements/technicalpreparation/freeze_mode.md | 4 ++-- .../linuxregistrationsprerequisites.md | 2 +- 21 files changed, 34 insertions(+), 34 deletions(-) diff --git a/docs/privilegesecurediscovery/2.22/administration/configuration/adfailover.md b/docs/privilegesecurediscovery/2.22/administration/configuration/adfailover.md index 6c3c98f0db..756b299519 100644 --- a/docs/privilegesecurediscovery/2.22/administration/configuration/adfailover.md +++ b/docs/privilegesecurediscovery/2.22/administration/configuration/adfailover.md @@ -79,7 +79,7 @@ domain **CAUTION:** This is not a `full_sync`! -- `init_sync` will do a group flattening process, but **will not move stale objects** +- `init_sync` will do a group flattening process and **will not move stale objects** - `full_sync` moves stale objects and does not perform a group flattening process - We have decided to do an `init_sync` as this mimics what Customer Success currently does to recover from an AD failure. This feature “automates” this approach within the product. @@ -178,8 +178,8 @@ otherwise-present log fields that are in all ldap logs. | Connection has failed, failure criteria for current dc not yet met (retry attempts) | warning | "Domain Controller (DC) Failover: LDAP Sync failed - Retrying current DC | **current_dc**: server, port of current dc **fail_strategy**: "retry_attempts" **attempts_max**: Max number of retry attempts before trying the next pto a different DC **attempts_current**: number of attempts already completed | | Connection has failed, failure criteria for current dc has been met and we are movig onto the next DC | warning | "Domain Controller (DC) Failover: LDAP Sync failed - Using next DC" | **next_dc**: server, port **attempted_dcs**: server, port of attempted (and failed) dcs **remaining_additional_dcs**: server, port of additional DCs to try | | Connection has failed, failure criteria for current dc not yet met, waiting to retry | info | "Domain Controller (DC) Failover: Waiting to retry current DC" | **server**: hostname of current dc **wait_for_sec**: number of seconds waiting in between retry attempts | -| Initial DC has failed, failover enabled, was able to look up additional DCs via DNS | warning | "Domain Controller (DC) Failover: Found additional DCs" | **additional_dcs:** list of alternate DCs that will be attempted (ordered by priority), comprised of server, port **additional_dc_source**: source of additional dcs, currently should just be "dns_priority" | -| | warning | "Domain Controller (DC) Failover: Unable to find any additional DCs" | **additional_dc_source**: source of additional dcs, currently should just be "dns_priority" | +| Initial DC has failed, failover enabled, was able to look up additional DCs via DNS | warning | "Domain Controller (DC) Failover: Found additional DCs" | **additional_dcs:** list of alternate DCs that will be attempted (ordered by priority), comprised of server, port **additional_dc_source**: source of additional dcs, currently should be "dns_priority" | +| | warning | "Domain Controller (DC) Failover: Unable to find any additional DCs" | **additional_dc_source**: source of additional dcs, currently should be "dns_priority" | | Initial DC success | \* No new log added, it is already logged by svc_ldap \* | | | | Initial DC failed and failover DC has successfully synced | info | "Domain Controller (DC) Failover: LDAP Sync failover succeeded" | **initial_dc**: server, port of initial DC **attempted_dcs**: List of attempted (and failed) dcs, comprised of server, port **failover_dc**: The fail-overed dc hostname **sync_start_ts**: timestamp of sync start **sync_end_ts**: timestamp of sync end, including all faiilover attempts | | Initial DC failed and failover not enabled | error | "LDAP Sync failed" | **dc_failover_enabled**: false **error:** dict of error details **sync_start_ts**: start time of sync **sync_end_ts**: end of sync incuding all time spent in failover routine | diff --git a/docs/privilegesecurediscovery/2.22/administration/configuration/advancedfields.md b/docs/privilegesecurediscovery/2.22/administration/configuration/advancedfields.md index 00ece057d9..a89cbd1de0 100644 --- a/docs/privilegesecurediscovery/2.22/administration/configuration/advancedfields.md +++ b/docs/privilegesecurediscovery/2.22/administration/configuration/advancedfields.md @@ -145,7 +145,7 @@ The Strategy may be entered with any of following values: OS-BEST-PRACTICE, MANA The OAM Name Template accepts a string with wildcards expressed by question marks (?). If left blank it will default to the currentvalue, or to "S1_ALT_??????". -The remaining options may be included, but must not conflict with the defined strategy. +The remaining options may be included when they do not conflict with the defined strategy. ## Default Settings by Strategy diff --git a/docs/privilegesecurediscovery/2.22/administration/configuration/applyserviceaccount.md b/docs/privilegesecurediscovery/2.22/administration/configuration/applyserviceaccount.md index a2c7ce6e86..dcaacb84b8 100644 --- a/docs/privilegesecurediscovery/2.22/administration/configuration/applyserviceaccount.md +++ b/docs/privilegesecurediscovery/2.22/administration/configuration/applyserviceaccount.md @@ -108,7 +108,7 @@ within the file name. Use the --dry-run flag to check that file will make the in Tips -If Excel is unwieldly slow rows can be deleted for machines that have not been scanned. But, instead +If Excel is unwieldly slow rows can be deleted for machines that have not been scanned. Instead of filtering and deleting, sort based on the last_scanned column and then delete the unwanted rows. Sorting and deleting is many times faster for Excel. This can also resolve issues with Excel crashing. Another benefit is the upload back to Privilege Secure will be faster with fewer rows. diff --git a/docs/privilegesecurediscovery/2.22/administration/configuration/gpos.md b/docs/privilegesecurediscovery/2.22/administration/configuration/gpos.md index 3bdd675051..48a60ee768 100644 --- a/docs/privilegesecurediscovery/2.22/administration/configuration/gpos.md +++ b/docs/privilegesecurediscovery/2.22/administration/configuration/gpos.md @@ -27,7 +27,7 @@ accounts) and GPO, using Restricted Groups, is removing them again. build) use the GPO option for "Apply once and do not reapply". - Do not rely on "Restricted Groups" to tightly control the Local Administrators group. That is what Privilege Secure is for. Instead use "Preferences" to _add_ Persistent accounts to the Local - Administrators group (but not remove any). See an example of this type of GPO below under "More + Administrators group without removing any existing entries. See an example of this type of GPO below under "More Information". ## More Information diff --git a/docs/privilegesecurediscovery/2.22/administration/configuration/linuxandad.md b/docs/privilegesecurediscovery/2.22/administration/configuration/linuxandad.md index 74b83275d6..5bd7ceda54 100644 --- a/docs/privilegesecurediscovery/2.22/administration/configuration/linuxandad.md +++ b/docs/privilegesecurediscovery/2.22/administration/configuration/linuxandad.md @@ -43,7 +43,7 @@ local accounts or AD Directory accounts, we have you covered. PowerBroker Open and SSSD. - Lightweight & Powerful - Scans, parses and stores privileged access permissions centrally - - Simple reporting on every account with privileged access + - Detailed reporting on every account with privileged access - View the specific privileged access of a user or group without needing to understand Sudo syntax - Skilled Linux admins can use the full capability of Sudo without interference @@ -54,14 +54,14 @@ local accounts or AD Directory accounts, we have you covered. step to establish a local service account with SSH access and Sudo permissions. - [Privilege Secure and Linux](./linux.md) - AD-joined Linux systems (Using Centrify, PB Open, SSSD/RealmD) will be discovered in AD by - Privilege Secure before "registration" occurs but can not be Scanned or protected until a + Privilege Secure before "registration" occurs and cannot be Scanned or protected until a Privilege Secure service account is established on the system. - Privilege Secure scans, inventories and changes local and domain account's Sudo access to ensure authorized JITA or persistent Sudo access is enforced and reportable. Privilege Secure uses its service account to do this over SSH. - When Linux systems use Privilege Secure Lightweight Directory-Bridging Privilege Secure controls - Sudo authorizations and creates a local accounts corresponding to domain users. On systems that - are not AD-joined, domain users cannot sign into the system. To enable domain users to have JITA + Sudo authorizations and creates local accounts corresponding to domain users. On systems that + are not AD-joined, domain sign-in is unavailable. To enable domain users to have JITA access, Privilege Secure creates a local account with the same username and password as the domain user.  When JITA expires, the local account password is scrambled to block the user from signing until the next JITA session. diff --git a/docs/privilegesecurediscovery/2.22/administration/configuration/removepersistence.md b/docs/privilegesecurediscovery/2.22/administration/configuration/removepersistence.md index 059f584f62..6f94f11701 100644 --- a/docs/privilegesecurediscovery/2.22/administration/configuration/removepersistence.md +++ b/docs/privilegesecurediscovery/2.22/administration/configuration/removepersistence.md @@ -58,7 +58,7 @@ out: The group(s) should now be reviewed for any service accounts that are exist within the group(s). These -do not need to be removed from the group, but should be applied directly to the same machines that +do not need to be removed from the group and should be applied directly to the same machines that the group exists on. This will ensure that the software or process that utilizes that service account will continue to run. @@ -123,7 +123,7 @@ group must now use Privilege Secure. Tips -- If Excel is unwieldly slow rows can be deleted for machines that have not been scanned. But, +- If Excel is unwieldly slow rows can be deleted for machines that have not been scanned. Instead instead of filtering and deleting, sort based on the last_scanned column and then delete the unwanted rows. Sorting and deleting is many times faster for Excel. This can also resolve issues with Excel crashing. Another benefit is the upload back to Privilege Secure will be faster with diff --git a/docs/privilegesecurediscovery/2.22/administration/configuration/ssoconfiguration.md b/docs/privilegesecurediscovery/2.22/administration/configuration/ssoconfiguration.md index 109524927c..851b8b219e 100644 --- a/docs/privilegesecurediscovery/2.22/administration/configuration/ssoconfiguration.md +++ b/docs/privilegesecurediscovery/2.22/administration/configuration/ssoconfiguration.md @@ -40,4 +40,4 @@ specific IDP configuration: encryption/decryption processess. - SSO Enabled – Enabled or disabled flag.  Enabling this will force SSO authentication, and the local login view of Privilege Secure will subsequently be disabled.  In this mode, local login is - still available for services management but not for Domain User or Group authentication. + still available for services management and unavailable for Domain User or Group authentication. diff --git a/docs/privilegesecurediscovery/2.22/administration/configuration/webservercertificate.md b/docs/privilegesecurediscovery/2.22/administration/configuration/webservercertificate.md index ab4569890d..9eb763459c 100644 --- a/docs/privilegesecurediscovery/2.22/administration/configuration/webservercertificate.md +++ b/docs/privilegesecurediscovery/2.22/administration/configuration/webservercertificate.md @@ -134,7 +134,7 @@ of SSL on a server. What are PFX and PEM Files? PEM or Privacy Enhanced Mail is a Base64 encoded DER certificate. PEM certificates are frequently -used for web servers because they can be translated into readable data using a simple text editor. +used for web servers because they can be translated into readable data using a text editor. Generally when a PEM encoded file is opened in a text editor, it contains very distinct headers and footers. Process: diff --git a/docs/privilegesecurediscovery/2.22/administration/onpremmaintenance/failback.md b/docs/privilegesecurediscovery/2.22/administration/onpremmaintenance/failback.md index 9fb5dc1878..bfed3e675f 100644 --- a/docs/privilegesecurediscovery/2.22/administration/onpremmaintenance/failback.md +++ b/docs/privilegesecurediscovery/2.22/administration/onpremmaintenance/failback.md @@ -132,7 +132,7 @@ the status for. Example to check the running status of the API service, the comm Due to the process of the failback being intentionally manual, you will need to run the [failback_restore.sh](https://remediant.quip.com/RAD4AZfebK9M#failback_restoresh) script on PROD, -which will restore the database that was just backed up and SCP’d over to PROD in the above step #3. +which will restore the database that was backed up and SCP’d over to PROD in the above step #3. First confirm the backup created on -DR has been SCP'd over to PROD, in the /secureone/data/db/failback directory. The top file will be the newest file created with the below command. diff --git a/docs/privilegesecurediscovery/2.22/administration/reporting/applicationlogbasics.md b/docs/privilegesecurediscovery/2.22/administration/reporting/applicationlogbasics.md index f89f765a2b..1f631562ba 100644 --- a/docs/privilegesecurediscovery/2.22/administration/reporting/applicationlogbasics.md +++ b/docs/privilegesecurediscovery/2.22/administration/reporting/applicationlogbasics.md @@ -119,7 +119,7 @@ no availability to review the logs historically with this method, which is why t logging files mentioned above. These logs are in JSON format and are color coded. This command/tool is best used for -troubleshooting of Fluentd service or API, if API local logging is not configured yet, but has other +troubleshooting of Fluentd service or API, when API local logging is not configured yet. It also has other uses. `s1 logs` diff --git a/docs/privilegesecurediscovery/2.22/administration/systemmanagement/commonuierrors.md b/docs/privilegesecurediscovery/2.22/administration/systemmanagement/commonuierrors.md index 8974b9b7ad..5e41fe52df 100644 --- a/docs/privilegesecurediscovery/2.22/administration/systemmanagement/commonuierrors.md +++ b/docs/privilegesecurediscovery/2.22/administration/systemmanagement/commonuierrors.md @@ -114,7 +114,7 @@ Indicates an operation that is incompatible with built-in accounts has been atte | Access Error: STATUS_MEMBER_IN_ALIAS - The specified account name is already a member of the group. - **1031** | Privilege Secure attempted to add a user to the admin group. That account was already present. | | | Access Error: STATUS_MEMBER_NOT_IN_ALIAS - The specified account name is not a member of the group. - **138** | Privilege Secure attempted to remove a user from the local admin group. The user was not present in the group. | | | System hostname does not match: (details) - **995** | DNS is not up to date and causes Privilege Secure to connect to the wrong IP | | -| Access Error: STATUS_ACCESS_DENIED - \{Access Denied\} A process has requested access to an object but has not been granted those access rights. - **928** | Authentication to the system succeeded for the Privilege Secure service account, but access was denied. | - Verify Service Account (Protect/Scan) is on the local admin group – The service account must be **On System: Yes** and **Persistent: Yes** on every machine that needs scanned. Typically these are managed by a team, process, or GPO. Immediate resolution is to SSH onto the affected box and add the missing Service Account to the local administrator group. - If OAM is Enabled – Disable OAM and in DB $pull any admins found under "config.accounts".  Please contact Customer Success team for assistance. | +| Access Error: STATUS_ACCESS_DENIED - \{Access Denied\} A process has requested access to an object and has not been granted those access rights. - **928** | Authentication to the system succeeded for the Privilege Secure service account. Access was denied. | - Verify Service Account (Protect/Scan) is on the local admin group – The service account must be **On System: Yes** and **Persistent: Yes** on every machine that needs scanned. Typically these are managed by a team, process, or GPO. To resolve the issue immediately, SSH onto the affected box and add the missing Service Account to the local administrator group. - If OAM is Enabled – Disable OAM and in DB $pull any admins found under "config.accounts".  Please contact Customer Success team for assistance. | | (SessionError(), ('STATUS_ACCOUNT_LOCKED_OUT', 'The user account has been automatically locked because too many invalid logon attempts or password change attempts have been requested.')) - **391** | The Privilege Secure service account is locked out, due to too many incorrect login attempts. | | | (SessionError(), ('STATUS_LOGON_FAILURE', 'The attempted logon is invalid. This is either due to a bad username or authentication information.')) - **345** | The Privilege Secure service account failed authentication, due to the same reasons as STATUS_LOGON_FAILURE | | | The attempted logon is invalid. This is either due to a bad username or authentication information. - **105** | The Privilege Secure service account failed authentication, due to the same reasons as STATUS_LOGON_FAILURE | | diff --git a/docs/privilegesecurediscovery/2.22/administration/systemmanagement/jitasessions.md b/docs/privilegesecurediscovery/2.22/administration/systemmanagement/jitasessions.md index 37f1227ce3..504c4fd753 100644 --- a/docs/privilegesecurediscovery/2.22/administration/systemmanagement/jitasessions.md +++ b/docs/privilegesecurediscovery/2.22/administration/systemmanagement/jitasessions.md @@ -13,7 +13,7 @@ Starting and Managing JITA Sessions for Another User The Privilege Secure Administrator role can start, extend and expire JITA sessions on behalf of another user. This can be especially useful for vendors and contractors to avoid having to provide them access to Privilege Secure. It can also be very useful in conjunction with an EDR solution to -elevate access for a user who is not connected to the corporate network or VPN, but has internet +elevate access for a user who is not connected to the corporate network or VPN and has internet access. To delegate access to another user the following steps should be taken: diff --git a/docs/privilegesecurediscovery/2.22/administration/systemmanagement/linuxaddsudouser.md b/docs/privilegesecurediscovery/2.22/administration/systemmanagement/linuxaddsudouser.md index 355945d8f5..42e60ce505 100644 --- a/docs/privilegesecurediscovery/2.22/administration/systemmanagement/linuxaddsudouser.md +++ b/docs/privilegesecurediscovery/2.22/administration/systemmanagement/linuxaddsudouser.md @@ -28,7 +28,7 @@ example user: `sudo adduser example_user` **Step 7 –** Test sudo for user: - Switch to user: `sudo su - example_user` -- Test with simple command:  `sudo date` +- Test with a basic command:  `sudo date` - Enter password ### Optional:  Turn off Password Check diff --git a/docs/privilegesecurediscovery/2.22/administration/systemmanagement/oamextended.md b/docs/privilegesecurediscovery/2.22/administration/systemmanagement/oamextended.md index 04214cbe59..392074d012 100644 --- a/docs/privilegesecurediscovery/2.22/administration/systemmanagement/oamextended.md +++ b/docs/privilegesecurediscovery/2.22/administration/systemmanagement/oamextended.md @@ -63,7 +63,7 @@ Built-In, and Custom.  These strategies are detailed below. - The rotation and management of the alternate administrator account’s password. - The rotation and management of the built-in Administrator account’s password. - The disabling of the built-in Administrator account. -- Revealing OAM account passwords to S1 admins, but not to JITA or persistent non-admin users. +- Revealing OAM account passwords to S1 admins while withholding them from JITA or persistent non-admin users. - Note that the name of the alternate administrator account is not strictly part of the “Best Practices”. The default setting is more for convenience. If the name has previously been set by @@ -106,7 +106,7 @@ Below is a screenshot when the policy has not yet been applied, or has been set ![LOAM-UI-test-Unmanaged-default.webp](/images/privilegesecure/4.2/discovery/admin/systemmanagement/360043745553_oam-ui-test-unmanaged-default.webp) As an example of seeing most of the options in action, the screenshot below show a custom strategy -setting by selecting “Advanced...”. In the case shown, this is just “Best Practice” plus the added +setting by selecting “Advanced...”. In the case shown, this is “Best Practice” with the added feature of randomizing the Alt-Admin name. ![LOAM-grant-access-overview2.webp](/images/privilegesecure/4.2/discovery/admin/systemmanagement/360043745553_oam-grant-access-overview2.webp) @@ -184,7 +184,7 @@ if no previous policy was set. The OAM Name Template accepts a string with wildcards expressed by question marks (?). If left blank it will default to the current value, or to S1_ALT_ADMIN. -The remaining options may be included, but must not conflict with the defined strategy. +The remaining options may be included when they do not conflict with the defined strategy. Default Settings by Strategy | Option \ Strategy | OS-BEST-PRACTICE | MANAGED-BUILT-IN | CUSTOM | @@ -221,7 +221,7 @@ The screenshot below shows access using Postman to test access to the API end-po When the OAM policy is set, even though it may be possible to set a `Strategy` option of say `'os-best-practice'` or `'managed-built-in'`, the default fine-grained policy options will be -persisted to the database so that querying the data is simple. +persisted to the database so that querying the data is more direct. All of the fine-grained functionality across both the ‘Built-in Admin’ and the ‘Alternate Admin’ (which may not even exist at the time of setting the policy) are consolidated into options under @@ -294,7 +294,7 @@ The second step is to ensure that the built-in administrator account is enabled configured. If the Alternate administrator account name setting has been changed, the scanner will remove any previous alternate administrator account that is not longer in us. This will **fully** remove that -user from the system, not just remove them from the administrators group. +user from the system, rather than only removing them from the administrators group. Passwords of the alternate and built-in Administrator accounts will then be rotated as needed. ## Password Rotation Configuration diff --git a/docs/privilegesecurediscovery/2.22/gettingstarted.md b/docs/privilegesecurediscovery/2.22/gettingstarted.md index 5a474bdaea..00d1709944 100644 --- a/docs/privilegesecurediscovery/2.22/gettingstarted.md +++ b/docs/privilegesecurediscovery/2.22/gettingstarted.md @@ -115,7 +115,7 @@ protect mode JITA. This can be done from the Access/Grant Access page. ![blobid3.webp](/images/privilegesecure/4.2/discovery/360048268793_blobid3.webp) Placing the server into protect mode removes the accounts, that are not persistent, from the server -and adds them to Privilege Secure. These remain available for use, but they are now available for +and adds them to Privilege Secure. These remain available for use, and they are now available for use on a Just In Time Access (JITA) approach. This means that a user of Privilege Secure can access the system provided that they also a member of an AD group that has access to the system. Privilege Secure does not manipulate Active Directory. diff --git a/docs/privilegesecurediscovery/2.22/integrations/api/advancedapireference.md b/docs/privilegesecurediscovery/2.22/integrations/api/advancedapireference.md index 92e9f1ace8..bf6b6e04e3 100644 --- a/docs/privilegesecurediscovery/2.22/integrations/api/advancedapireference.md +++ b/docs/privilegesecurediscovery/2.22/integrations/api/advancedapireference.md @@ -17,7 +17,7 @@ The Privilege Secure Advanced API: - is case sensitive - supports boolean logic and date queries as well as other advanced queries (see below) -## Simple API Notes (current non-advanced api) +## Current API Notes (non-advanced api) - is not case sensitive @@ -135,7 +135,7 @@ Units: `s`, `m`, `h`, `d`, `w`, `M`, `y` | `now-1d` | `-1d` | Subtract one day from now | | ```now-1d | d``` | ```-1d | d``` | Subtract one day from now, round down to start of day | | `now+1d/d` | `+1d/d` | Add one day to now, round up to end of day | -| `now` | | Just returns the date corresponding to now | +| `now` | | Returns the date corresponding to now | | ```now | d``` | | Rounds down to todays start of day. | | `now/d` | | Rounds up to todays end of day. | diff --git a/docs/privilegesecurediscovery/2.22/integrations/api/apikeymanagement.md b/docs/privilegesecurediscovery/2.22/integrations/api/apikeymanagement.md index 04129d6f72..a54dff9fbf 100644 --- a/docs/privilegesecurediscovery/2.22/integrations/api/apikeymanagement.md +++ b/docs/privilegesecurediscovery/2.22/integrations/api/apikeymanagement.md @@ -23,7 +23,7 @@ The "Create API Key" button will open the New API Key screen: ![Screen_Shot_2022-02-03_at_2.05.L52_PM.webp](/images/privilegesecure/4.2/discovery/integrations/api/4421422443287_screen_shot_2022-02-03_at_2.05.52_pm.webp) -The permissions can be restricted to "just registration" or all APIs. The linked users will be the +The permissions can be restricted to "registration only" or all APIs. The linked users will be the Privilege Secure user(s) that can utilize the key. Upon saving the "New API Key Secret" screen will be displayed. diff --git a/docs/privilegesecurediscovery/2.22/integrations/siem/additionallogs.md b/docs/privilegesecurediscovery/2.22/integrations/siem/additionallogs.md index 23d685d6f5..b83d7f410e 100644 --- a/docs/privilegesecurediscovery/2.22/integrations/siem/additionallogs.md +++ b/docs/privilegesecurediscovery/2.22/integrations/siem/additionallogs.md @@ -14,7 +14,7 @@ Additional Logs - Critical – Service is going down - Eerror – a problem -- Warning – Something concerning, but may not actually be a problem +- Warning – Something concerning that may not indicate a problem - Example:  Most network-related issues are only a problem if they happen frequently diff --git a/docs/privilegesecurediscovery/2.22/integrations/siem/logs.md b/docs/privilegesecurediscovery/2.22/integrations/siem/logs.md index cb03ccd6e8..198f8a32f4 100644 --- a/docs/privilegesecurediscovery/2.22/integrations/siem/logs.md +++ b/docs/privilegesecurediscovery/2.22/integrations/siem/logs.md @@ -41,11 +41,11 @@ Example ### Log Levels -**NOTE:** Older log messages may not follow this format, but are being migrated over. +**NOTE:** Older log messages may not follow this format and are being migrated over. - Critical – Service is going down (people should be woken up) - Error – Definitely a problem (should be reported to someone, tests should fail) -- Warning – Something concerning, but may not actually be a problem +- Warning – Something concerning that may not indicate a problem - Example – Most network-related issues are only a problem if they happen frequently diff --git a/docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/freeze_mode.md b/docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/freeze_mode.md index 1115f4a662..af457efddf 100644 --- a/docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/freeze_mode.md +++ b/docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/freeze_mode.md @@ -118,9 +118,9 @@ reports_2.9.py –insecure Adjust the command to suit the specific version of quickstart used. -The resultant spreadsheet should be filtered to show the machines that are not in protect mode but +The resultant spreadsheet should be filtered to show the machines that are not in protect mode and have a scan date. These are the machines to be targeted for protect mode (this would be further -restricted if just looking for workstations or servers). +restricted when looking only for workstations or servers). ![LScreenshot_2022-03-30_211054.webp](/images/privilegesecure/4.2/discovery/4412001676439_screenshot_2022-03-30_211054_255x145.webp) diff --git a/docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/linuxregistrationsprerequisites.md b/docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/linuxregistrationsprerequisites.md index 70700db90d..c3f3a6fce9 100644 --- a/docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/linuxregistrationsprerequisites.md +++ b/docs/privilegesecurediscovery/2.22/requirements/technicalpreparation/linuxregistrationsprerequisites.md @@ -58,7 +58,7 @@ Additional Python version downloads can be accessed here: Of these 3 items, the only one which tends to cause confusion is the requirement that Python 2.7 be installed, due to Python 3 being more widely utilized, particularly as newer Linux operating systems/kernels either a) do not come with Python pre-installed, or b) DO come with Python 3 -installed, but not 2.7.  When this happens, certain path variables can cause the Ansible backend to +installed instead of 2.7.  When this happens, certain path variables can cause the Ansible backend to fail, because it is looking for the 'python' variable, which may be assigned to Python3 by default. One way to resolve this issue is to create a symbolic link to the Python 2.7 binaries - though From b76ec91c9d4f3eace036997fb4394dc66c0d3805 Mon Sep 17 00:00:00 2001 From: TM-PO-Netwrix Date: Tue, 17 Mar 2026 17:19:53 +0100 Subject: [PATCH 08/13] Resolve final Dale API wording issue --- .../2.22/integrations/api/advancedapireference.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/privilegesecurediscovery/2.22/integrations/api/advancedapireference.md b/docs/privilegesecurediscovery/2.22/integrations/api/advancedapireference.md index bf6b6e04e3..4f27575d35 100644 --- a/docs/privilegesecurediscovery/2.22/integrations/api/advancedapireference.md +++ b/docs/privilegesecurediscovery/2.22/integrations/api/advancedapireference.md @@ -143,8 +143,8 @@ Notes: - a Week starts on Sunday. “Start of X”, “End of X” see [https://momentjs.com/docs/#/manipulating/start-of/](https://momentjs.com/docs/#httpsmomentjscomdocsmanipulatingstart-of) -- `-1M` is not 30 days, it will try to keep the same date for the previous month, clamping if can - not +- `-1M` does not represent a fixed 30-day interval. It tries to keep the same date in the previous + month and clamps when needed. - `2019-03-15``````-1M` → `2019-02-15` - `2019-03-31``````-1M` → `2019-02-28` (clamped) From c9484b662299c8ac404c7226c84494baafe46e06 Mon Sep 17 00:00:00 2001 From: TM-PO-Netwrix Date: Tue, 17 Mar 2026 17:29:26 +0100 Subject: [PATCH 09/13] Resolve Dale wording in access risk docs --- .../2.22/administration/reporting/accessrisk.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/privilegesecurediscovery/2.22/administration/reporting/accessrisk.md b/docs/privilegesecurediscovery/2.22/administration/reporting/accessrisk.md index 0c4fb93a88..2752ba7ad9 100644 --- a/docs/privilegesecurediscovery/2.22/administration/reporting/accessrisk.md +++ b/docs/privilegesecurediscovery/2.22/administration/reporting/accessrisk.md @@ -14,8 +14,8 @@ The purpose of this document is to outline the relevant features of the Access R will provide key insights and reporting as it relates to standing privilege and assessing attack surface. This feature was added to Privilege Secure in 2.12.0. -The access risk capability is not enabled by default. It is designed to capture data from the last -90 days giving a number of key value items: +The access risk capability is disabled by default and captures data from the last 90 days, giving a +number of key value items: - Concise summary of the standing privileged access attack surface across Windows, Mac and Linux systems. From 19614ffab57f7d26a94500e4c4a23c4a80a6abbe Mon Sep 17 00:00:00 2001 From: TM-PO-Netwrix Date: Tue, 17 Mar 2026 17:40:06 +0100 Subject: [PATCH 10/13] Clear remaining Dale wording findings --- .../2.22/administration/configuration/linuxandad.md | 2 +- .../2.22/administration/configuration/linuxsimplified2.18+.md | 4 ++-- .../2.22/administration/configuration/ssoconfiguration.md | 2 +- .../2.22/administration/systemmanagement/oamextended.md | 2 +- docs/privilegesecurediscovery/2.22/index.md | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/privilegesecurediscovery/2.22/administration/configuration/linuxandad.md b/docs/privilegesecurediscovery/2.22/administration/configuration/linuxandad.md index 5bd7ceda54..1fcd1c334c 100644 --- a/docs/privilegesecurediscovery/2.22/administration/configuration/linuxandad.md +++ b/docs/privilegesecurediscovery/2.22/administration/configuration/linuxandad.md @@ -44,7 +44,7 @@ local accounts or AD Directory accounts, we have you covered. - Lightweight & Powerful - Scans, parses and stores privileged access permissions centrally - Detailed reporting on every account with privileged access - - View the specific privileged access of a user or group without needing to understand Sudo + - View the specific privileged access of a user or group without parsing Sudo syntax - Skilled Linux admins can use the full capability of Sudo without interference diff --git a/docs/privilegesecurediscovery/2.22/administration/configuration/linuxsimplified2.18+.md b/docs/privilegesecurediscovery/2.22/administration/configuration/linuxsimplified2.18+.md index 252f4e12ac..5154a34ebe 100644 --- a/docs/privilegesecurediscovery/2.22/administration/configuration/linuxsimplified2.18+.md +++ b/docs/privilegesecurediscovery/2.22/administration/configuration/linuxsimplified2.18+.md @@ -17,8 +17,8 @@ files locate in /etc/sudoers.d) into the /etc/sudoers file, and disable sudo per acquired from those sources. The domain configuration can be used to configure an existing account on Linux machines to be -utilized as the protect account for managing the endpoint. This saves the need to register an -account on each endpoint and provides for a simplified rollout. +utilized as the protect account for managing the endpoint. This avoids the need to register an +account on each endpoint and supports a more consistent rollout process. **Step 1 –** Ensure that the domain Linux service account has sudo permission on the systems Privilege Secure is to manage sudo privileges on. diff --git a/docs/privilegesecurediscovery/2.22/administration/configuration/ssoconfiguration.md b/docs/privilegesecurediscovery/2.22/administration/configuration/ssoconfiguration.md index 851b8b219e..f53d9fb01c 100644 --- a/docs/privilegesecurediscovery/2.22/administration/configuration/ssoconfiguration.md +++ b/docs/privilegesecurediscovery/2.22/administration/configuration/ssoconfiguration.md @@ -23,7 +23,7 @@ specific IDP configuration: - Entrypoint – Entrypoint designates the URL to which Privilege Secure will redirect all identity authentication activity.  This nomenclature differs with each IdP, but is ultimately is the application-specific URL generated by the IdP/Issuer upon the creation a new application within - the IDP interface.  The simplest way to think of the 'Entrypoint' value is: where must Privilege + the IDP interface.  Think of the 'Entrypoint' value as: where must Privilege Secure redirect its logon to once SSO is set to enabled? - Issuer – Issuer refers to the URL of the IdP Issuer.  Generally when a new application is created within the IdP, it is assigned its own unique URL, such as: diff --git a/docs/privilegesecurediscovery/2.22/administration/systemmanagement/oamextended.md b/docs/privilegesecurediscovery/2.22/administration/systemmanagement/oamextended.md index 392074d012..a134df19d9 100644 --- a/docs/privilegesecurediscovery/2.22/administration/systemmanagement/oamextended.md +++ b/docs/privilegesecurediscovery/2.22/administration/systemmanagement/oamextended.md @@ -50,7 +50,7 @@ These settings may be set: ## Strategies -To simplify getting setup, several preset bundles of configuration settings have been grouped into +To support setup, several preset bundles of configuration settings have been grouped into what we are calling a “Strategy”. There are 3 strategies available:  Best Practices, Managed Built-In, and Custom.  These strategies are detailed below. diff --git a/docs/privilegesecurediscovery/2.22/index.md b/docs/privilegesecurediscovery/2.22/index.md index 16940596cb..aab314aaf8 100644 --- a/docs/privilegesecurediscovery/2.22/index.md +++ b/docs/privilegesecurediscovery/2.22/index.md @@ -12,7 +12,7 @@ Netwrix Privilege Secure for Discovery v2.22 Documentation Netwrix Privilege Secure for Discovery (formerly Remediant SecureONE) enables IT administrators and security analysts to have dynamic and continuous visibility into their organization's privileged -accounts and manage them with a single click. Users then self-administer privilege access, getting +accounts and manage them from a single interface. Users then self-administer privilege access, getting access to only the right resource, at the right moment and for the length of time they need to complete their job. This approach eliminates standing privileges, effectively preventing lateral movement attacks, and significantly reducing an organization’s attack surface. From d450c755e768b0258093b651289609998658dfb7 Mon Sep 17 00:00:00 2001 From: dsalyamova Date: Wed, 18 Mar 2026 11:47:03 +0000 Subject: [PATCH 11/13] update risk assessment article (#546) --- docs/auditor/10.8/admin/riskassessment/dashboard.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/auditor/10.8/admin/riskassessment/dashboard.md b/docs/auditor/10.8/admin/riskassessment/dashboard.md index 8b3f062627..bf5967650e 100644 --- a/docs/auditor/10.8/admin/riskassessment/dashboard.md +++ b/docs/auditor/10.8/admin/riskassessment/dashboard.md @@ -59,6 +59,10 @@ Also, for several metrics the Customize risk indicators command is available. | Servers with unauthorized antivirus software | Edit the whitelist of permitted antivirus tools. Any other antivirus will be considered a risk factor. | | Administrative group membership sprawl | Edit the whitelist of permitted accounts that can be the members of local administrative groups. Any other account will be considered a risk factor. | +**Note:** Special characters such as %, *, and ? are not interpreted as wildcards in risk indicator customization and are treated as literal characters. The only exception is the domain portion of +domain\account entries in Administrative group membership sprawl, where % can be used to represent any domain. In all other cases (for example, account names, file names, operating system names, and antivirus names), +values must be entered explicitly and are not matched using wildcard patterns. + New settings will be applied/risk level thresholds will be refreshed after the next data collection session. From 2c232a65ae922a2488e571238875c1a86a1974f0 Mon Sep 17 00:00:00 2001 From: jth-nw Date: Wed, 18 Mar 2026 10:35:01 -0500 Subject: [PATCH 12/13] skill update --- .claude/skills/doc-help/SKILL.md | 3 ++- CLAUDE.md | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.claude/skills/doc-help/SKILL.md b/.claude/skills/doc-help/SKILL.md index fff407e454..f743afff25 100644 --- a/.claude/skills/doc-help/SKILL.md +++ b/.claude/skills/doc-help/SKILL.md @@ -1,6 +1,6 @@ --- name: doc-help -description: "Interactive writing assistant for Netwrix documentation. Use when a writer wants hands-on, conversational help: brainstorming structure, drafting a section, editing existing content, or understanding a style or Vale rule. For fully autonomous tasks (write this entire doc, fix all Vale errors end-to-end), use the tech-writer agent instead." +description: "Interactive writing assistant for Netwrix documentation. Use when a writer wants hands-on, conversational help: brainstorming structure, drafting a section, editing existing content, incorporating external documents (e.g., .docx files) into existing markdown files, or understanding a style or Vale rule. For fully autonomous tasks (write this entire doc, fix all Vale errors end-to-end), use the tech-writer agent instead." argument-hint: "[topic, file path, content to edit, or question]" --- @@ -14,6 +14,7 @@ Read `docs/CLAUDE.md` before starting any session. It contains the Netwrix style - User invokes `/doc-help` with or without arguments - User asks for help writing, editing, or reviewing Netwrix documentation +- User asks to incorporate, merge, or integrate content from an external document (e.g., `.docx`) into an existing markdown file - User has a question about a style rule, Vale error, or Netwrix writing convention ## Stage 1: Intake diff --git a/CLAUDE.md b/CLAUDE.md index ea1a443071..2f840c6b61 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -82,7 +82,7 @@ PRs target `dev`. Never commit directly to `dev` or `main`. The `sync-dev-to-mai Skills (`.claude/skills/`) are invoked with `/skill-name`. Agents (`.claude/agents/`) are autonomous workers launched via the Agent tool. When a user asks for help with documentation, always use the appropriate tool: -- **`/doc-help` skill** — Interactive tasks: reviewing content, suggesting improvements, discussing structure or flow, brainstorming, explaining style rules, or any back-and-forth conversation about writing. +- **`/doc-help` skill** — Interactive tasks: reviewing content, suggesting improvements, discussing structure or flow, brainstorming, explaining style rules, incorporating external documents (e.g., `.docx` files) into existing markdown files, or any back-and-forth conversation about writing. - **`tech-writer` agent** — Autonomous end-to-end tasks: drafting new documents, rewriting files, fixing all Vale errors, or editing for style and clarity. | Component | Type | Purpose | From d99a9431c968bdb6506819616aad034ef7c327f2 Mon Sep 17 00:00:00 2001 From: jth-nw Date: Wed, 18 Mar 2026 10:40:36 -0500 Subject: [PATCH 13/13] feat: add 6 missing Dale linter rules Add exclamatory-sentences, idioms, misplaced-modifiers, passive-voice, positional-references, and wordiness rules that were present locally but never committed to the repository. Co-Authored-By: Claude Opus 4.6 (1M context) --- .claude/skills/dale/rules/exclamatory-sentences.yml | 3 +++ .claude/skills/dale/rules/idioms.yml | 3 +++ .claude/skills/dale/rules/misplaced-modifiers.yml | 3 +++ .claude/skills/dale/rules/passive-voice.yml | 3 +++ .claude/skills/dale/rules/positional-references.yml | 3 +++ .claude/skills/dale/rules/wordiness.yml | 3 +++ 6 files changed, 18 insertions(+) create mode 100644 .claude/skills/dale/rules/exclamatory-sentences.yml create mode 100644 .claude/skills/dale/rules/idioms.yml create mode 100644 .claude/skills/dale/rules/misplaced-modifiers.yml create mode 100644 .claude/skills/dale/rules/passive-voice.yml create mode 100644 .claude/skills/dale/rules/positional-references.yml create mode 100644 .claude/skills/dale/rules/wordiness.yml diff --git a/.claude/skills/dale/rules/exclamatory-sentences.yml b/.claude/skills/dale/rules/exclamatory-sentences.yml new file mode 100644 index 0000000000..572bb95bb8 --- /dev/null +++ b/.claude/skills/dale/rules/exclamatory-sentences.yml @@ -0,0 +1,3 @@ +message: "Don't use exclamatory sentences." +level: warning +reason: "This rule should trigger when the user or agent writes exclamatory sentences." \ No newline at end of file diff --git a/.claude/skills/dale/rules/idioms.yml b/.claude/skills/dale/rules/idioms.yml new file mode 100644 index 0000000000..55507fd9df --- /dev/null +++ b/.claude/skills/dale/rules/idioms.yml @@ -0,0 +1,3 @@ +message: "Don't use idioms. Write what you mean more directly and literally." +level: warning +reason: "This rule should trigger when the user or agent uses an idiom or other culturally specific expression." \ No newline at end of file diff --git a/.claude/skills/dale/rules/misplaced-modifiers.yml b/.claude/skills/dale/rules/misplaced-modifiers.yml new file mode 100644 index 0000000000..e83c9d9730 --- /dev/null +++ b/.claude/skills/dale/rules/misplaced-modifiers.yml @@ -0,0 +1,3 @@ +message: "Avoid misplaced modifiers. Move the modifier, or descriptive phrase, so that it accurately describes the right thing." +level: warning +reason: "This rule should trigger when the documentation has a misplaced or dangling modifier. This includes participial phrases that attach to the wrong subject (e.g., '[participle phrase], [wrong subject] [verb]') and modifying clauses placed too far from the word they describe (e.g., '[noun A] [preposition] [noun B] [modifier that actually describes noun A]')." \ No newline at end of file diff --git a/.claude/skills/dale/rules/passive-voice.yml b/.claude/skills/dale/rules/passive-voice.yml new file mode 100644 index 0000000000..8d02152714 --- /dev/null +++ b/.claude/skills/dale/rules/passive-voice.yml @@ -0,0 +1,3 @@ +message: "Don't use passive voice. Use active voice instead." +level: warning +reason: "This rule should trigger when the user or agent writes a sentence or clause in passive voice." \ No newline at end of file diff --git a/.claude/skills/dale/rules/positional-references.yml b/.claude/skills/dale/rules/positional-references.yml new file mode 100644 index 0000000000..af37e6f864 --- /dev/null +++ b/.claude/skills/dale/rules/positional-references.yml @@ -0,0 +1,3 @@ +message: "Avoid positional references like 'below', 'above', or 'as shown below'. Use 'the following' or a named anchor instead." +level: warning +reason: "This rule should trigger when the documentation uses spatial direction words like 'below', 'above', 'as shown below', or 'the above section' to reference other content." diff --git a/.claude/skills/dale/rules/wordiness.yml b/.claude/skills/dale/rules/wordiness.yml new file mode 100644 index 0000000000..0ddf933133 --- /dev/null +++ b/.claude/skills/dale/rules/wordiness.yml @@ -0,0 +1,3 @@ +message: "This sentence is wordy. A more concise, direct alternative is possible." +level: warning +reason: "This rule should trigger when the user or agent writes a wordy sentence when a more concise, direct alternative is possible without altering the meaning." \ No newline at end of file