From 4852d0b6bc8b066445c2032cc69b9613282826fd Mon Sep 17 00:00:00 2001 From: jth-nw Date: Tue, 12 May 2026 10:58:42 -0500 Subject: [PATCH 1/9] 1secure claudemd --- docs/1secure/CLAUDE.md | 81 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 81 insertions(+) create mode 100644 docs/1secure/CLAUDE.md diff --git a/docs/1secure/CLAUDE.md b/docs/1secure/CLAUDE.md new file mode 100644 index 0000000000..2f20439698 --- /dev/null +++ b/docs/1secure/CLAUDE.md @@ -0,0 +1,81 @@ +# CLAUDE.md + +This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository. + +## Product + +**Netwrix 1Secure** is a multi-tenant SaaS application (Azure-hosted) that helps Managed Service Providers (MSPs) audit on-premises and cloud environments across multiple client organizations. The primary audience is MSP IT staff and security analysts managing multiple client tenants. + +Always write "Netwrix 1Secure" on first mention; "1Secure" is acceptable thereafter. + +## Key Concepts + +| Term | Meaning | +|---|---| +| MSP | Managed Service Provider — the main user persona; manages multiple client orgs | +| Organization | A client tenant managed by the MSP within 1Secure | +| Site | A logical grouping of data sources within an organization | +| Source | A monitored environment (AD, Computer, Exchange Online, Entra ID, SharePoint Online, SQL Server) | +| Connector | The configuration that connects 1Secure to a specific source instance | +| Netwrix Cloud Agent | The on-premises agent that collects data and sends it to the 1Secure cloud | +| Risk Profile | A named set of risk metrics with thresholds; assigned to an organization | +| Risk Metric | A measurable security parameter (e.g., inactive accounts, stale permissions) | +| State-in-Time | A point-in-time snapshot report used for risk assessment | + +## Directory Structure + +1Secure is a **single-version** SaaS product — no version subdirectories. + +``` +docs/1secure/ +├── index.md # Product landing page +├── admin/ # Core product features and UI reference +│ ├── dashboard/ # Dashboard and alerts timeline +│ ├── organizations/ # Org management, users, roles, sources & connectors +│ │ ├── addingusers/ +│ │ └── sourcesandconnectors/ # Per-source connector setup steps +│ ├── datacollection/ # Data collection configuration (per source type) +│ │ ├── activedirectoryauditing/ +│ │ ├── computer/ +│ │ └── logonactivity/ +│ ├── riskprofiles/ # Risk profiles, metrics, dashboard +│ ├── searchandreports/ # Reports, filters, subscriptions, compliance +│ ├── alerts/ +│ └── login/ +├── configuration/ # Manual IT infrastructure configuration +│ ├── admanual/ # Manual AD audit configuration +│ ├── computer/ # Computer source config +│ ├── windowsserver/ # Windows Server config +│ ├── logonactivity/ # Logon Activity config +│ ├── sqlserver/ # SQL Server config +│ ├── gpmanual/ # Group Policy config +│ └── registerconfig/ # Classifier setup (registerconfig) +├── install/ # Agent installation +├── integration/ # Third-party integrations (ConnectWise, ServiceNow, SharePoint) +├── requirements/ # System requirements and data source prerequisites +├── security/ # Security, compliance, and data privacy topics +├── setup-and-configuration/ # Combined entry point linking setup topics +└── kb/ # Knowledge base / troubleshooting articles +``` + +## Frontmatter Pattern + +Every file uses this frontmatter: + +```yaml +--- +title: "Title here" +description: "Title here" +sidebar_position: +--- +``` + +`title` and `description` are always identical. Index/overview pages that use `DocCardList` to auto-list children don't need body content beyond a brief intro. + +## Content Patterns + +- **Index pages** (`overview.md`, `index.md`): Brief intro + `` to render child links. Import: `` `import DocCardList from '@theme/DocCardList';` `` inside a `` `mdx-code-block` `` fence. +- **Configuration sections** often have two paths: automatic (recommended, done through the UI when adding a source) and manual (step-by-step for environments requiring it). Always present both and lead with the automatic method. +- **`admin/datacollection/`** covers permissions and audit settings the agent needs on the monitored systems — distinct from **`configuration/`**, which covers manual OS/policy configuration steps the admin performs on the target environment. +- **`admin/organizations/sourcesandconnectors/`** covers UI steps to add sources and connectors in the 1Secure console — distinct from `configuration/`, which is infrastructure-side. +- Risk metric content lives in `admin/riskprofiles/metrics_list.md`; do not duplicate metric descriptions elsewhere. From 4bf2074e26531bb1b87f44a8a9987b2df54f4a52 Mon Sep 17 00:00:00 2001 From: TM-PO-Netwrix Date: Wed, 13 May 2026 13:10:02 +0200 Subject: [PATCH 2/9] Update NPS-D landing page: clean up title and add upgrade note Generated with AI Co-Authored-By: Claude Code --- docs/privilegesecurediscovery/2.22/index.md | 29 ++++++++++++--------- 1 file changed, 17 insertions(+), 12 deletions(-) diff --git a/docs/privilegesecurediscovery/2.22/index.md b/docs/privilegesecurediscovery/2.22/index.md index aab314aaf8..2fcb2e1e8d 100644 --- a/docs/privilegesecurediscovery/2.22/index.md +++ b/docs/privilegesecurediscovery/2.22/index.md @@ -1,19 +1,24 @@ --- -title: "Netwrix Privilege Secure for Discovery v2.22 Documentation" -description: "Netwrix Privilege Secure for Discovery v2.22 Documentation" +title: "Netwrix Privilege Secure for Discovery Documentation" +description: "Documentation for Netwrix Privilege Secure for Discovery" sidebar_position: 1 --- -# Netwrix Privilege Secure for Discovery v2.22 Documentation +# Netwrix Privilege Secure for Discovery Documentation -Netwrix Privilege Secure for Discovery v2.22 Documentation +Netwrix Privilege Secure for Discovery (formerly Remediant SecureONE) enables IT administrators +and security analysts to have dynamic and continuous visibility into their organization’s privileged +accounts and manage them from a single interface. Users then self-administer privilege access, +getting access to only the right resource, at the right moment and for the length of time they +need to complete their job. This approach eliminates standing privileges, effectively preventing +lateral movement attacks, and significantly reducing an organization’s attack surface. -# Netwrix Privilege Secure for Discovery v2.22 Documentation - -Netwrix Privilege Secure for Discovery (formerly Remediant SecureONE) enables IT administrators and -security analysts to have dynamic and continuous visibility into their organization's privileged -accounts and manage them from a single interface. Users then self-administer privilege access, getting -access to only the right resource, at the right moment and for the length of time they need to -complete their job. This approach eliminates standing privileges, effectively preventing lateral -movement attacks, and significantly reducing an organization’s attack surface. +:::note +The 2.22 release line is approaching end of support. The current release line (26.03 and later) +introduces new features and improvements, including native Microsoft Entra ID integration, +container-based deployment on standard Ubuntu machines, enhanced high-availability cluster +support, and ongoing security updates. Netwrix recommends upgrading to the latest release to +take advantage of these capabilities and continued support. Contact your Netwrix account +representative for upgrade guidance. +::: From a30aa4d80e931d726b0350b8ca264075139637cf Mon Sep 17 00:00:00 2001 From: TM-PO-Netwrix Date: Wed, 13 May 2026 13:10:37 +0200 Subject: [PATCH 3/9] Refine upgrade note wording on NPS-D landing page Generated with AI Co-Authored-By: Claude Code --- docs/privilegesecurediscovery/2.22/index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/privilegesecurediscovery/2.22/index.md b/docs/privilegesecurediscovery/2.22/index.md index 2fcb2e1e8d..113aa32624 100644 --- a/docs/privilegesecurediscovery/2.22/index.md +++ b/docs/privilegesecurediscovery/2.22/index.md @@ -16,8 +16,8 @@ lateral movement attacks, and significantly reducing an organization’s attack :::note The 2.22 release line is approaching end of support. The current release line (26.03 and later) introduces new features and improvements, including native Microsoft Entra ID integration, -container-based deployment on standard Ubuntu machines, enhanced high-availability cluster -support, and ongoing security updates. Netwrix recommends upgrading to the latest release to +container-based deployment on standard Ubuntu machines, and continued active development with +new capabilities delivered in each release. Netwrix recommends upgrading to the latest release to take advantage of these capabilities and continued support. Contact your Netwrix account representative for upgrade guidance. ::: From 2b517712090cc7916c7395d95bff2c9e94a407c7 Mon Sep 17 00:00:00 2001 From: TM-PO-Netwrix Date: Wed, 13 May 2026 13:15:51 +0200 Subject: [PATCH 4/9] Update container-based deployment version examples to 2.22.13 and 26.03.1 Generated with AI Co-Authored-By: Claude Code --- .../containerbaseddeployment/deploysecureone.md | 12 ++++++------ .../containerbaseddeployment/overview.md | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/privilegesecurediscovery/2.22/installation/containerbaseddeployment/deploysecureone.md b/docs/privilegesecurediscovery/2.22/installation/containerbaseddeployment/deploysecureone.md index 4406818dbe..c74e48c490 100644 --- a/docs/privilegesecurediscovery/2.22/installation/containerbaseddeployment/deploysecureone.md +++ b/docs/privilegesecurediscovery/2.22/installation/containerbaseddeployment/deploysecureone.md @@ -18,7 +18,7 @@ deployment script. ## Step 1 — Download the Quickstart Bundle Log in to the **primary node** via SSH and run the following command from your **home directory** -(`~/`). Replace `` and `` with the target release, for example `2.22.14` +(`~/`). Replace `` and `` with the target release, for example `2.22.13` and `2.22`: ```bash @@ -26,16 +26,16 @@ cd ~ wget https://releases.netwrix.com/products/privilegesecure-discovery//privilegesecure-discovery-quickstart-.zip ``` -**Example for 2.22.14:** +**Example for 2.22.13:** ```bash -wget https://releases.netwrix.com/products/privilegesecure-discovery/2.22/privilegesecure-discovery-quickstart-2.22.14.zip +wget https://releases.netwrix.com/products/privilegesecure-discovery/2.22/privilegesecure-discovery-quickstart-2.22.13.zip ``` -**Example for 26.03.2:** +**Example for 26.03.1:** ```bash -wget https://releases.netwrix.com/products/privilegesecure-discovery/26.03/privilegesecure-discovery-quickstart-26.03.2.zip +wget https://releases.netwrix.com/products/privilegesecure-discovery/26.03/privilegesecure-discovery-quickstart-26.03.1.zip ``` ## Step 2 — Extract the Bundle @@ -208,7 +208,7 @@ secondary nodes manually. | `--cluster` | Treat this node as part of a cluster deployment. | | `--primary` | Treat this node as the cluster primary. Requires `--cluster`. | | `--join-token ` | Manager join token from `generate-join-token`. Requires `--cluster`. The node joins the swarm as a manager after network setup. | -| `--version ` | Image tag to pull and deploy (for example `2.22.14`). Required for commands that pull images: `setup` and `upgrade`. | +| `--version ` | Image tag to pull and deploy (for example `2.22.13`). Required for commands that pull images: `setup` and `upgrade`. | | `-h`, `--help` | Show help and exit. | ### Environment Variables diff --git a/docs/privilegesecurediscovery/2.22/installation/containerbaseddeployment/overview.md b/docs/privilegesecurediscovery/2.22/installation/containerbaseddeployment/overview.md index 8b0256a9c3..5373eb8f5a 100644 --- a/docs/privilegesecurediscovery/2.22/installation/containerbaseddeployment/overview.md +++ b/docs/privilegesecurediscovery/2.22/installation/containerbaseddeployment/overview.md @@ -7,7 +7,7 @@ sidebar_position: 10 # Container-Based Deployment Overview :::note -Container-based deployment is available in NPS-D 2.22.14, 26.03.2, or later. +Container-based deployment is available in NPS-D 2.22.13, 26.03.1, or later. ::: Container-based deployment lets you deploy Privilege Secure Discovery (NPS-D) on standard Ubuntu From ad7cad10f2ebeba805070e2275203c512e5a694a Mon Sep 17 00:00:00 2001 From: TM-PO-Netwrix Date: Wed, 13 May 2026 13:19:52 +0200 Subject: [PATCH 5/9] Add release lines section to NPS-D landing page Generated with AI Co-Authored-By: Claude Code --- docs/privilegesecurediscovery/2.22/index.md | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/docs/privilegesecurediscovery/2.22/index.md b/docs/privilegesecurediscovery/2.22/index.md index 113aa32624..780fdcba40 100644 --- a/docs/privilegesecurediscovery/2.22/index.md +++ b/docs/privilegesecurediscovery/2.22/index.md @@ -13,12 +13,22 @@ getting access to only the right resource, at the right moment and for the lengt need to complete their job. This approach eliminates standing privileges, effectively preventing lateral movement attacks, and significantly reducing an organization’s attack surface. +## Release Lines + +NPS-D is available in two release lines: + +- **2.22** — Legacy release line, approaching end of support. +- **26.03 and later** — Current release line, actively developed with new features delivered on + a quarterly basis (26.03, 26.06, 26.09, and so on). This is the recommended line for all + new and existing deployments. + +This documentation covers both release lines. Where a feature or procedure applies only to a +specific release, it is noted inline. + :::note -The 2.22 release line is approaching end of support. The current release line (26.03 and later) -introduces new features and improvements, including native Microsoft Entra ID integration, -container-based deployment on standard Ubuntu machines, and continued active development with -new capabilities delivered in each release. Netwrix recommends upgrading to the latest release to -take advantage of these capabilities and continued support. Contact your Netwrix account +Netwrix recommends upgrading from 2.22 to the latest release to take advantage of new +capabilities, including native Microsoft Entra ID integration, container-based deployment on +standard Ubuntu machines, and continued active development. Contact your Netwrix account representative for upgrade guidance. ::: From 3bf1c2e7929a4a942226c0dcb9ccdece5b9b9de4 Mon Sep 17 00:00:00 2001 From: "claude[bot]" <41898282+claude[bot]@users.noreply.github.com> Date: Wed, 13 May 2026 11:23:49 +0000 Subject: [PATCH 6/9] fix(vale): auto-fix style issues (Vale + Dale) --- docs/privilegesecurediscovery/2.22/index.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/privilegesecurediscovery/2.22/index.md b/docs/privilegesecurediscovery/2.22/index.md index 780fdcba40..a8120b8bf3 100644 --- a/docs/privilegesecurediscovery/2.22/index.md +++ b/docs/privilegesecurediscovery/2.22/index.md @@ -9,7 +9,7 @@ sidebar_position: 1 Netwrix Privilege Secure for Discovery (formerly Remediant SecureONE) enables IT administrators and security analysts to have dynamic and continuous visibility into their organization’s privileged accounts and manage them from a single interface. Users then self-administer privilege access, -getting access to only the right resource, at the right moment and for the length of time they +getting access to only the right resource, at the right moment and for as long as they need to complete their job. This approach eliminates standing privileges, effectively preventing lateral movement attacks, and significantly reducing an organization’s attack surface. @@ -18,12 +18,12 @@ lateral movement attacks, and significantly reducing an organization’s attack NPS-D is available in two release lines: - **2.22** — Legacy release line, approaching end of support. -- **26.03 and later** — Current release line, actively developed with new features delivered on - a quarterly basis (26.03, 26.06, 26.09, and so on). This is the recommended line for all - new and existing deployments. +- **26.03 and later** — Current release line, actively developed with new features delivered + quarterly (26.03, 26.06, 26.09, and so on). This is the recommended line for all new and + existing deployments. This documentation covers both release lines. Where a feature or procedure applies only to a -specific release, it is noted inline. +specific release, an inline note calls this out. :::note Netwrix recommends upgrading from 2.22 to the latest release to take advantage of new From eb91b8c4b4b651a5bd5f6f5a930f7398f86b9c7e Mon Sep 17 00:00:00 2001 From: robin-stefani Date: Wed, 13 May 2026 10:25:10 -0400 Subject: [PATCH 7/9] Training may07 (#888) * Added newest LTTs for NEP and NTM * Updated NAA 3005 course, updated estimated length format for NAA course and LPs to match Netwrix University update * added new NIM 3721 course and updated affected LPs * Added new NAA 26 course (1020) updated affected LPs. Also renamed files to remove the + from NAA26 name. * fix(vale): auto-fix style issues (Vale + Dale) * fix(vale): auto-fix style issues (Vale + Dale) --------- Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com> --- .../learn-about/access-analyzer-data.md | 19 ++++++++++------- .../training/learn-about/access-analyzer.md | 4 ++-- .../training/learn-about/identity-manager.md | 7 +++++-- docs/customer/training/learn-about/index.md | 4 ++-- .../training/product/access-analyzer-data.md | 19 ++++++++++------- .../access-analyzer/active-directory.md | 2 +- .../access-analyzer/activity-monitor.md | 2 +- .../training/product/access-analyzer/core.md | 4 ++-- .../product/access-analyzer/exchange.md | 4 ++-- .../product/access-analyzer/file-system.md | 2 +- .../product/access-analyzer/sharepoint.md | 2 +- .../product/access-analyzer/windows.md | 2 +- .../training/product/identity-manager.md | 7 +++++-- docs/customer/training/product/index.md | 4 ++-- .../implementation/access-analyzer-26+.md | 20 ------------------ .../implementation/access-analyzer-26.md | 21 +++++++++++++++++++ .../partner/implementation/access-analyzer.md | 2 +- .../implementation/identity-manager.md | 9 +++++--- docs/partner/implementation/index.md | 2 +- ...-analyzer-26+.md => access-analyzer-26.md} | 13 ++++++------ docs/partner/presales/access-analyzer.md | 2 +- docs/partner/presales/identity-manager.md | 7 +++++-- docs/partner/presales/index.md | 8 +++---- src/training/access-analyzer-26+/2020.md | 9 -------- src/training/access-analyzer-26/1020.md | 9 ++++++++ src/training/access-analyzer-26/2020.md | 9 ++++++++ .../additional.md | 2 +- .../index.js | 1 + src/training/access-analyzer/3000.md | 2 +- src/training/access-analyzer/3001.md | 2 +- src/training/access-analyzer/3003.md | 2 +- src/training/access-analyzer/3004.md | 2 +- src/training/access-analyzer/3005.md | 8 +++---- src/training/access-analyzer/3007.md | 2 +- src/training/access-analyzer/4003.md | 2 +- src/training/access-analyzer/5000.md | 2 +- src/training/access-analyzer/5001.md | 2 +- src/training/access-analyzer/6001.md | 2 +- .../access-analyzer/connect-a-to-z.md | 2 +- .../access-analyzer/connect-everything.md | 2 +- src/training/activity-monitor/3002.md | 2 +- src/training/endpoint-protector/additional.md | 2 ++ src/training/identity-manager/3721.md | 9 ++++++++ src/training/identity-manager/index.js | 1 + src/training/threat-manager/additional.md | 2 +- 45 files changed, 142 insertions(+), 100 deletions(-) delete mode 100644 docs/partner/implementation/access-analyzer-26+.md create mode 100644 docs/partner/implementation/access-analyzer-26.md rename docs/partner/presales/{access-analyzer-26+.md => access-analyzer-26.md} (50%) delete mode 100644 src/training/access-analyzer-26+/2020.md create mode 100644 src/training/access-analyzer-26/1020.md create mode 100644 src/training/access-analyzer-26/2020.md rename src/training/{access-analyzer-26+ => access-analyzer-26}/additional.md (85%) rename src/training/{access-analyzer-26+ => access-analyzer-26}/index.js (69%) create mode 100644 src/training/identity-manager/3721.md diff --git a/docs/customer/training/learn-about/access-analyzer-data.md b/docs/customer/training/learn-about/access-analyzer-data.md index 1bd20a5c7d..b2245dd9c4 100644 --- a/docs/customer/training/learn-about/access-analyzer-data.md +++ b/docs/customer/training/learn-about/access-analyzer-data.md @@ -1,20 +1,23 @@ --- -title: Learn About Netwrix Access Analyzer 26+ Learning Path +title: Learn About Netwrix Access Analyzer 26 Learning Path sidebar_position: 335 -tags: [training, access-analyzer-26+] -keywords: [training, course, access analyzer 26+] -description: "Learn about Netwrix Access Analyzer 26+ through introductory courses" +tags: [training, access-analyzer-26] +keywords: [training, course, access analyzer 26] +description: "Learn about Netwrix Access Analyzer 26 through introductory courses" --- -import { NAA26Concepts } from '@site/src/training/access-analyzer-26+'; +import { NAA26Value, NAA26Concepts } from '@site/src/training/access-analyzer-26'; import { NAMIntro } from '@site/src/training/activity-monitor'; import { NAA, NAM } from '@site/src/training/products'; -Estimated length: 20 minutes +Estimated length: 35 minutes -In this learning path, you will learn how to use Netwrix Access Analyzer 26+. It contains the following courses: +In this learning path, you will learn how to use Netwrix Access Analyzer 26. It contains the following courses: -* 2020 26+ – Concepts & Architecture +* 1020 26 – Valuable Features +* 2020 26 – Concepts & Architecture + + diff --git a/docs/customer/training/learn-about/access-analyzer.md b/docs/customer/training/learn-about/access-analyzer.md index b422752b7e..470297abd2 100644 --- a/docs/customer/training/learn-about/access-analyzer.md +++ b/docs/customer/training/learn-about/access-analyzer.md @@ -10,9 +10,9 @@ import { NAAValue, NAAConcepts, NAAArchitecture, NAAIntro, AICIntro } from '@sit import { NAA, AIC } from '@site/src/training/products'; -Estimated length: 2.25 hours +Estimated length: 2 hours 22 minutes -In this learning path, you will be introduced to , formerly Netwrix Enterprise Auditor. It contains the following courses: +This learning path introduces you to , formerly Netwrix Enterprise Auditor. It contains the following courses: * 1000 – Valuable Features * 2000 – Concepts diff --git a/docs/customer/training/learn-about/identity-manager.md b/docs/customer/training/learn-about/identity-manager.md index db38d77496..a6622e3c98 100644 --- a/docs/customer/training/learn-about/identity-manager.md +++ b/docs/customer/training/learn-about/identity-manager.md @@ -6,11 +6,11 @@ keywords: [training, course, identity manager] description: "Learn about Netwrix Identity Manager through introductory courses" --- -import { NIMValue, NIMLifeCycle, NIMConcepts, NIMArchitecture, NIMProjectPlanning, NIMIntro } from '@site/src/training/identity-manager'; +import { NIMValue, NIMLifeCycle, NIMConcepts, NIMArchitecture, NIMProjectPlanning, NIMIntro, NIMReport } from '@site/src/training/identity-manager'; import { NIM } from '@site/src/training/products'; -Estimated length: 2 hours 40 minutes +Estimated length: 3 hours 5 minutes This learning path introduces you to , formerly Netwrix Usercube. It contains the following courses: @@ -20,6 +20,7 @@ This learning path introduces you to , formerly Netwrix Usercube. It cont * 2721 – Architecture * 2722 – IGA Project Planning * 3720 Introduction to +* 3721 – Reporting & Business Intelligence @@ -32,3 +33,5 @@ This learning path introduces you to , formerly Netwrix Usercube. It cont + + diff --git a/docs/customer/training/learn-about/index.md b/docs/customer/training/learn-about/index.md index c0f00e3ebf..1776151cd2 100644 --- a/docs/customer/training/learn-about/index.md +++ b/docs/customer/training/learn-about/index.md @@ -9,11 +9,11 @@ description: "Learn about Netwrix products through introductory courses" import { Company } from '@site/src/training/products'; -You can choose to self-enroll in "Learn About" learning paths available within the Learning Library. These learning paths introduce other products you may find useful: +You can self-enroll in "Learn About" learning paths available within the Learning Library. These learning paths introduce other products you may find useful: * [Learn About Netwrix 1Secure Learning Path](./1secure.md) * [Learn About Netwrix Access Analyzer Learning Path](./access-analyzer.md) -* [Learn About Netwrix Access Analyzer 26+ Learning Path](./access-analyzer-data.md) +* [Learn About Netwrix Access Analyzer 26 Learning Path](./access-analyzer-data.md) * [Learn About Netwrix Activity Monitor Learning Path](./activity-monitor.md) * [Learn About Netwrix Auditor Learning Path](./auditor.md) * [Learn About Netwrix Change Tracker Learning Path](./change-tracker.md) diff --git a/docs/customer/training/product/access-analyzer-data.md b/docs/customer/training/product/access-analyzer-data.md index ea4fa0d1c8..b0bf922318 100644 --- a/docs/customer/training/product/access-analyzer-data.md +++ b/docs/customer/training/product/access-analyzer-data.md @@ -1,20 +1,23 @@ --- -title: Netwrix Access Analyzer 26+ Learning Path +title: Netwrix Access Analyzer 26 Learning Path sidebar_position: 122 -tags: [getting-started, training, access-analyzer-26+, activity-monitor] -keywords: [training, course, access analyzer 26+, activity monitor] -description: "Learn to use Netwrix Access Analyzer 26+ through courses" +tags: [getting-started, training, access-analyzer-26, activity-monitor] +keywords: [training, course, access analyzer 26, activity monitor] +description: "Learn to use Netwrix Access Analyzer 26 through courses" --- -import { NAA26Concepts } from '@site/src/training/access-analyzer-26+'; +import { NAA26Value, NAA26Concepts } from '@site/src/training/access-analyzer-26'; import { NAMIntro } from '@site/src/training/activity-monitor'; import { NAA, NAM } from '@site/src/training/products'; -Estimated length: 20 minutes +Estimated length: 35 minutes -In this learning path, you will learn how to use Netwrix Access Analyzer 26+. It contains the following courses: +In this learning path, you will learn how to use Netwrix Access Analyzer 26. It contains the following courses: -* 2020 26+ – Concepts & Architecture +* 1020 26 – Valuable Features +* 2020 26 – Concepts & Architecture + + diff --git a/docs/customer/training/product/access-analyzer/active-directory.md b/docs/customer/training/product/access-analyzer/active-directory.md index e3c0e6b01a..78274d1632 100644 --- a/docs/customer/training/product/access-analyzer/active-directory.md +++ b/docs/customer/training/product/access-analyzer/active-directory.md @@ -11,7 +11,7 @@ import { NAMIntro } from '@site/src/training/activity-monitor'; import { NAA, AIC, NAM } from '@site/src/training/products'; -Estimated length: 6.5 hours +Estimated length: 6 hours 27 minutes In the – Active Directory learning path, you will learn how to use the Active Directory and Active Directory Permissions Analyzer solutions in this application, formerly Netwrix Enterprise Auditor / StealthAUDIT. It includes content for and . It contains the following courses: diff --git a/docs/customer/training/product/access-analyzer/activity-monitor.md b/docs/customer/training/product/access-analyzer/activity-monitor.md index 3308f29dd3..2f6580b728 100644 --- a/docs/customer/training/product/access-analyzer/activity-monitor.md +++ b/docs/customer/training/product/access-analyzer/activity-monitor.md @@ -10,7 +10,7 @@ import { NAMIntro, NAMFileSystem } from '@site/src/training/activity-monitor'; import { NAM } from '@site/src/training/products'; -Estimated length: 1.75 hours +Estimated length: 1 hour 20 minutes In the learning path, you will learn how to use this application. It contains the following courses: diff --git a/docs/customer/training/product/access-analyzer/core.md b/docs/customer/training/product/access-analyzer/core.md index 1591ce2187..efb07fe5d3 100644 --- a/docs/customer/training/product/access-analyzer/core.md +++ b/docs/customer/training/product/access-analyzer/core.md @@ -10,9 +10,9 @@ import { NAAValue, NAAConcepts, NAAArchitecture, NAAIntro, AICIntro, NAASensitiv import { NAA, AIC } from '@site/src/training/products'; -Estimated length: 3.75 hours +Estimated length: 3 hours 27 minutes -In the – Core learning path, you will learn how to use this application, formerly Netwrix Enterprise Auditor / StealthAUDIT. It covers the core content of this application, the , and the Sensitive Data Add-on and is applicable to all solutions. It contains the following courses: +In the – Core learning path, you will learn how to use this application, formerly Netwrix Enterprise Auditor / StealthAUDIT. It covers the core content of this application, the , and the Sensitive Data Add-on and applies to all solutions. It contains the following courses: * 1000 – Valuable Features * 2000 – Concepts diff --git a/docs/customer/training/product/access-analyzer/exchange.md b/docs/customer/training/product/access-analyzer/exchange.md index 62692dbaaf..59f6591ac9 100644 --- a/docs/customer/training/product/access-analyzer/exchange.md +++ b/docs/customer/training/product/access-analyzer/exchange.md @@ -10,9 +10,9 @@ import { NAAValue, NAAConcepts, NAAArchitecture, NAAIntro, AICIntro, NAAExchange import { NAA, AIC } from '@site/src/training/products'; -Estimated length: 3.75 hours +Estimated length: 3 hours 57 minutes -In the – Exchange learning path, you will learn how to use the Exchange solution in this application, formerly Netwrix Enterprise Auditor / StealthAUDIT. It covers the core content of this application, the , and the Sensitive Data Add-on and is applicable to all solutions. It contains the following courses: +In the – Exchange learning path, you will learn how to use the Exchange solution in this application, formerly Netwrix Enterprise Auditor / StealthAUDIT. It covers the core content of this application, the , and the Sensitive Data Add-on and applies to all solutions. It contains the following courses: * 1000 – Valuable Features * 2000 – Concepts diff --git a/docs/customer/training/product/access-analyzer/file-system.md b/docs/customer/training/product/access-analyzer/file-system.md index 00f36dec2c..995c03c880 100644 --- a/docs/customer/training/product/access-analyzer/file-system.md +++ b/docs/customer/training/product/access-analyzer/file-system.md @@ -11,7 +11,7 @@ import { NAMIntro } from '@site/src/training/activity-monitor'; import { NAA, AIC, NAM } from '@site/src/training/products'; -Estimated length: 8 hours +Estimated length: 5 hours 47 minutes In the – File System learning path, you will learn how to use the File System solution in this application, formerly Netwrix Enterprise Auditor / StealthAUDIT. It includes content for , , and the Sensitive Data Discovery Add-On. It contains the following courses: diff --git a/docs/customer/training/product/access-analyzer/sharepoint.md b/docs/customer/training/product/access-analyzer/sharepoint.md index 6c283c858f..f3eae91ccd 100644 --- a/docs/customer/training/product/access-analyzer/sharepoint.md +++ b/docs/customer/training/product/access-analyzer/sharepoint.md @@ -11,7 +11,7 @@ import { NAMIntro } from '@site/src/training/activity-monitor'; import { NAA, AIC, NAM } from '@site/src/training/products'; -Estimated length: 6.25 hours +Estimated length: 5 hours 32 minutes In the – SharePoint learning path, you will learn how to use the SharePoint solution in this application, formerly Netwrix Enterprise Auditor / StealthAUDIT. It includes content for , , and the Sensitive Data Discovery Add-On. It contains the following courses: diff --git a/docs/customer/training/product/access-analyzer/windows.md b/docs/customer/training/product/access-analyzer/windows.md index 7a98aeb225..52d8867290 100644 --- a/docs/customer/training/product/access-analyzer/windows.md +++ b/docs/customer/training/product/access-analyzer/windows.md @@ -10,7 +10,7 @@ import { NAAValue, NAAConcepts, NAAArchitecture, NAAIntro, AICIntro, NAAWindows, import { NAA, AIC } from '@site/src/training/products'; -Estimated length: 3.75 hours +Estimated length: 3 hours 52 minutes In the – Windows learning path, you will learn how to use the Windows solution in this application, formerly Netwrix Enterprise Auditor / StealthAUDIT. It includes content for the . It contains the following courses: diff --git a/docs/customer/training/product/identity-manager.md b/docs/customer/training/product/identity-manager.md index 7fc1ea382c..7b0632eca5 100644 --- a/docs/customer/training/product/identity-manager.md +++ b/docs/customer/training/product/identity-manager.md @@ -6,11 +6,11 @@ keywords: [training, course, identity manager] description: "Learn to use Netwrix Identity Manager through courses" --- -import { NIMValue, NIMLifeCycle, NIMConcepts, NIMArchitecture, NIMProjectPlanning, NIMIntro } from '@site/src/training/identity-manager'; +import { NIMValue, NIMLifeCycle, NIMConcepts, NIMArchitecture, NIMProjectPlanning, NIMIntro, NIMReport } from '@site/src/training/identity-manager'; import { Company, NIM } from '@site/src/training/products'; -Estimated length: 2 hours 40 minutes +Estimated length: 3 hours 5 minutes In this learning path, you will learn how to use . This product was formerly Netwrix Usercube. It contains the following courses: @@ -20,6 +20,7 @@ In this learning path, you will learn how to use . This product was forme * 2721 – Architecture * 2722 – IGA Project Planning * 3720 Introduction to +* 3721 – Reporting & Business Intelligence @@ -32,3 +33,5 @@ In this learning path, you will learn how to use . This product was forme + + \ No newline at end of file diff --git a/docs/customer/training/product/index.md b/docs/customer/training/product/index.md index 4efc01d691..c2c91f5152 100644 --- a/docs/customer/training/product/index.md +++ b/docs/customer/training/product/index.md @@ -6,7 +6,7 @@ keywords: [training, course] description: "Learn about the courses you are enrolled in for the Netwrix product you own" --- -You will be automatically enrolled in the product learning path for the products you own. Some products have solution-specific learning paths: +The Learning Library automatically enrolls you in the product learning path for the products you own. Some products have solution-specific learning paths: * [Netwrix 1Secure Learning Path](./1secure.md) * [Netwrix Access Analyzer Learning Paths](./access-analyzer/index.md) @@ -17,7 +17,7 @@ You will be automatically enrolled in the product learning path for the products * [Netwrix Access Analyzer – SharePoint Learning Path](./access-analyzer/sharepoint.md) * [Netwrix Access Analyzer – Windows Learning Path](./access-analyzer/windows.md) * [Netwrix Activity Monitor Learning Path](./access-analyzer/activity-monitor.md) -* [Netwrix Access Analyzer 26+ Learning Path](./access-analyzer-data.md) +* [Netwrix Access Analyzer 26 Learning Path](./access-analyzer-data.md) * [Netwrix Auditor Learning Path](./auditor.md) * [Netwrix Change Tracker Learning Path ](./change-tracker.md) * [Netwrix Data Classification Learning Path](./data-classification.md) diff --git a/docs/partner/implementation/access-analyzer-26+.md b/docs/partner/implementation/access-analyzer-26+.md deleted file mode 100644 index d7b150df44..0000000000 --- a/docs/partner/implementation/access-analyzer-26+.md +++ /dev/null @@ -1,20 +0,0 @@ ---- -title: Netwrix Access Analyzer 26+ Professional Services Engineer -sidebar_position: 1435 -tags: [partners, professional-services, access-analyzer-26+, activity-monitor] -keywords: [training, course, partners, professional services, access analyzer 26+, activity monitor] -description: "Learn about Netwrix Access Analyzer 26+" ---- - - -import { NAA26Concepts, NAA26Additional } from '@site/src/training/access-analyzer-26+'; -import { NAMAdditional } from '@site/src/training/activity-monitor'; -import { Company, NAA, NAM } from '@site/src/training/products'; - - -While certification isn't yet available, watch these recordings to learn about the newest product at . - - -* 2020 26+ – Concepts & Architecture - - diff --git a/docs/partner/implementation/access-analyzer-26.md b/docs/partner/implementation/access-analyzer-26.md new file mode 100644 index 0000000000..e56e459e59 --- /dev/null +++ b/docs/partner/implementation/access-analyzer-26.md @@ -0,0 +1,21 @@ +--- +title: Netwrix Access Analyzer 26 Professional Services Engineer +sidebar_position: 1435 +tags: [partners, professional-services, access-analyzer-26, activity-monitor] +keywords: [training, course, partners, professional services, access analyzer 26, activity monitor] +description: "Learn about Netwrix Access Analyzer 26" +--- + + +import { NAA26Value, NAA26Concepts, NAA26Additional } from '@site/src/training/access-analyzer-26'; +import { NAMAdditional } from '@site/src/training/activity-monitor'; +import { Company, NAA, NAM } from '@site/src/training/products'; + + +While certification isn't yet available, watch these recordings to learn about the newest product at . + + +* 1020 26 – Valuable Features +* 2020 26 – Concepts & Architecture + + diff --git a/docs/partner/implementation/access-analyzer.md b/docs/partner/implementation/access-analyzer.md index fd08b1387f..931b4c562c 100644 --- a/docs/partner/implementation/access-analyzer.md +++ b/docs/partner/implementation/access-analyzer.md @@ -12,7 +12,7 @@ import { NAMIntro, NAMAdditional } from '@site/src/training/activity-monitor'; import { Company, NAA, AIC, NAM } from '@site/src/training/products'; -Estimated length: 22.5 hours +Estimated length: 21 hours 47 minutes This learning path grants certification as a Professional Services Engineer for these products: diff --git a/docs/partner/implementation/identity-manager.md b/docs/partner/implementation/identity-manager.md index 3e698e5e72..6b9d99eb33 100644 --- a/docs/partner/implementation/identity-manager.md +++ b/docs/partner/implementation/identity-manager.md @@ -6,13 +6,13 @@ keywords: [training, course, certification, partners, professional services, ide description: "Become a certified Professional Services Engineer for Netwrix Identity Manager" --- -import { NIMValue, NIMLifeCycle, NIMConcepts, NIMArchitecture, NIMProjectPlanning, NIMAdditional, NIMIntro } from '@site/src/training/identity-manager'; +import { NIMValue, NIMLifeCycle, NIMConcepts, NIMArchitecture, NIMProjectPlanning, NIMIntro, NIMReport, NIMAdditional } from '@site/src/training/identity-manager'; import { Company, NIM } from '@site/src/training/products'; -Estimated length: 2 hours 40 minutes +Estimated length: 3 hours 5 minutes -This learning path offers training to partner Professional Services engineers on , formerly Netwrix Usercube. However, certification isn't available at this time. When the final courses are available to grant certification, this learning path will include them. You can continue from your current progress. It contains the following courses: +This learning path offers training to partner Professional Services engineers on , formerly Netwrix Usercube. However, certification isn't yet available. When the final courses are available to grant certification, this learning path will include them. You can continue from your current progress. It contains the following courses: * 1720 – Valuable Features * 1721 – Identity & Identity Life Cycle @@ -20,6 +20,7 @@ This learning path offers training to partner Professional Services * 2721 – Architecture * 2722 – IGA Project Planning * 3720 Introduction to +* 3721 – Reporting & Business Intelligence @@ -33,4 +34,6 @@ This learning path offers training to partner Professional Services + + \ No newline at end of file diff --git a/docs/partner/implementation/index.md b/docs/partner/implementation/index.md index 3b7765e4d6..cfb0b0a90e 100644 --- a/docs/partner/implementation/index.md +++ b/docs/partner/implementation/index.md @@ -16,7 +16,7 @@ The following learning paths provide Partner certification for Professional Serv * [Netwrix Privilege Secure Professional Services Engineer](./privilege-secure.md) The following learning paths provide product training for Professional Services engineers, but certification isn't available: -* [Netwrix Access Analyzer 26+ – Professional Services Engineer](./access-analyzer-26+.md) +* [Netwrix Access Analyzer 26 – Professional Services Engineer](./access-analyzer-26.md) * [Netwrix Change Tracker – Professional Services Engineer](./change-tracker.md) * [Netwrix Identity Manager – Professional Services Engineer](./identity-manager.md) * [Netwrix Password Secure – Professional Services Engineer](./password-secure.md) diff --git a/docs/partner/presales/access-analyzer-26+.md b/docs/partner/presales/access-analyzer-26.md similarity index 50% rename from docs/partner/presales/access-analyzer-26+.md rename to docs/partner/presales/access-analyzer-26.md index d71a6ef153..dbffa0005f 100644 --- a/docs/partner/presales/access-analyzer-26+.md +++ b/docs/partner/presales/access-analyzer-26.md @@ -1,13 +1,13 @@ --- -title: Netwrix Access Analyzer 26+ Presales Engineer +title: Netwrix Access Analyzer 26 Presales Engineer sidebar_position: 1245 -tags: [partners, presales, access-analyzer-26+, activity-monitor] -keywords: [training, course, partners, presales, access analyzer 26+, activity monitor] -description: "Learn about Netwrix Access Analyzer 26+" +tags: [partners, presales, access-analyzer-26, activity-monitor] +keywords: [training, course, partners, presales, access analyzer 26, activity monitor] +description: "Learn about Netwrix Access Analyzer 26" --- -import { NAA26Concepts, NAA26Additional } from '@site/src/training/access-analyzer-26+'; +import { NAA26Value, NAA26Concepts, NAA26Additional } from '@site/src/training/access-analyzer-26'; import { NAMAdditional } from '@site/src/training/activity-monitor'; import { Company, NAA, NAM } from '@site/src/training/products'; @@ -15,6 +15,7 @@ import { Company, NAA, NAM } from '@site/src/training/products'; While certification isn't yet available, watch these recordings to learn about the newest product at . -* 2020 26+ – Concepts & Architecture +* 1020 26 – Valuable Features +* 2020 26 – Concepts & Architecture diff --git a/docs/partner/presales/access-analyzer.md b/docs/partner/presales/access-analyzer.md index 714c9d5fc5..8951350e49 100644 --- a/docs/partner/presales/access-analyzer.md +++ b/docs/partner/presales/access-analyzer.md @@ -12,7 +12,7 @@ import { NAMIntro, NAMAdditional } from '@site/src/training/activity-monitor'; import { Company, NAA, AIC, NAM } from '@site/src/training/products'; -Estimated length: 8.5 hours +Estimated length: 8 hours 54 minutes This learning path grants certification as a Presales Engineer for these products: diff --git a/docs/partner/presales/identity-manager.md b/docs/partner/presales/identity-manager.md index 59a590b3f4..ba39d2a161 100644 --- a/docs/partner/presales/identity-manager.md +++ b/docs/partner/presales/identity-manager.md @@ -7,11 +7,11 @@ description: "Become a certified Presales Engineer for Netwrix Identity Manager" --- -import { NIMValue, NIMLifeCycle, NIMConcepts, NIMArchitecture, NIMProjectPlanning, NIMDemo, NIMAdditional, NIMIntro } from '@site/src/training/identity-manager'; +import { NIMValue, NIMLifeCycle, NIMConcepts, NIMArchitecture, NIMProjectPlanning, NIMIntro, NIMReport, NIMDemo, NIMAdditional } from '@site/src/training/identity-manager'; import { Company, NIM } from '@site/src/training/products'; -Estimated length: 4 hours 22 minutes +Estimated length: 4 hours 47 minutes Prerequisite: Sales Professional learning path @@ -23,6 +23,7 @@ This learning path grants certification as a Presales Engineer for t * 2721 – Architecture * 2722 – IGA Project Planning * 3720 Introduction to +* 3721 – Reporting & Business Intelligence * 5720 – Demo the Basic Use Cases @@ -37,6 +38,8 @@ This learning path grants certification as a Presales Engineer for t + + diff --git a/docs/partner/presales/index.md b/docs/partner/presales/index.md index aaad913d7f..7b608a7563 100644 --- a/docs/partner/presales/index.md +++ b/docs/partner/presales/index.md @@ -12,24 +12,24 @@ The following learning paths provide Partner certification for Presales Engineer * AI Governance * [Netwrix 1Secure Core Presales Engineer](./1secure-core.md) * [Netwrix Access Analyzer Presales Engineer](./access-analyzer.md) - * [Netwrix Access Analyzer 26+ Presales Engineer](./access-analyzer-26+.md) + * [Netwrix Access Analyzer 26 Presales Engineer](./access-analyzer-26.md) * [Netwrix Endpoint Protector Presales Engineer](./endpoint-protector.md) * Data Security Posture Management * [Netwrix 1Secure Core Presales Engineer](./1secure-core.md) * [Netwrix Access Analyzer Presales Engineer](./access-analyzer.md) - * [Netwrix Access Analyzer 26+ Presales Engineer](./access-analyzer-26+.md) + * [Netwrix Access Analyzer 26 Presales Engineer](./access-analyzer-26.md) * [Netwrix Endpoint Protector Presales Engineer](./endpoint-protector.md) * Data Access Governance * [Netwrix 1Secure Core Presales Engineer](./1secure-core.md) * [Netwrix Access Analyzer Presales Engineer](./access-analyzer.md) - * [Netwrix Access Analyzer 26+ Presales Engineer](./access-analyzer-26+.md) + * [Netwrix Access Analyzer 26 Presales Engineer](./access-analyzer-26.md) * Data Loss Prevention * [Netwrix 1Secure Core Presales Engineer](./1secure-core.md) * [Netwrix Endpoint Protector Presales Engineer](./endpoint-protector.md) * Data Discovery & Classification * [Netwrix 1Secure Core Presales Engineer](./1secure-core.md) * [Netwrix Access Analyzer Presales Engineer](./access-analyzer.md) - * [Netwrix Access Analyzer 26+ Presales Engineer](./access-analyzer-26+.md) + * [Netwrix Access Analyzer 26 Presales Engineer](./access-analyzer-26.md) * [Netwrix Data Classification Presales Engineer](./data-classification.md) * Identity Security * Identity Threat Detection & Response diff --git a/src/training/access-analyzer-26+/2020.md b/src/training/access-analyzer-26+/2020.md deleted file mode 100644 index d868d5987f..0000000000 --- a/src/training/access-analyzer-26+/2020.md +++ /dev/null @@ -1,9 +0,0 @@ -import { NAA } from '@site/src/training/products'; - -## 2020 26+ – Concepts & Architecture - -Recommended prerequisite: None - -The Netwrix Access Analyzer 26+ – Concepts & Architecture course provides an understanding of the application concepts and architecture. - -Estimated length: 20 minutes diff --git a/src/training/access-analyzer-26/1020.md b/src/training/access-analyzer-26/1020.md new file mode 100644 index 0000000000..a9504f51ee --- /dev/null +++ b/src/training/access-analyzer-26/1020.md @@ -0,0 +1,9 @@ +import { NAA } from '@site/src/training/products'; + +## 1020 26 – Valuable Features + +Recommended prerequisite: none + +The 26 – Valuable Features course provides a comprehensive overview of how to unify data protection across all your sources, automate governance, and maintain control over AI adoption. In this course, you will explore how to streamline sensitive data discovery, access management, and compliance reporting — regardless of where your data lives. You will also learn how 26 helps eliminate complexity, strengthen your security posture, and confidently manage today's evolving risks. + +Estimated length: 15 minutes diff --git a/src/training/access-analyzer-26/2020.md b/src/training/access-analyzer-26/2020.md new file mode 100644 index 0000000000..51031c00df --- /dev/null +++ b/src/training/access-analyzer-26/2020.md @@ -0,0 +1,9 @@ +import { NAA } from '@site/src/training/products'; + +## 2020 26 – Concepts & Architecture + +Recommended prerequisite: 1020 26 – Valuable Features + +The 26 – Concepts & Architecture course provides an understanding of the application concepts and architecture. + +Estimated length: 20 minutes diff --git a/src/training/access-analyzer-26+/additional.md b/src/training/access-analyzer-26/additional.md similarity index 85% rename from src/training/access-analyzer-26+/additional.md rename to src/training/access-analyzer-26/additional.md index 834f827a7c..d80ab64385 100644 --- a/src/training/access-analyzer-26+/additional.md +++ b/src/training/access-analyzer-26/additional.md @@ -1,6 +1,6 @@ import { NAA } from '@site/src/training/products'; -## Additional 26+ Courses for Partners +## Additional 26 Courses for Partners The following courses are available for self-enrollment through the Learning Library: diff --git a/src/training/access-analyzer-26+/index.js b/src/training/access-analyzer-26/index.js similarity index 69% rename from src/training/access-analyzer-26+/index.js rename to src/training/access-analyzer-26/index.js index 7ffa1cb1b4..9ef81d9b74 100644 --- a/src/training/access-analyzer-26+/index.js +++ b/src/training/access-analyzer-26/index.js @@ -1,2 +1,3 @@ +export { default as NAA26Value } from './1020.md'; export { default as NAA26Concepts } from './2020.md'; export { default as NAA26Additional } from './additional.md'; diff --git a/src/training/access-analyzer/3000.md b/src/training/access-analyzer/3000.md index 22af7b0207..103010c19c 100644 --- a/src/training/access-analyzer/3000.md +++ b/src/training/access-analyzer/3000.md @@ -12,4 +12,4 @@ The Introduction to course enables users to get up and running with the This product was formerly named Netwrix Enterprise Auditor. -Estimated length: 1.25 hours +Estimated length: 1 hour 10 minutes diff --git a/src/training/access-analyzer/3001.md b/src/training/access-analyzer/3001.md index d8363ff8d6..066585d7ca 100644 --- a/src/training/access-analyzer/3001.md +++ b/src/training/access-analyzer/3001.md @@ -9,4 +9,4 @@ The Introduction to course enables users to get up and running with the * Configuration * Resource Audits -Estimated length: 25 minutes +Estimated length: 45 minutes diff --git a/src/training/access-analyzer/3003.md b/src/training/access-analyzer/3003.md index baddbdf076..e6f224c09c 100644 --- a/src/training/access-analyzer/3003.md +++ b/src/training/access-analyzer/3003.md @@ -12,4 +12,4 @@ The – File System course enables users to get up and running with this This product was formerly named Netwrix Enterprise Auditor / StealthAUDIT. -Estimated length: 1.5 hours +Estimated length: 1 hour 30 minutes diff --git a/src/training/access-analyzer/3004.md b/src/training/access-analyzer/3004.md index bb60a38302..3e8012eb0d 100644 --- a/src/training/access-analyzer/3004.md +++ b/src/training/access-analyzer/3004.md @@ -11,4 +11,4 @@ The – Active Directory course enables users to get up and running with This product was formerly named Netwrix Enterprise Auditor. -Estimated length: 1.5 hours +Estimated length: 1 hour 30 minutes diff --git a/src/training/access-analyzer/3005.md b/src/training/access-analyzer/3005.md index 8d8ebc2f88..3b54201319 100644 --- a/src/training/access-analyzer/3005.md +++ b/src/training/access-analyzer/3005.md @@ -2,13 +2,13 @@ import { NAA, AIC } from '@site/src/training/products'; ## 3005 – Active Directory Permissions Analyzer -Recommended prerequisite: 3000 Introduction to +Recommended prerequisite: 3004 – Active Directory -The – Active Directory Permissions Analyzer course enables users to get up and running with this solution. It contains the following modules: +The – Active Directory Permissions Analyzer course provides an understanding of the key reports generated by the solution. This course consists of two modules: -* Active Directory Permissions Analyzer Solution +* – Active Directory Permissions Analyzer Reports * – Active Directory This product was formerly named Netwrix Enterprise Auditor / StealthAUDIT. -Estimated length: 45 minutes +Estimated length: 55 minutes diff --git a/src/training/access-analyzer/3007.md b/src/training/access-analyzer/3007.md index 8827514243..e02bd1423f 100644 --- a/src/training/access-analyzer/3007.md +++ b/src/training/access-analyzer/3007.md @@ -11,4 +11,4 @@ The – SharePoint course enables users to get up and running with this This product was formerly named Netwrix Enterprise Auditor / StealthAUDIT. -Estimated length: 1.25 hours +Estimated length: 1 hour 15 minutes diff --git a/src/training/access-analyzer/4003.md b/src/training/access-analyzer/4003.md index db16d08d0a..d1fc44ea8a 100644 --- a/src/training/access-analyzer/4003.md +++ b/src/training/access-analyzer/4003.md @@ -6,4 +6,4 @@ Recommended prerequisite: 3003 – File System The – Advanced File System course takes a deeper dive into the use of applet and proxy scan mode options, usage, and best practices. This product was formerly named Netwrix Enterprise Auditor / StealthAUDIT. -Estimated length: 1.5 hours +Estimated length: 1 hour 30 minutes diff --git a/src/training/access-analyzer/5000.md b/src/training/access-analyzer/5000.md index 76b58413f2..f0f7851c0b 100644 --- a/src/training/access-analyzer/5000.md +++ b/src/training/access-analyzer/5000.md @@ -17,4 +17,4 @@ The – Demo the Basic Use Cases course provides you with the ability to When you complete this course, you will understand the scenario and demonstration talking points for each use case. -Estimated length: 25 minutes +Estimated length: 32 minutes diff --git a/src/training/access-analyzer/5001.md b/src/training/access-analyzer/5001.md index 0539cebce9..9129d559c2 100644 --- a/src/training/access-analyzer/5001.md +++ b/src/training/access-analyzer/5001.md @@ -16,4 +16,4 @@ The – How to Implement course provides an understanding of how to impl was formerly Netwrix Enterprise Auditor. -Estimated length: 3.5 hours +Estimated length: 2 hours 37 minutes diff --git a/src/training/access-analyzer/6001.md b/src/training/access-analyzer/6001.md index b35133bff7..698b0a9422 100644 --- a/src/training/access-analyzer/6001.md +++ b/src/training/access-analyzer/6001.md @@ -6,4 +6,4 @@ Prerequisite: 5001 – How to Implement The – Professional Services Lab Experience provides you with an opportunity to validate you are ready to implement this product within a customer environment. You will be provided with a training lab environment where you can implement the product as if it were in a customer’s environment. -Estimated length: 3.5 hours +Estimated length: 3 hours 50 minutes diff --git a/src/training/access-analyzer/connect-a-to-z.md b/src/training/access-analyzer/connect-a-to-z.md index 75292a00c3..f499da0e71 100644 --- a/src/training/access-analyzer/connect-a-to-z.md +++ b/src/training/access-analyzer/connect-a-to-z.md @@ -4,4 +4,4 @@ import { Company, NAA } from '@site/src/training/products'; In this session, our experts will walk through the details of implementing custom use cases and workflows within . Learn the to-do's and not-to-do's when creating custom jobs, take a deep dive into the most commonly used data collectors, analysis and action modules used, and understand the general principals to be considered for long term deployments. This product was formerly named Netwrix Enterprise Auditor/StealthAUDIT. -Estimated length: 1.5 hours +Estimated length: 1 hour 29 minutes diff --git a/src/training/access-analyzer/connect-everything.md b/src/training/access-analyzer/connect-everything.md index f4c1396885..07be1f2dd3 100644 --- a/src/training/access-analyzer/connect-everything.md +++ b/src/training/access-analyzer/connect-everything.md @@ -4,4 +4,4 @@ import { Company, NAA } from '@site/src/training/products'; During this demo-heavy session we will take a deep dive into the most critical features and fixes delivered in v11.6 and provide a sneak peak into the new functionality in alpha testing for the next major release. Attendees of this session will learn valuable tools to scale their DAG deployments using features like sensitive data parallelism and concurrent scanning, understand some of the advanced Active Directory and Entra ID Security use cases and reports, and gain valuable insight into upcoming roadmap features. This product was formerly named Netwrix Enterprise Auditor/StealthAUDIT. -Estimated length: 1.5 hours +Estimated length: 1 hour 4 minutes diff --git a/src/training/activity-monitor/3002.md b/src/training/activity-monitor/3002.md index 8a2655b9eb..936800a53b 100644 --- a/src/training/activity-monitor/3002.md +++ b/src/training/activity-monitor/3002.md @@ -12,4 +12,4 @@ The Introduction to the course provides you with an understanding of how This product was formerly named Stealthbits Activity Monitor, or SAM. -Estimated length: 70 minutes +Estimated length: 50 minutes diff --git a/src/training/endpoint-protector/additional.md b/src/training/endpoint-protector/additional.md index 240c54e7e5..47c82a9ea6 100644 --- a/src/training/endpoint-protector/additional.md +++ b/src/training/endpoint-protector/additional.md @@ -4,6 +4,8 @@ import { NEP } from '@site/src/training/products'; The following courses are available for self-enrollment through the Learning Library: +* What's New in Netwrix Endpoint Protector v2605 +* What's New in Netwrix Endpoint Protector v2604 * What's New in Netwrix Endpoint Protector v2602 * What's New in Netwrix Endpoint Protector v2601 * What's New in Netwrix Endpoint Protector — Client v2511 diff --git a/src/training/identity-manager/3721.md b/src/training/identity-manager/3721.md new file mode 100644 index 0000000000..6400cecb41 --- /dev/null +++ b/src/training/identity-manager/3721.md @@ -0,0 +1,9 @@ +import { NIM } from '@site/src/training/products'; + +## 3721 – Reporting & Business Intelligence + +Recommended prerequisite: 3720 Introduction to + +The – Reporting & Business Intelligence course provides guidance on using operational reports, custom queries, universes, and Power BI integration to support effective reporting. was formerly Netwrix Usercube. + +Estimated length: 25 minutes diff --git a/src/training/identity-manager/index.js b/src/training/identity-manager/index.js index d84a4c1242..9a78b222a1 100644 --- a/src/training/identity-manager/index.js +++ b/src/training/identity-manager/index.js @@ -4,5 +4,6 @@ export { default as NIMConcepts } from './2720.md'; export { default as NIMArchitecture } from './2721.md'; export { default as NIMProjectPlanning } from './2722.md'; export { default as NIMIntro } from './3720.md'; +export { default as NIMReport } from './3721.md'; export { default as NIMDemo } from './5720.md'; export { default as NIMAdditional } from './additional.md'; diff --git a/src/training/threat-manager/additional.md b/src/training/threat-manager/additional.md index 2bb9b126de..a18ba5cee1 100644 --- a/src/training/threat-manager/additional.md +++ b/src/training/threat-manager/additional.md @@ -10,8 +10,8 @@ This product was formerly named Netwrix StealthDEFEND. ::: +* What's New in v3.2 * New MCP Server for -* What's New in v3.1 * Protect your Active Directory Against Common Cyber Threats * Top 5 Issues in * Deployment Best Practices From f1decca35becef6f6eaa2020625d1d195a8051b0 Mon Sep 17 00:00:00 2001 From: jth-nw Date: Wed, 13 May 2026 09:30:08 -0500 Subject: [PATCH 8/9] fix(vale+dale): auto-fix style issues across all 1Secure docs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Ran Vale and Dale across all 127 user-facing markdown files in docs/1secure/ and fixed all 521 Vale warnings/suggestions and all Dale violations found. Vale fixes: contractions, dropdown/checkbox spelling, Oxford comma, FollowTheStepsTo restructuring, AllowsYouTo rewrites, WeakLinkText, MakeSure, TypeVsEnter, Plurals, LoginVerb, BoilerplateCrossRef. Dale fixes: future tense → present tense throughout, passive voice → active voice, positional references (below/above → "the following"), hedging language → direct imperatives, conditional-without-imperative → direct "To X, do Y" form, wordiness, minimizing-difficulty (easily/ simply removed), idioms, undefined acronyms (MSP, SSO defined on first use). Also fixed pre-existing broken links (Windows backslashes) in three files that caused an infinite loop in the pre-commit hook. Generated with AI Co-Authored-By: Claude Code --- docs/1secure/admin/alerts/alerts.md | 37 ++++--- docs/1secure/admin/alerts/overview.md | 23 ++-- .../1secure/admin/dashboard/alertstimeline.md | 22 ++-- .../admin/dashboard/organizationstatistics.md | 6 +- docs/1secure/admin/dashboard/overview.md | 18 ++-- .../activedirectoryauditing.md | 12 +-- .../activedirectoryauditing/auditlogging.md | 19 ++-- .../activedirectoryauditing/auditlogsrole.md | 4 +- .../activedirectoryauditing/logonasbatch.md | 8 +- .../manageauditingsecuritylog.md | 8 +- .../permissionsadcontainer.md | 6 +- .../permissionsregistrykeys.md | 14 ++- .../computer/backupfilesdirectories.md | 14 ++- .../admin/datacollection/computer/overview.md | 3 +- docs/1secure/admin/datacollection/entraid.md | 14 +-- .../admin/datacollection/exchangeonline.md | 11 +- docs/1secure/admin/datacollection/gmsa.md | 61 +++++------ .../networkaccess/networkaccess.md | 8 +- .../nonadminaccount/nondomainadmin.md | 15 +-- .../datacollection/logonactivity/overview.md | 20 ++-- docs/1secure/admin/datacollection/overview.md | 10 +- .../admin/datacollection/sharepointonline.md | 21 ++-- docs/1secure/admin/howitworks.md | 10 +- docs/1secure/admin/login/login.md | 40 ++++--- docs/1secure/admin/login/sso.md | 36 +++---- docs/1secure/admin/notifications.md | 11 +- .../organizations/addingusers/addingusers.md | 57 +++++----- .../admin/organizations/addorganizations.md | 12 +-- docs/1secure/admin/organizations/addsites.md | 14 +-- .../admin/organizations/billableaccounts.md | 4 +- .../organizations/managemyorganization.md | 6 +- .../organizations/managingcredentials.md | 7 +- .../admin/organizations/organizationgroups.md | 14 +-- docs/1secure/admin/organizations/overview.md | 10 +- .../sourcesandconnectors/activedirectory.md | 30 +++--- .../sourcesandconnectors/computer.md | 34 +++--- .../sourcesandconnectors/entraid.md | 12 +-- .../sourcesandconnectors/exchangeonline.md | 8 +- .../sourcesandconnectors/overview.md | 2 +- .../sourcesandconnectors/sharepointonline.md | 31 +++--- .../sourcesandconnectors/sqlserver.md | 22 ++-- .../organizations/viewtabsanddashboard.md | 6 +- docs/1secure/admin/overview.md | 8 +- .../admin/riskprofiles/metrics_list.md | 10 +- .../riskprofiles/riskassessmentdashboard.md | 100 ++++++++---------- .../1secure/admin/riskprofiles/riskmetrics.md | 36 +++---- .../admin/riskprofiles/riskprofiles.md | 16 +-- .../admin/searchandreports/activity.md | 44 ++++---- .../admin/searchandreports/applyfilters.md | 33 +++--- .../admin/searchandreports/auditlogs.md | 14 +-- .../admin/searchandreports/billableusers.md | 10 +- .../admin/searchandreports/compliance.md | 75 +++++++------ .../admin/searchandreports/customreports.md | 27 +++-- .../admin/searchandreports/exportreport.md | 10 +- .../admin/searchandreports/filteroperators.md | 18 ++-- .../admin/searchandreports/overview.md | 12 +-- .../admin/searchandreports/stateintime.md | 42 ++++---- .../admin/searchandreports/subscriptions.md | 58 +++++----- docs/1secure/admin/searchandreports/system.md | 12 +-- docs/1secure/admin/statuses.md | 9 +- docs/1secure/admin/updatenetwrixcloudagent.md | 29 +++-- .../configuration/admanual/admanual.md | 10 +- .../configuration/admanual/advancedpolicy.md | 10 +- docs/1secure/configuration/admanual/auto.md | 4 +- .../configuration/admanual/cfgmanual.md | 12 +-- .../admanual/domainauditpolicies.md | 2 +- .../admanual/grouppolicymanagementconsole.md | 12 +-- .../configuration/admanual/objectlevel.md | 31 +++--- .../admanual/protocolsandports.md | 6 +- .../admanual/secondarylogonservice.md | 2 +- .../configuration/computer/advancedpolicy.md | 16 +-- .../configuration/computer/eventlog.md | 16 +-- .../computer/fileserversandantivirus.md | 11 +- .../configuration/computer/firewallrules.md | 6 +- .../configuration/computer/localpolicy.md | 4 +- .../configuration/computer/objectlevel.md | 8 +- .../configuration/computer/overview.md | 57 +++++----- .../computer/protocolsandports.md | 6 +- .../computer/remoteregistryservice.md | 6 +- .../configureitinfrastructure.md | 6 +- .../configuration/exchangeonlinenonowner.md | 33 +++--- .../configuration/gpmanual/overview.md | 19 ++-- .../configuration/gpmanual/permissions.md | 31 +++--- .../logonactivity/advancedaudit.md | 10 +- .../logonactivity/basicauditpolicies.md | 2 +- .../logonactivity/firewallrules.md | 7 +- .../logonactivity/securitylogsize.md | 2 +- .../networktrafficcompression.md | 18 ++-- docs/1secure/configuration/overview.md | 6 +- .../1secure-classifier-setup-guide.md | 16 +-- .../registerconfig/permissions.md | 2 +- .../registerconfig/registerconfig.md | 46 ++++---- .../sqlserver/configuringtracelogging.md | 10 +- .../configuration/sqlserver/overview.md | 6 +- .../configuration/sqlserver/permissions.md | 9 +- .../windowsserver/advancedpolicy.md | 23 ++-- .../configuration/windowsserver/dhcp.md | 4 +- .../configuration/windowsserver/eventlog.md | 36 +++---- .../windowsserver/localpolicy.md | 14 +-- .../configuration/windowsserver/overview.md | 13 +-- .../windowsserver/persistenttimestamp.md | 3 +- .../windowsserver/remoteregistry.md | 6 +- .../windowsserver/windowsregistry.md | 10 +- docs/1secure/install/installagent.md | 11 +- docs/1secure/install/overview.md | 3 +- docs/1secure/integration/connectwise.md | 15 ++- docs/1secure/integration/overview.md | 11 +- docs/1secure/integration/servicenow.md | 18 ++-- docs/1secure/integration/sharepointonline.md | 13 ++- .../requirements/CloudAgentRequirements.md | 17 ++- .../prerequisitesfordatasources.md | 8 +- docs/1secure/security/compliance.md | 4 +- docs/1secure/security/customerdataprivacy.md | 13 ++- docs/1secure/security/datasecurity.md | 2 +- docs/1secure/security/overview.md | 13 +-- docs/1secure/setup-and-configuration/index.md | 8 +- 116 files changed, 941 insertions(+), 1029 deletions(-) diff --git a/docs/1secure/admin/alerts/alerts.md b/docs/1secure/admin/alerts/alerts.md index cb8d2a38d2..79adb4ccad 100644 --- a/docs/1secure/admin/alerts/alerts.md +++ b/docs/1secure/admin/alerts/alerts.md @@ -20,7 +20,7 @@ You can access the generated alerts in the following ways: [Manage Delivery Settings for an Alert Profile](overview.md#manage-delivery-settings-for-an-alert-profile) topic for setting up email notifications. -Follow the steps to view the alerts within an alert profile. +**To view the alerts within an alert profile:** **Step 1 –** Navigate to Configuration > Alerts. @@ -41,12 +41,12 @@ You can view the following for each alert in the list: - Threshold Period – The threshold period set for the alert. The threshold period is the maximum duration, starting from the first activity record, within which the specified number of activity records (threshold) must occur to trigger an alert. -- Batching Period – The batching period set for the alert. The batching period feature allows you to +- Batching Period – The batching period set for the alert. With the batching period feature, you can receive a single notification that includes all alerts triggered during the specified period. ## Add a Custom Alert -Follow the steps to add a custom alert. +**To add a custom alert:** **Step 1 –** Navigate to Configuration > Alerts. @@ -56,7 +56,7 @@ Follow the steps to add a custom alert. ![New Alert Pane](/images/1secure/admin/alerts/addcustomalert.webp) -**Step 4 –** Select a custom report from the Report drop-down menu to trigger the alert when a new +**Step 4 –** Select a custom report from the Report dropdown menu to trigger the alert when a new record is generated for the report. See the [ Custom Reports](/docs/1secure/admin/searchandreports/customreports.md) topic for additional information. @@ -65,11 +65,11 @@ topic for additional information. **Step 6 –** Toggle the **Is Active** switch to ON to activate the alert. Notifications are sent for active alerts only. -**Step 7 –** Toggle the **Is Grouped** switch to ON, which displays the Grouped On drop-down menu. +**Step 7 –** Toggle the **Is Grouped** switch to ON, which displays the Grouped On dropdown menu. When grouping is enabled, alerts are organized based on the criteria you select in the _Grouped On_ -drop-down menu. +dropdown menu. -**Step 8 –** Select one of the following options from the **Grouped On** drop-down menu: +**Step 8 –** Select one of the following options from the **Grouped On** dropdown menu: - Who – Groups alerts with respect to the user who performed the activity (deleted an account, created a record, etc.) @@ -79,14 +79,14 @@ drop-down menu. file, etc. Example: You have two users, User 1 and User 2, each performing different actions. By setting -"Grouped On" to "Who", alerts will be generated per user, resulting in two separate alerts — one for -User 1 and another for User 2. Each alert will include only the activity associated with that -specific user. If grouping is not enabled, all activities will be consolidated into a single alert +"Grouped On" to "Who", alerts are generated per user, resulting in two separate alerts — one for +User 1 and another for User 2. Each alert includes only the activity associated with that +specific user. If grouping isn't enabled, all activities are consolidated into a single alert based on the specified _threshold_ and _threshold period_. **Step 9 –** In the Threshold field, specify a threshold for the alert. The threshold is the minimum number of activity records that must occur within a specified time frame (threshold period) to -trigger an alert. For example, if the threshold is set to 3, an alert will be triggered when at +trigger an alert. For example, if the threshold is set to 3, an alert is triggered when at least 3 activity records are generated within the specified time frame. **Step 10 –** In the Threshold Period field, specify a threshold period for the alert. The threshold @@ -95,12 +95,11 @@ number of activity records (threshold) must occur to trigger an alert. For examp is set to 5 and the threshold period is 10 minutes, at least 5 activity records must be generated within 10 minutes to trigger an alert. -**Step 11 –** If you do not want alert notifications to be sent to you each time an alert is -generated, there is a batching period option. In the Batching Period field, specify a batching -period for the alert. The batching period feature allows you to receive a single notification that -includes all alerts triggered during the specified period. For example, if the batching period is -set to 30 minutes (00:30:00) for an alert such as "Computer removed," you will receive a single -notification for the alerts generated during that time frame, rather than receiving individual +**Step 11 –** To avoid receiving a notification each time an alert is generated, specify a batching +period in the Batching Period field. With the batching period feature, you receive a single +notification that includes all alerts triggered during the specified period. For example, if the +batching period is set to 30 minutes (00:30:00) for an alert such as "Computer removed," you +receive a single notification for all alerts generated during that time frame rather than individual notifications for each alert. **Step 12 –** Click **Save**. @@ -109,7 +108,7 @@ The alert is configured and added to the list. ## Modify an Alert -Follow the steps to modify a preconfigured or custom alert. +**To modify a preconfigured or custom alert:** **Step 1 –** Navigate to Configuration > Alerts. @@ -124,7 +123,7 @@ Follow the steps to modify a preconfigured or custom alert. ## Delete a Custom Alert -Follow the steps to delete a custom alert. +**To delete a custom alert:** **Step 1 –** Navigate to Configuration > Alerts. diff --git a/docs/1secure/admin/alerts/overview.md b/docs/1secure/admin/alerts/overview.md index 2cdeeb7c16..a8ecc7173b 100644 --- a/docs/1secure/admin/alerts/overview.md +++ b/docs/1secure/admin/alerts/overview.md @@ -6,9 +6,8 @@ sidebar_position: 70 # Alert Profiles -Alert profiles provide a way to easily group alert configurations and delivery notification settings -together. You can create an alert profile, enable relevant alerts for the profile, and assign it to -organization(s). Additionally, you can customize delivery settings and specify which user(s) will +Alert profiles group alert configurations and delivery notification settings together. You can create an alert profile, enable relevant alerts for the profile, and assign it to +organizations. Additionally, you can customize delivery settings and specify which users will receive notifications when alerts in the profile are triggered. To view the alert profiles, navigate to Configuration > Alerts. @@ -30,7 +29,7 @@ automatically applied to all managed organizations. ## Add an Alert Profile -Follow the steps to add an alert profile. +**To add an alert profile:** **Step 1 –** Navigate to Configuration > Alerts. @@ -45,13 +44,13 @@ The alert profile is added to the list. You can: - Assign this profile to an organization. You can do this when creating a new organization or editing an organization. See the [Add Organizations](/docs/1secure/admin/organizations/addorganizations.md) topic for additional information. -- Click the profile to review the list of alerts, enable the desired alerts, make necessary edits +- Click the profile to review the list of alerts, enable the alerts you want, make necessary edits for alerts, and set delivery settings for the alert profile. See [Alerts](/docs/1secure/admin/alerts/alerts.md) topic for additional information. ## Modify the Name of an Alert Profile -Follow the steps to modify the name of an alert profile. +**To modify the name of an alert profile:** **Step 1 –** Navigate to Configuration > Alerts. @@ -64,13 +63,13 @@ Follow the steps to modify the name of an alert profile. ## Delete an Alert Profile :::note -(1) The alert profile named _Netwrix Profile (Default)_ cannot be deleted. +(1) The alert profile named _Netwrix Profile (Default)_ can't be deleted. (2) When an alert profile is deleted, the _Netwrix Profile (Default)_ is automatically assigned to the organizations that were previously assigned the deleted profile. ::: -Follow the steps to delete an alert profile. +**To delete an alert profile:** **Step 1 –** Navigate to Configuration > Alerts. @@ -84,9 +83,9 @@ prompting you to confirm the deletion of the profile. You can receive alerts by email or through the third-party ticket service, as used by the Managed Service Providers. -Follow the steps to configure alerts by email. +**To configure alerts by email:** -**Step 1 –** . Navigate to Configuration > Alerts. +**Step 1 –** Navigate to Configuration > Alerts. **Step 2 –** Click an alert profile. The alerts for the profile are displayed in a list. @@ -100,10 +99,10 @@ displayed. **Step 5 –** In the Email Addresses field, enter the email address of a recipient for alert notifications and click the Add icon. To specify multiple email addresses, add them one by one. -**Step 6 –** Check the **Email Organization Admins** check box to send the alerts to all the +**Step 6 –** Check the **Email Organization Admins** checkbox to send the alerts to all the organization admins by email. **Step 7 –** Click Save. -You may also link to a third-party ticketing system. See the +You can also link to a third-party ticketing system. See the [Third-party systems](/docs/1secure/integration/overview.md) topic for additional information. diff --git a/docs/1secure/admin/dashboard/alertstimeline.md b/docs/1secure/admin/dashboard/alertstimeline.md index 5b2af53904..106a225fcf 100644 --- a/docs/1secure/admin/dashboard/alertstimeline.md +++ b/docs/1secure/admin/dashboard/alertstimeline.md @@ -36,14 +36,14 @@ exact number of alerts for that type. The legend maps the colors used in the pie chart to the names of the alert types along with the share percentage. -Click an alert type on the legend to disable it. Disabled alert types are not displayed in the pie -chart. Hence, the pie chart displays only the enabled alert types and their percentage shares with -respect to each other. You can click a disabled alert type on the legend to enable it. +Click an alert type on the legend to disable it. Disabled alert types aren't displayed in the pie +chart. The pie chart displays only the enabled alert types and their percentage shares with +respect to each other. Click a disabled alert type on the legend to re-enable it. **Alerts Timeline** This card displays a bar chart illustrating the number of alerts triggered for the period selected -in the timeframe drop-down menu. Hover over a bar on the chart to view the exact number of alerts +in the timeframe dropdown menu. Hover over a bar on the chart to view the exact number of alerts triggered on any specific date. **Alerts List** @@ -85,20 +85,20 @@ information. ## Filter Data -Multiple filters are available on this page to enable you to filter data as desired. You can apply +Multiple filters are available on this page. You can apply one or more filters at a time. -- Organizations – Select an organization from the Organizations drop-down menu to view its +- Organizations – Select an organization from the Organizations dropdown menu to view its alert-related data. -- Filter by Keyword – Type a search string (only alpha characters allowed) in the Filter by keyword +- Filter by Keyword – Enter a search string (only alpha characters allowed) in the Filter by keyword field and press Enter. The Alerts list displays the data that matches the specified keyword. -- Alert – Select an alert type from the Alert drop-down menu. The charts and the alerts list display +- Alert – Select an alert type from the Alert dropdown menu. The charts and the alerts list display data specific to the selected alert type. By default, All is selected. -- Item – Select an item from the Item drop-down menu. The charts and the alerts list display alert +- Item – Select an item from the Item dropdown menu. The charts and the alerts list display alert data specific to the selected item. By default, All is selected. -- Timeframe – Select a time period from the Timeframe drop-down menu. The charts and the listing on +- Timeframe – Select a time period from the Timeframe dropdown menu. The charts and the listing on the page display data for the selected time period. For example, if you select 7 Days, the data - will reflect information for the past 7 days. By default, 30 Days is selected. Options are: + reflects information for the past 7 days. By default, 30 Days is selected. Options are: - 7 Days - 30 Days diff --git a/docs/1secure/admin/dashboard/organizationstatistics.md b/docs/1secure/admin/dashboard/organizationstatistics.md index 576de15bac..730c469dd2 100644 --- a/docs/1secure/admin/dashboard/organizationstatistics.md +++ b/docs/1secure/admin/dashboard/organizationstatistics.md @@ -20,19 +20,19 @@ You can view the following insights for an organization. ## Organization -This drop-down displays the name of the organization. You can choose a different organization from +This dropdown displays the name of the organization. You can choose a different organization from here to view the statistics for that Organization. ## Users -This link displays the total number of users in the organization along with their percentage share +The Users value displays the total number of users in the organization along with their percentage share with respect to the total number of users in the managed organizations (tenant) in 1Secure. Click the value to navigate to the Billable Users page. See the [System Reports](/docs/1secure/admin/searchandreports/system.md) topic for additional information. ## Health Status -This link displays the current health status of the organization, which can be: Healthy, Trial in +The Health Status value displays the current health status of the organization, which can be: Healthy, Trial in Progress, New, Update Recommended, Needs Attention, Experiencing Issues, Offline, Disabled, Not Configured, and Pending Deletion. Click the health status to navigate to the configuration page of the organization. diff --git a/docs/1secure/admin/dashboard/overview.md b/docs/1secure/admin/dashboard/overview.md index f2e8eaa1c7..e9889e9102 100644 --- a/docs/1secure/admin/dashboard/overview.md +++ b/docs/1secure/admin/dashboard/overview.md @@ -9,7 +9,7 @@ sidebar_position: 20 The Netwrix 1Secure dashboard provides an intuitive, single-pane-of-glass view of your clients organizations, enabling managing organizations, such as Managed Service Providers (MSPs), to quickly identify and prioritize what requires immediate attention. It displays the alerts triggered by -specific events, offering drill-down capabilities that enable you to access detailed information on +specific events, offering drill-down capabilities for accessing detailed information on specific alerts and issues, ensuring timely and effective responses. See the [Alerts](/docs/1secure/admin/alerts/alerts.md) topic for additional information on alerts. @@ -73,7 +73,7 @@ This section lists all managed organizations with the following information: Progress, New, Update Recommended, Needs Attention, Experiencing Issues, Offline, Disabled, Not Configured, and Pending Deletion. Click the value to navigate to the Health Status for Organization: `` pane. -- Tags – Displays the user defined tag(s) applied to the organization. +- Tags – Displays the user-defined tags applied to the organization. Click a column header to sort the data in the organizations list by that column in ascending order. An arrow appears next to the column name to indicate the sort order. Click the column header again @@ -86,7 +86,7 @@ Click the Add Organization button to add a new organization. See the ## Filter Data -Multiple filters are available on this page to enable you to filter data as desired. You can apply +Multiple filters are available on this page. You can apply one or more filters at a time. :::note @@ -95,12 +95,12 @@ Organizations list. ::: -- Filter by Keyword – Type a search string (only alpha characters allowed) in the Filter by keyword +- Filter by Keyword – Enter a search string (only alpha characters allowed) in the Filter by keyword field and press Enter. The Organizations list displays the data that matches the specified keyword. -- Alert – Select an alert type from the Alert drop-down menu. The organizations with alerts +- Alert – Select an alert type from the Alert dropdown menu. The organizations with alerts triggered for the selected type are displayed in the list. By default, All is selected. -- Health Status – Select a health status from the Health Status drop-down menu. The organizations +- Health Status – Select a health status from the Health Status dropdown menu. The organizations with the selected heath status are displayed in the list. By default, All is selected . Other statuses are: @@ -115,12 +115,12 @@ Organizations list. - Not configured - Pending deletion -- Tag – Select a tag from the Tag drop-down menu. The bar charts and the organizations list on the +- Tag – Select a tag from the Tag dropdown menu. The bar charts and the organizations list on the dashboard display data for the organizations the tag is associated with. By default, All is selected. -- Timeframe – Select a time period from the Timeframe drop-down menu. The charts and the listing on +- Timeframe – Select a time period from the Timeframe dropdown menu. The charts and the listing on the page display data for the selected time period. For example, if you select 7 Days, the data - will reflect information for the past 7 days. By default, 30 Days is selected. Options are: + reflects information for the past 7 days. By default, 30 Days is selected. Options are: - 7 Days - 30 Days diff --git a/docs/1secure/admin/datacollection/activedirectoryauditing/activedirectoryauditing.md b/docs/1secure/admin/datacollection/activedirectoryauditing/activedirectoryauditing.md index 4b82181e49..6c3d3f100a 100644 --- a/docs/1secure/admin/datacollection/activedirectoryauditing/activedirectoryauditing.md +++ b/docs/1secure/admin/datacollection/activedirectoryauditing/activedirectoryauditing.md @@ -22,15 +22,15 @@ following aspects: | | | | ------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | In the target domain | Account Permission Required | -| Do you plan to use [Network Traffic Compression](/docs/1secure/configuration/networktrafficcompression.md) for data processing? | If **YES**, account must belong to Domain Admin group. If **NO**, add an account to 'Manage auditing and security log' policy. See [Configure the Manage Auditing and Security Log Policy](/docs/1secure/admin/datacollection/activedirectoryauditing/manageauditingsecuritylog.md) for more information. | -| Do you plan to use AD Deleted Objects container for data processing? | If **YES**, account requires Read permission on the read container. See [Granting Permissions for 'Deleted Objects' Container](/docs/1secure/admin/datacollection/activedirectoryauditing/permissionsadcontainer.md) topic for more information. | +| Do you plan to use [Network Traffic Compression](/docs/1secure/configuration/networktrafficcompression.md) for data processing? | If **YES**, account must belong to Domain Admin group. If **NO**, add an account to 'Manage auditing and security log' policy. See [Configure the Manage Auditing and Security Log Policy](/docs/1secure/admin/datacollection/activedirectoryauditing/manageauditingsecuritylog.md) for the steps to configure this policy. | +| Do you plan to use AD Deleted Objects container for data processing? | If **YES**, account requires Read permission on the read container. See [Granting Permissions for 'Deleted Objects' Container](/docs/1secure/admin/datacollection/activedirectoryauditing/permissionsadcontainer.md) for the steps to grant this permission. | | Is auto-backup _enabled_ for the domain controller event logs? | If **YES**, account needs the following:
  • Access to specific registry key on the domain controllers. See[Assigning Permission To Read the Registry Key](/docs/1secure/admin/datacollection/activedirectoryauditing/permissionsregistrykeys.md) for additional information.
  • Membership in either Administrators, Print Operators, or Server Operators group.
  • Read/Write and Full Control permissions on the logs back up folder.
| | Is there an on-premises Exchange server in your Active Directory domain? | If **YES**, account needs the following:
  • Membership in the **Organization Management** or **Records Management** group or having Audit Logs management role. See [Assigning Management Roles](/docs/1secure/admin/datacollection/activedirectoryauditing/auditlogsrole.md) topic for additional information.
  • Adjustment of the Exchange Administrator Audit Logging settings. See [Configure Exchange Administrator Audit Logging Settings](/docs/1secure/admin/datacollection/activedirectoryauditing/auditlogging.md) topic for additional information.
| ## Use GMSA -You can use group Managed Service Accounts (gMSA) as data collecting accounts. It should also meet +You can use group Managed Service Accounts (gMSA) as data collecting accounts. The gMSA must also meet the same requirements. :::note @@ -41,6 +41,6 @@ initiator (user) name in the "_Who_" field of reports, search results and activi ::: -For more information on gMSA, refer to [Using Group Managed Service Account (gMSA)](/docs/1secure/admin/datacollection/gmsa.md) -and to -[Microsoft documentation](https://docs.microsoft.com/en-us/windows-server/security/group-managed-service-accounts/group-managed-service-accounts-overview). +See [Using Group Managed Service Account (gMSA)](/docs/1secure/admin/datacollection/gmsa.md) +for gMSA setup steps, and the +[Microsoft documentation](https://docs.microsoft.com/en-us/windows-server/security/group-managed-service-accounts/group-managed-service-accounts-overview) for background on group Managed Service Accounts. diff --git a/docs/1secure/admin/datacollection/activedirectoryauditing/auditlogging.md b/docs/1secure/admin/datacollection/activedirectoryauditing/auditlogging.md index f640198111..8523276d87 100644 --- a/docs/1secure/admin/datacollection/activedirectoryauditing/auditlogging.md +++ b/docs/1secure/admin/datacollection/activedirectoryauditing/auditlogging.md @@ -13,24 +13,23 @@ Logging (AAL) settings are configured as follows: | Setting | Value | Comment | | --------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------------------------------------------------------------------------------- | | AdminAuditLogEnabled | True | Enables audit logging | -| AdminAuditLogAgeLimit | 30 | Determines how long audit log entries will be retained (default is 90 days) | -| AdminAuditLogCmdlets | \* | Instructs the program to create a log entry for every cmdlet that is run. | +| AdminAuditLogAgeLimit | 30 | Determines how long audit log entries are retained (default is 90 days) | +| AdminAuditLogCmdlets | \* | Instructs the program to create a log entry for every cmdlet that runs. | | LogLevel | Verbose | Sets logging level. | -| ExcludedCmdlets | \*-InboxRule, \*-MailboxAutoReplyConfiguration, Set-MailboxAuditBypassAssociation, Set-MailboxAutoReplyConfiguration, Set-MailboxCalendarConfiguration, Set-MailboxCalendarFolder, Set-MailboxFolderPermission, Set-MailboxJunkEmailConfiguration, Set-MailboxMessageConfiguration, Set-MailboxRegionalConfiguration, Set-MailboxSpellingConfiguration | This list of exclusions is set up as explained in step 3 of the procedure below. | +| ExcludedCmdlets | \*-InboxRule, \*-MailboxAutoReplyConfiguration, Set-MailboxAuditBypassAssociation, Set-MailboxAutoReplyConfiguration, Set-MailboxCalendarConfiguration, Set-MailboxCalendarFolder, Set-MailboxFolderPermission, Set-MailboxJunkEmailConfiguration, Set-MailboxMessageConfiguration, Set-MailboxRegionalConfiguration, Set-MailboxSpellingConfiguration | This list of exclusions is set up as explained in step 3 of the following procedure. | -To configure these settings manually, refer to the procedure described below. +To configure these settings manually, use the following procedure. -You can perform this procedure on any of the Exchange servers, and these settings will then be -replicated to all Exchange servers in the domain. +You can perform this procedure on any of the Exchange servers, and these settings replicate to all Exchange servers in the domain. -Follow the steps to configure Exchange Administrator Audit Logging settings. +**To configure Exchange Administrator Audit Logging settings:** **Step 1 –** On the computer where the monitored Exchange server is installed, navigate to **Start → Programs → Exchange Management Shell**. **Step 2 –** Execute the following command depending on your Exchange version: -- Exchange 2019, 2016 and 2013 +- Exchange 2019, 2016, and 2013 `Set-AdminAuditLogConfig -AdminAuditLogEnabled $true -AdminAuditLogAgeLimit 30 -AdminAuditLogCmdlets * -LogLevel Verbose` @@ -38,7 +37,7 @@ Programs → Exchange Management Shell**. `Set-AdminAuditLogConfig -AdminAuditLogEnabled $true -AdminAuditLogAgeLimit 30 -AdminAuditLogCmdlets *` -1. To reduce server load, you can exclude the cmdlets listed in the table above from Exchange +1. To reduce server load, you can exclude the cmdlets listed in the preceding table from Exchange logging. For that: 1. On the computer where Netwrix 1Secure is installed, browse to the _%Netwrix Auditor Server @@ -48,4 +47,4 @@ Programs → Exchange Management Shell**. `.\SetAALExcludedCmdlets.ps1` - Make sure your policies allow script execution. + Ensure your policies allow script execution. diff --git a/docs/1secure/admin/datacollection/activedirectoryauditing/auditlogsrole.md b/docs/1secure/admin/datacollection/activedirectoryauditing/auditlogsrole.md index 7682c3696a..d83010f8ff 100644 --- a/docs/1secure/admin/datacollection/activedirectoryauditing/auditlogsrole.md +++ b/docs/1secure/admin/datacollection/activedirectoryauditing/auditlogsrole.md @@ -6,10 +6,10 @@ sidebar_position: 10 # Assigning Management Roles -Perform this procedure only if the account selected for data collection is not a member of the +Perform this procedure only if the account selected for data collection isn't a member of the **Organization Management** or the **Records Management** group. -1. On the computer where Microsoft Exchange 2019, 2016, 2013 or 2010 is installed, open the +1. On the computer where Microsoft Exchange 2019, 2016, 2013, or 2010 is installed, open the **Exchange Management Shell** under an account that belongs to the **Organization Management** group. 2. Use the following syntax to assign the required management role to a user: diff --git a/docs/1secure/admin/datacollection/activedirectoryauditing/logonasbatch.md b/docs/1secure/admin/datacollection/activedirectoryauditing/logonasbatch.md index 5afee6281b..65d701df4f 100644 --- a/docs/1secure/admin/datacollection/activedirectoryauditing/logonasbatch.md +++ b/docs/1secure/admin/datacollection/activedirectoryauditing/logonasbatch.md @@ -31,7 +31,7 @@ Specify the account that you want to define this policy for. ## To configure the Log On As a Batch Job policy using the Group Policy Management console -Perform this procedure only if the account selected for data collection is not a member of the +Perform this procedure only if the account selected for data collection isn't a member of the Domain Admins group. **Step 1 –** Open the Group Policy Management console on any domain controller in the target domain: @@ -53,9 +53,9 @@ the left and navigate to Policies → Windows Settings → Security Settings → user that you want to define this policy for. **Step 7 –** Navigate to Start → Run and type "_cmd_". Input the `gpupdate /force` command and press -Enter. The group policy will be updated. +Enter. The group policy is updated. -**Step 8 –** Type `repadmin /syncall` command and press Enter for replicate GPO changes to other +**Step 8 –** Type `repadmin /syncall` command and press Enter to replicate GPO changes to other domain controllers. -**Step 9 –** Ensure that new GPO settings applied on any audited domain controller. +**Step 9 –** Verify that the new GPO settings are applied on any audited domain controller. diff --git a/docs/1secure/admin/datacollection/activedirectoryauditing/manageauditingsecuritylog.md b/docs/1secure/admin/datacollection/activedirectoryauditing/manageauditingsecuritylog.md index db2121666d..107d3e22b3 100644 --- a/docs/1secure/admin/datacollection/activedirectoryauditing/manageauditingsecuritylog.md +++ b/docs/1secure/admin/datacollection/activedirectoryauditing/manageauditingsecuritylog.md @@ -6,7 +6,7 @@ sidebar_position: 30 # Configure the Manage Auditing and Security Log Policy -Perform this procedure only if the account selected for data collection is not a member of the +Perform this procedure only if the account selected for data collection isn't a member of the Domain Admins group. **Step 1 –** Open the **Group Policy Management** console on any domain controller in the target @@ -28,9 +28,9 @@ Policies.** Group**, specify the user that you want to define this policy for. **Step 7 –** Navigate to **Start → Run** and type _"cmd"_. Input the `gpupdate /force` command and -press **Enter**. The group policy will be updated. +press **Enter**. The group policy is updated. -**Step 8 –** Type `repadmin /syncall` command and press Enter for replicate GPO changes to other +**Step 8 –** Type `repadmin /syncall` command and press Enter to replicate GPO changes to other domain controllers. -**Step 9 –** Ensure that new GPO settings applied on any audited domain controller. +**Step 9 –** Verify that the new GPO settings are applied on any audited domain controller. diff --git a/docs/1secure/admin/datacollection/activedirectoryauditing/permissionsadcontainer.md b/docs/1secure/admin/datacollection/activedirectoryauditing/permissionsadcontainer.md index ab2739ad71..ed8b37fd2a 100644 --- a/docs/1secure/admin/datacollection/activedirectoryauditing/permissionsadcontainer.md +++ b/docs/1secure/admin/datacollection/activedirectoryauditing/permissionsadcontainer.md @@ -6,7 +6,7 @@ sidebar_position: 20 # Granting Permissions for 'Deleted Objects' Container -Perform this procedure only if the account selected for data collection is not a member of the +Perform this procedure only if the account selected for data collection isn't a member of the Domain Admins group. **Step 1 –** Log on to any domain controller in the target domain with a user account that is a @@ -21,7 +21,7 @@ where `deleted_object_dn` is the distinguished name of the deleted directory obj For example: `dsacls "CN=Deleted Objects,DC=Corp,DC=local" /takeownership` **Step 4 –** To grant permission to view objects in the **Deleted Objects** container to a user or a -group, type the following command: +group, enter the following command: `dsacls /G :` @@ -33,6 +33,6 @@ For example, `dsacls "CN=Deleted Objects,DC=Corp,DC=local" /G Corp\jsmith:LCRP` In this example, the user CORP\jsmith has been granted **List Contents** and **Read Property** permissions for the **Deleted Objects** container in the **corp.local** domain. These permissions -let this user view the contents of the **Deleted Objects** container, but do not let this user make +let this user view the contents of the **Deleted Objects** container, but don't let this user make any changes to objects in this container. These permissions are equivalent to the default permissions that are granted to the **Domain Admins** group. diff --git a/docs/1secure/admin/datacollection/activedirectoryauditing/permissionsregistrykeys.md b/docs/1secure/admin/datacollection/activedirectoryauditing/permissionsregistrykeys.md index d1eeb59c89..94bace122c 100644 --- a/docs/1secure/admin/datacollection/activedirectoryauditing/permissionsregistrykeys.md +++ b/docs/1secure/admin/datacollection/activedirectoryauditing/permissionsregistrykeys.md @@ -6,12 +6,10 @@ sidebar_position: 40 # Assigning Permission To Read the Registry Key -This permission is required only if the account selected for data collection is not a member of the +This permission is required only if the account selected for data collection isn't a member of the Domain Admins group. -This permission should be assigned on each domain controller in the audited domain, so if your -domain contains multiple domain controllers, it is recommended to assign permissions through Group -Policy. +Assign this permission on each domain controller in the audited domain. If your domain contains multiple domain controllers, assign permissions through Group Policy. To assign permissions manually, use the Registry Editor snap-in or the Group Policy Management console. @@ -57,7 +55,7 @@ press Enter. **Step 8 –** In the pop-up window, select Propagate inheritable permissions to all subkeys and click OK. -**Step 9 –** Repeat the steps 4-8 for keys below: +**Step 9 –** Repeat steps 4-8 for the following keys: - `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg`; - `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security`. @@ -65,9 +63,9 @@ OK. **Step 10 –** Close Group Policy Management console. **Step 11 –** Navigate to Start → Run and type "_cmd_". Input the `gpupdate /force` command and -press Enter. The group policy will be updated. +press Enter. The group policy is updated. -**Step 12 –** Type `repadmin /syncall` command and press Enter for replicate GPO changes to other +**Step 12 –** Type `repadmin /syncall` command and press Enter to replicate GPO changes to other domain controllers. -**Step 13 –** Ensure that new GPO settings were applied to the domain controllers. +**Step 13 –** Verify that the new GPO settings are applied to the domain controllers. diff --git a/docs/1secure/admin/datacollection/computer/backupfilesdirectories.md b/docs/1secure/admin/datacollection/computer/backupfilesdirectories.md index ae263def92..1166314c3f 100644 --- a/docs/1secure/admin/datacollection/computer/backupfilesdirectories.md +++ b/docs/1secure/admin/datacollection/computer/backupfilesdirectories.md @@ -9,8 +9,7 @@ sidebar_position: 10 Configure this Back up Files and Directories policy via the **Local Security Policy Snap-in** or using the **Group Policy Management Console**. -Follow the steps to configure the Back up Files and Directories' policy via the **Local Security -Policy Snap-in**. +**To configure the Back up Files and Directories policy via the Local Security Policy Snap-in:** **Step 1 –** On any domain controller in the target domain, open the **Local Security Policy** snap-in: navigate to Start > Administrative Tools (Windows Server 2016 and higher) or Administrative @@ -25,11 +24,10 @@ Group**, specify the user that you want to define this policy for. The policy is now configured. -Follow the steps to configure the Back up Files and Directories' policy using the **Group Policy -Management Console**. +**To configure the Back up Files and Directories policy using the Group Policy Management Console:** :::note -Perform this procedure only if the account selected for data collection is not a member of +Perform this procedure only if the account selected for data collection isn't a member of the Domain Admins group. ::: @@ -53,11 +51,11 @@ the left and navigate to Policies > Windows Settings > Security Settings > Local specify the user that you want to define this policy for. **Step 7 –** Navigate to Start > Run and type "_cmd_". Input the `gpupdate /force` command and press -Enter. The group policy will be updated. +Enter. The group policy is updated. -**Step 8 –** Type `repadmin /syncall` command and press Enter for replicate GPO changes to other +**Step 8 –** Type `repadmin /syncall` command and press Enter to replicate GPO changes to other domain controllers. -**Step 9 –** Ensure that new GPO settings applied on any audited domain controller. +**Step 9 –** Verify that the new GPO settings are applied on any audited domain controller. The policy is now configured. diff --git a/docs/1secure/admin/datacollection/computer/overview.md b/docs/1secure/admin/datacollection/computer/overview.md index d2d3526586..9f4182ba87 100644 --- a/docs/1secure/admin/datacollection/computer/overview.md +++ b/docs/1secure/admin/datacollection/computer/overview.md @@ -20,8 +20,7 @@ Data Collection Accounts should meet the following policies and permissions: - The **Read** NTFS permission on all objects in the audited folders. :::note -If you want to use network traffic compression, data collecting account on the target -server must be a member of the local Administrators group. +To use network traffic compression, the data collecting account on the target server must be a member of the local Administrators group. ::: diff --git a/docs/1secure/admin/datacollection/entraid.md b/docs/1secure/admin/datacollection/entraid.md index 8f3700ea1f..36ef4bd6c1 100644 --- a/docs/1secure/admin/datacollection/entraid.md +++ b/docs/1secure/admin/datacollection/entraid.md @@ -6,20 +6,20 @@ sidebar_position: 20 # Microsoft Entra ID Auditing -The product supports Microsoft Entra ID  (formerly Azure AD) provided within Microsoft Office 365. +The product supports Microsoft Entra ID (formerly Azure AD) provided within Microsoft Office 365. -Netwrix 1Secure allows you to audit Office 365 organizations that have established modern +Use Netwrix 1Secure to audit Office 365 organizations that have established modern authentication as their identity management approach, including support for [multi-factor authentication (MFA)](https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks). -In this scenario, Netwrix 1Secure will access the cloud-based infrastructure via Microsoft Graph and -other modern APIs, being authenticated through a pre-configured Microsoft Entra ID application with -appropriate access permissions. So, you should register a Microsoft Entra ID  app and provide its -settings to Netwrix 1Secure when configuring a monitored item. +In this scenario, Netwrix 1Secure accesses the cloud-based infrastructure via Microsoft Graph and +other modern APIs, authenticated through a pre-configured Microsoft Entra ID application with +appropriate access permissions. Register a Microsoft Entra ID app and provide its settings to +Netwrix 1Secure when configuring a monitored item. ## Multi-factor Authentication -Support for modern authentication will allow you to audit the organizations where MFA is enabled for +With modern authentication support, you can audit organizations where MFA is enabled for all users, including service accounts. See the [App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/registerconfig/registerconfig.md) topic for additional information. diff --git a/docs/1secure/admin/datacollection/exchangeonline.md b/docs/1secure/admin/datacollection/exchangeonline.md index f19591ec76..6a4be7c6d5 100644 --- a/docs/1secure/admin/datacollection/exchangeonline.md +++ b/docs/1secure/admin/datacollection/exchangeonline.md @@ -6,12 +6,11 @@ sidebar_position: 40 # Exchange Online Auditing -Before adding an Exchange Online data source for your organization, plan for the account that will -be used for data collection. This account will be specified in the monitored item (Office 365 -tenant) settings. +Before adding an Exchange Online data source for your organization, identify the account to use +for data collection. You specify this account in the monitored item (Office 365 tenant) settings. -Netwrix 1Secure will access the cloud-based Office 365 infrastructure using a dedicated Microsoft -Entra ID application, formerly Azure AD. This app should be created manually by user with -administrative role and assigned required permissions. See the +Netwrix 1Secure accesses the cloud-based Office 365 infrastructure using a dedicated Microsoft +Entra ID application, formerly Azure AD. A user with an administrative role must create this app +manually and assign the required permissions. See the [App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/registerconfig/registerconfig.md) topic for additional information. diff --git a/docs/1secure/admin/datacollection/gmsa.md b/docs/1secure/admin/datacollection/gmsa.md index c3ae04d923..f8874e3e8b 100644 --- a/docs/1secure/admin/datacollection/gmsa.md +++ b/docs/1secure/admin/datacollection/gmsa.md @@ -7,34 +7,32 @@ sidebar_position: 80 # Using Group Managed Service Account (gMSA) Netwrix 1Secure supports using Group Managed Service Accounts (gMSA) for data collection and -storage. This can help you to simplify Netwrix 1Secure administration, providing the following -benefits: +storage. Using a gMSA simplifies Netwrix 1Secure administration with the following benefits: -- There is no password to manage this account: Windows handles the password management for it. User - interaction for password update on a regular basis is not required. -- Using the gMSA also eliminates a need in service accounts with static passwords that are set upon - creation and then never cycled. -- The gMSA also helps to ensure that service account is only used to run a service (gMSA accounts - cannot be used to log on interactively to domain computers). +- There is no password to manage: Windows handles password management for the account. Regular + manual password updates aren't required. +- The gMSA eliminates the need for service accounts with static passwords that are set upon + creation and never rotated. +- The gMSA ensures the service account is only used to run a service (gMSA accounts + can't be used to log on interactively to domain computers). ## Checking for KDS root key -To generate password for gMSA accounts, domain controllers require a Key Distribution Services (KDS) -root key. This key is created once, so if there are any gMSA accounts in your domain, this means the -root key already exists. +To generate passwords for gMSA accounts, domain controllers require a Key Distribution Services (KDS) +root key. This key is created once. If gMSA accounts already exist in your domain, the root key +already exists. -Follow the steps to check whether the root key exists in your domain. +**To check whether the root key exists in your domain:** **Step 1 –** Open the **Active Directory Sites and Services** Console, select **View** → **Show Services Node**. **Step 2 –** Browse to **Services** →**Group Key Distribution Services** →**Master Root Keys**. -**Step 3 –** Alternatively, you can run the `Get-KdsRootKey` cmdlet. If the key does not exist, it -will not return any output. +**Step 3 –** Alternatively, you can run the `Get-KdsRootKey` cmdlet. If the key doesn't exist, it +won't return any output. -If the KDS key does not exist, then you can create is as described below, or contact your Active -Directory administrator. +If the KDS key doesn't exist, create it using the following procedure, or contact your Active Directory administrator. To create a KDS key (on a domain controller running Windows Server 2012 or later) @@ -43,41 +41,38 @@ To create a KDS key (on a domain controller running Windows Server 2012 or later `Add-KdsRootKey -EffectiveImmediately` -3. A root key will be added to the target DC which will be used by the KDS service immediately. - Note, however, that it requires a 10-hours wait, as other domain controllers will be able to use - the root key only after a successful replication. See - [this Microsoft article](https://docs.microsoft.com/en-us/windows-server/security/group-managed-service-accounts/create-the-key-distribution-services-kds-root-key) - for more information. +3. A root key is added to the target DC and used by the KDS service immediately. + Other domain controllers can use the root key only after a successful replication, + which requires up to 10 hours. See the + [Microsoft article on creating the KDS root key](https://docs.microsoft.com/en-us/windows-server/security/group-managed-service-accounts/create-the-key-distribution-services-kds-root-key) + for details on replication timing. Alternatively, you can use the following cmdlet: `Add-KdsRootKey -EffectiveTime MM/DD/YYYY` -This cmdlet generates a KDS root key that will take effect on the specified date. Use the +This cmdlet generates a KDS root key that takes effect on the specified date. Use the _mm/dd/yyyy_ format, for example: `Add-KdsRootKey -EffectiveTime 02/27/21` -This approach, however, should be used with care. +Use this approach with caution. ## Creating a gMSA -When creating a new gMSA, you will need to specify: +When creating a new gMSA, specify the following: - New account name and FQDN -- Computer account(s) that will be allowed to make use of that gMSA. Here it will be: +- Computer accounts that are allowed to use that gMSA: 1. Your Netwrix Cloud Agent host -2. If you are going to collect data using the network traffic compression (see the following section - for more information: - [Network Traffic Compression](/docs/1secure/configuration/networktrafficcompression.md)), provide the - following: +2. If you collect data using network traffic compression (see + [Network Traffic Compression](/docs/1secure/configuration/networktrafficcompression.md) for configuration steps), also include: - For Logon Activity — domain controllers of the monitored domain -For example, you can create a gMSA using the `New-ADServiceAccount` PowerShell cmdlet. If so, you -should specify your Netwrix Cloud Agent account in the `-PrincipalsAllowedToRetrieveManagedPassword` +For example, you can create a gMSA using the `New-ADServiceAccount` PowerShell cmdlet. Specify your Netwrix Cloud Agent account in the `-PrincipalsAllowedToRetrieveManagedPassword` attribute. -Make sure you specify a valid computer object in this attribute. +Ensure you specify a valid computer object in this attribute. To create a new gMSA in the root domain using PowerShell: @@ -87,7 +82,7 @@ To create a new gMSA in the root domain using PowerShell: here: - - _name_ — new gMSA name, here **ncagmsa**. Make sure the name refers to a valid computer + - _name_ — new gMSA name, here **ncagmsa**. Ensure the name refers to a valid computer objects. - _DNSHostName_ — FQDN of the new gMSA account, here **ncagmsa.mydomain.local** - _PrincipalsAllowedToRetrieveManagedPassword_ — your Netwrix Cloud Agent host NETBIOS name diff --git a/docs/1secure/admin/datacollection/logonactivity/nonadminaccount/networkaccess/networkaccess.md b/docs/1secure/admin/datacollection/logonactivity/nonadminaccount/networkaccess/networkaccess.md index 389db4c39e..76608a8cbd 100644 --- a/docs/1secure/admin/datacollection/logonactivity/nonadminaccount/networkaccess/networkaccess.md +++ b/docs/1secure/admin/datacollection/logonactivity/nonadminaccount/networkaccess/networkaccess.md @@ -3,7 +3,7 @@ title: 'Configure Access this computer from the network Policy' description: "Configure Access this computer from the network Policy" sidebar_position: 20 --- -Follow the steps to configure the Access this computer from the network Policy. +**To configure the Access this computer from the network policy:** **Step 1** – Open the **Group Policy Management console** on any domain controller in the target domain: navigate to Start > Windows Administrative Tools (Windows Server 2016 and higher) or Administrative Tools (Windows 2012) **Group Policy Management**. @@ -19,12 +19,12 @@ Follow the steps to configure the Access this computer from the network Policy. **Step 7** - Locate the **Deny access to this computer from the network** policy and double-click it. -**Step 8** - Verify that the policy is enabled and that the account selected for data collection **is not included** in the list, either explicitly or through group membership. +**Step 8** - Verify that the policy is enabled and that the account selected for data collection **isn't included** in the list, either explicitly or through group membership. **Step 9** - Close Group Policy Management Editor. **Step 10** – Run the following command to update group policy: `gpupdate /force` -**Step 11** – Type `repadmin /syncall` command and press Enter for replicate GPO changes to other domain controllers. +**Step 11** – Type `repadmin /syncall` command and press Enter to replicate GPO changes to other domain controllers. -**Step 12** – Ensure that new GPO settings applied on any audited domain controller. \ No newline at end of file +**Step 12** – Verify that the new GPO settings are applied on any audited domain controller. \ No newline at end of file diff --git a/docs/1secure/admin/datacollection/logonactivity/nonadminaccount/nondomainadmin.md b/docs/1secure/admin/datacollection/logonactivity/nonadminaccount/nondomainadmin.md index 2ccf22f1bc..6855acc7ed 100644 --- a/docs/1secure/admin/datacollection/logonactivity/nonadminaccount/nondomainadmin.md +++ b/docs/1secure/admin/datacollection/logonactivity/nonadminaccount/nondomainadmin.md @@ -6,16 +6,12 @@ sidebar_position: 10 # Configure Non-Administrative Account to Collect Logon Activity -This section contains instructions on how to configure an account to collect Logon Activity with -minimum rights assignment. The instructions below apply only if you are going to set a source with -disabled network traffic compression and do not want to adjust audit settings automatically. Do the -following: +This section contains instructions on configuring an account to collect Logon Activity with +minimum rights assignment. These instructions apply only if you are configuring a source with +network traffic compression disabled and you don't want to adjust audit settings automatically. Before creating an account, grant the _Read_ permission on the SECURITY registry key -`(HKEY_LOCAL_MACHINE\SECURITY)` for an admin account under which you will make changes in Group -Policy. - -Do the following: +`(HKEY_LOCAL_MACHINE\SECURITY)` for the admin account you use to make changes in Group Policy. **Step 1 –** Create a domain user with the following privileges: @@ -31,5 +27,4 @@ Do the following: - `HKEY_LOCAL_MACHINE`\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg - `HKEY_LOCAL_MACHINE`\SYSTEM\CurrentControlSet\Services\EventLog\Security -[Assigning Permission To Read the Registry Key](/docs/1secure/admin/datacollection/activedirectoryauditing/permissionsregistrykeys.md) how -to do it using Registry Editor. +See [Assigning Permission To Read the Registry Key](/docs/1secure/admin/datacollection/activedirectoryauditing/permissionsregistrykeys.md) for instructions on using Registry Editor. diff --git a/docs/1secure/admin/datacollection/logonactivity/overview.md b/docs/1secure/admin/datacollection/logonactivity/overview.md index f49fbefd7f..842d1eb08b 100644 --- a/docs/1secure/admin/datacollection/logonactivity/overview.md +++ b/docs/1secure/admin/datacollection/logonactivity/overview.md @@ -6,16 +6,14 @@ sidebar_position: 70 # Logon Activity Auditing -Before you start adding the logon activity connector in your domain, plan for the domain account -that will be used for data collection – it should meet the requirements listed below. Then you will -provide this account in the Netwrix 1Secure configuration window. +Before adding the logon activity connector in your domain, identify the domain account to use for +data collection. The account must meet the following requirements. Provide this account in the Netwrix +1Secure configuration window. -Depending on the network traffic compression setting you need to use, one of the following is -required: +The requirements depend on the network traffic compression setting: -- If network traffic compression is enabled, then the account must belong to the Domain Admins - group; -- If network traffic compression is disabled, then you can choose between account which belongs to - the Domain Admins group or non-administrative account. See - [Configure Non-Administrative Account to Collect Logon Activity ](/docs/1secure/admin/datacollection/logonactivity/nonadminaccount/nondomainadmin.md)for more - information; +- If network traffic compression is enabled, the account must belong to the Domain Admins group. +- If network traffic compression is disabled, you can use either a Domain Admins account or a + non-administrative account. See + [Configure Non-Administrative Account to Collect Logon Activity](/docs/1secure/admin/datacollection/logonactivity/nonadminaccount/nondomainadmin.md) + for steps to configure a non-administrative account. diff --git a/docs/1secure/admin/datacollection/overview.md b/docs/1secure/admin/datacollection/overview.md index 782980f04b..3f50bfb4f9 100644 --- a/docs/1secure/admin/datacollection/overview.md +++ b/docs/1secure/admin/datacollection/overview.md @@ -9,12 +9,12 @@ sidebar_position: 10 The data collecting account is a service account that Netwrix 1Secure uses to collect audit data from the monitored items (domains, OUs, servers, etc.). Netwrix recommends creating a dedicated service account for that purpose. Depending on the data source and connector, the account must meet -the corresponding requirements (see the table below). +the corresponding requirements (see the following table). You can use group Managed Service Account (gMSA) as data collecting account. See the [Using Group Managed Service Account (gMSA)](/docs/1secure/admin/datacollection/gmsa.md) topic for additional information. -Currently, the following data sources are supported: +The following data sources are supported: | Data source | Provided connectors | Required rights and permissions: | | ----------------- | ------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------- | @@ -27,8 +27,8 @@ Currently, the following data sources are supported: ## Data Collection Workflow The Netwrix 1Secure data collection workflow is as follows: -**Step 1 –** Add organizations. See the [Add Organizations](docs\1secure\admin\organizations\addorganizations.md) topic for additional information. +**Step 1 –** Add organizations. See the [Add Organizations](/docs/1secure/admin/organizations/addorganizations.md) topic for additional information. -**Step 2 –** Install the agent. See the [Install Agent](docs\1secure\install\installagent.md) topic for additional information. +**Step 2 –** Install the agent. See the [Install Agent](/docs/1secure/install/installagent.md) topic for additional information. -Once you have added the organization and selected the domain for collecting the data, Netwrix 1Secure starts collecting audit data from the managed Active Directory, Azure AD domain, a computer, an Exchange Online, or a SharePoint Online collection. \ No newline at end of file +After you add the organization and select the domain, Netwrix 1Secure starts collecting audit data from the managed Active Directory, Azure AD domain, computer, Exchange Online, or SharePoint Online source. \ No newline at end of file diff --git a/docs/1secure/admin/datacollection/sharepointonline.md b/docs/1secure/admin/datacollection/sharepointonline.md index c51dc39c47..9fff03e8e7 100644 --- a/docs/1secure/admin/datacollection/sharepointonline.md +++ b/docs/1secure/admin/datacollection/sharepointonline.md @@ -6,21 +6,21 @@ sidebar_position: 30 # SharePoint Online Auditing -Netwrix 1Secure allows you to audit Office 365 organizations that have established modern +Use Netwrix 1Secure to audit Office 365 organizations that have established modern authentication as their identity management approach, including support for [multi-factor authentication (MFA)](https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks). See the Microsoft [App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/registerconfig/registerconfig.md) article for additional information. -In this scenario, Netwrix 1Secure will access the cloud-based infrastructure via Microsoft Graph and -other modern APIs, being authenticated through a pre-configured Microsoft Entra ID application, -formerly Azure AD, with appropriate access permissions. So, you should register a Microsoft Entra ID -app and provide its settings to Netwrix 1Securewhen adding a SharePoint Online data source. +In this scenario, Netwrix 1Secure accesses the cloud-based infrastructure via Microsoft Graph and +other modern APIs, authenticated through a pre-configured Microsoft Entra ID application, +formerly Azure AD, with appropriate access permissions. Register a Microsoft Entra ID app and +provide its settings to Netwrix 1Secure when adding a SharePoint Online data source. ## Modern Authentication -Support for modern authentication will allow you to audit the organizations where MFA is enabled for +With modern authentication support, you can audit organizations where MFA is enabled for all users, including service accounts. See the [App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/registerconfig/registerconfig.md) topic for additional information. @@ -28,12 +28,9 @@ topic for additional information. ## Configure SharePoint Online Auditing To collect audit data from your SharePoint Online and OneDrive for Business, Netwrix 1Secure uses a -dedicated Microsoft Entra ID application and leverages APIs access permissions granted to that app. -To register this application and assign required permissions, an Azure AD account with an -administrative role will be required: - -Microsoft Entra ID application should be created manually by user with administrative role and -assigned required permissions. This app will allow you to collect activity. See the +dedicated Microsoft Entra ID application and the API access permissions granted to that app. +A user with an Azure AD administrative role must create the application manually and assign the +required permissions. With this app, you can collect activity. See the [App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/registerconfig/registerconfig.md) topic for additional information. diff --git a/docs/1secure/admin/howitworks.md b/docs/1secure/admin/howitworks.md index ce19ff5428..1f2c1101fa 100644 --- a/docs/1secure/admin/howitworks.md +++ b/docs/1secure/admin/howitworks.md @@ -7,8 +7,8 @@ sidebar_position: 110 # How It Works Netwrix 1Secure is a Microsoft Azure hosted, multi-tenant SaaS application that provides a single -location to manage both on-premises and cloud environments. Solution architecture and components -interactions are shown in the figure below. +location to manage both on-premises and cloud environments. The following figure shows the solution +architecture and component interactions. ![overview_table](/images/1secure/admin/overview_table.webp) @@ -17,8 +17,8 @@ agent collects aggregated data from your on-premises Netwrix 1SecureAPI and/or u your Netwrix 1Secure tenant via REST API calls over HTTPS every 15 minutes. Netwrix 1SecureAPI or Azure Function App receives the data from Netwrix 1Secure On-Prem Agent. -Token-based authentication is used for verification between the Netwrix 1Secure API and the agent. -The service behind the Netwrix stores the data in the Azure SQL Database. The data is segregated by +Token-based authentication verifies communication between the Netwrix 1Secure API and the agent. +The service behind the Netwrix stores the data in the Azure SQL Database, segregated by tenant (organization). All the activity records are stored in the Cosmos Database. The configuration settings, source @@ -26,5 +26,5 @@ management, alerts are stored in the Main Database. Netwrix 1Secure Website is the presentation layer of the product that retrieves data from the Azure SQL database and presents it to users. Users can access this web portal with their corporate -credentials using Azure AD Authentication (OAuth 2.0). Data is retrieved via API calls made on the +credentials using Azure AD Authentication (OAuth 2.0). The site retrieves data via API calls made on the user's behalf. diff --git a/docs/1secure/admin/login/login.md b/docs/1secure/admin/login/login.md index 541f4b08fd..93e1afd963 100644 --- a/docs/1secure/admin/login/login.md +++ b/docs/1secure/admin/login/login.md @@ -1,32 +1,31 @@ --- -title: "First Login to 1Secure" -description: "First Login to 1Secure" +title: "First Log In to 1Secure" +description: "First Log In to 1Secure" sidebar_position: 10 --- -# First Login to 1Secure +# First Log In to 1Secure This topic describes how an MSP can access the 1Secure tenant for the first time, activate their -account, and complete the initial login. After logging in, the MSP can add users to the tenant and +account, and complete the initial log in. After logging in, the MSP can add users to the tenant and assign them roles based on the required access levels. -When the Netwrix team adds a new user account for your organization, you will receive an email -invitation. This email will be sent from "noreply-account@netwrix.com" and will have the subject +When the Netwrix team adds a new user account for your organization, you receive an email +invitation. This email is sent from "noreply-account@netwrix.com" and has the subject "Welcome to Netwrix 1Secure". -This email includes a unique access link to product’s web portal. You need to activate your account -via the link within 2 days. If it expires, you will need to follow the link and request a new -activation link. +This email includes a unique access link to product’s web portal. Activate your account +via the link within 2 days. If it expires, follow the link to request a new activation link. ![accountactivation](/images/1secure/admin/login/accountactivation.webp) ## Activate an Account -Follow the steps to activate an account: +**To activate an account:** **Step 1 –** Open the invitation email and do one of the following: -- Click the **Activate my Netwrix account** button +- Click the **Activate your Netwrix account** button - Click the account activation link included in the email. The Change Your Password page is displayed. @@ -37,15 +36,14 @@ The Change Your Password page is displayed. **Step 3 –** In the **Re-enter new password** field, enter the same password again to confirm. -**Step 4 –** Click the **Reset Password** button. The account is now activated, and your password -has been set. +**Step 4 –** Click the **Reset Password** button. The account is now activated and your password is set. -Once you have set your account password, log in to 1Secure with your credentials. See the +After you set your account password, log in to 1Secure with your credentials. See the [Log In](#log-in) topic for additional information. ## Log In -Follow the steps to log in to 1Secure. +**To log in to 1Secure:** **Step 1 –** Open the invitation email and click the Netwrix 1Secure tenant link. You are navigated to the 1Secure login page. @@ -69,26 +67,26 @@ multi-factor authentication. **Step 5 –** Click **Google Authenticator or Similar** or **Security Key** to select an authentication method. After that, one of the following happens: -- If you selected Google Authenticator or Similar option, you will be navigated to Secure Your +- If you selected Google Authenticator or Similar option, you are navigated to the Secure Your Account page. Scan the QR code using your preferred authenticator app and then enter the provided one time code in the **Enter one time code** field. See the documentation of your authenticator app for additional information. -- If you selected Security Key option, you will be navigated to the Adding Your Security Key page. +- If you selected Security Key option, you are navigated to the Adding Your Security Key page. See the [Set up a security key as your verification method](https://support.microsoft.com/en-us/account-billing/set-up-a-security-key-as-your-verification-method-2911cacd-efa5-4593-ae22-e09ae14c6698) article for additional information. -After successful authorization, You are redirected to the dashboard. See the +After successful authorization, you are redirected to the dashboard. See the [1Secure Dashboard](/docs/1secure/admin/dashboard/overview.md) topic for additional information. -Once the initial login is completed, an MSP can configure Single Sign On (SSO) using supported +After the initial login is completed, an MSP can configure Single Sign On (SSO) using supported authentication services, including Entra ID, 1Secure Authentication, or OpenID Connect. See the [SSO Configuration with Authentication Services](/docs/1secure/admin/login/sso.md#sso-configuration-with-authentication-services) topic for additional information. ### Reset Password -Follow the steps to reset the password of an account: +**To reset the password of an account:** **Step 1 –** Navigate to the company's login page. @@ -109,4 +107,4 @@ click **Continue**. The Enter Your Password page is displayed. **Step 7 –** Click the **Reset Password** button. The password of the account has been reset. -Once you have reset your account password, log in to 1Secure with your new credentials. +After you reset your account password, log in to 1Secure with your new credentials. diff --git a/docs/1secure/admin/login/sso.md b/docs/1secure/admin/login/sso.md index 9310fec641..79d31023c6 100644 --- a/docs/1secure/admin/login/sso.md +++ b/docs/1secure/admin/login/sso.md @@ -8,7 +8,7 @@ sidebar_position: 10 Single Sign On (SSO) is a powerful authentication process that enhances security and improves user experience by allowing users to access multiple applications with a single set of login credentials. -Single Sign On (SSO) allows you to log in to 1Secure using Microsoft Entra ID or Open ID Connect +With Single Sign On (SSO), you can log in to 1Secure using Microsoft Entra ID or Open ID Connect credentials. It enhances the user experience by enabling access with existing organizational credentials. @@ -19,8 +19,8 @@ authentication provider configured for the tenant. For example, if Microsoft Ent as the authentication provider and its users are added to 1Secure, they can log in to the 1Secure tenant with their Microsoft Entra ID credentials. -When the Netwrix team adds a new user account for your organization, you will receive an email -invitation. This email will be sent from "noreply-account@netwrix.com" and will have the subject +When the Netwrix team adds a new user account for your organization, you receive an email +invitation. This email is sent from "noreply-account@netwrix.com" and has the subject "Welcome to Netwrix 1Secure". ![1Secure Invitation Email](/images/1secure/admin/login/1secureinvitation-sso.webp) @@ -33,14 +33,14 @@ invitation. This email will be sent from "noreply-account@netwrix.com" and will **Step 2 –** On the login page, click the **Log In** button. **Step 3 –** In the Email address field, specify a valid email address registered with 1Secure, then -click **Continue**. Based on your authentication status, one of the following will occur: +click **Continue**. Based on your authentication status, one of the following occurs: -- If you are logged out of your authentication provider, you will be redirected to the - authentication provider's login page. For example, if you are using Microsoft Entra ID, you will - be redirected to the Microsoft Entra ID login page. Authenticate using your credentials. After - successful authentication, you will be logged in to 1Secure. -- If you are already logged in to your authentication provider, then you will be directly logged in - to 1Secure application. +- If you are logged out of your authentication provider, you are redirected to the + authentication provider's login page. For example, if you are using Microsoft Entra ID, you are + redirected to the Microsoft Entra ID login page. Authenticate using your credentials. After + successful authentication, you are logged in to 1Secure. +- If you are already logged in to your authentication provider, you are directly logged in to + 1Secure. ## SSO Configuration with Authentication Services @@ -51,7 +51,7 @@ following authentication services: - [Configure SSO with OpenID Connect Authentication](#configure-sso-with-openid-connect-authentication) :::note -When you first log in to 1Secure, SSO is not enabled, and 1Secure Authentication is +When you first log in to 1Secure, SSO isn't enabled, and 1Secure Authentication is applied by default. This method requires Multi-factor authentication (MFA) to verify your identity for secure access. See the [Log In](/docs/1secure/admin/overview.md) topic for additional information on Multi-factor authentication. @@ -60,7 +60,7 @@ Multi-factor authentication. ### Configure SSO with Microsoft Entra ID Authentication -Follow the steps to configure SSO with Microsoft Entra ID authentication. +**To configure SSO with Microsoft Entra ID authentication:** **Step 1 –** Click **Configuration** in the top bar. The Managed organizations page is displayed, that lists the managed organizations defined in 1Secure. @@ -72,7 +72,7 @@ that lists the managed organizations defined in 1Secure. **Step 3 –** Under Authentication section, click **Edit Settings**. The Authentication settings pane is displayed. -**Step 4 –** In Method drop-down menu, select **Entra ID**. +**Step 4 –** In Method dropdown menu, select **Entra ID**. ![Authentication Settings pane](/images/1secure/admin/login/entraidauth.webp) @@ -86,7 +86,7 @@ authentication. ### Configure SSO with OpenID Connect Authentication -Follow the steps to configure SSO with OpenID Connect authentication. +**To configure SSO with OpenID Connect authentication:** **Step 1 –** Click **Configuration** in the top bar. The Managed organizations page is displayed, that lists the managed organizations defined in 1Secure. @@ -98,7 +98,7 @@ that lists the managed organizations defined in 1Secure. **Step 3 –** Under Authentication section, click **Edit Settings**. The Authentication settings pane is displayed. -**Step 4 –** In Method drop-down menu, select **OpenID Connect**. +**Step 4 –** In Method dropdown menu, select **OpenID Connect**. ![Authentication Settings pane](/images/1secure/admin/login/openidconnectauth.webp) @@ -113,7 +113,7 @@ authentication. #### Register an App in Microsoft Entra ID For Authentication To configure Single Sign On (SSO) with Microsoft Entra ID authentication, register an application in -the Microsoft Microsoft Entra ID by following the steps mentioned below. +the Microsoft Entra ID by following the steps mentioned below. **Step 1 –** Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com/). @@ -127,14 +127,14 @@ Register an application page is displayed. - Name – Enter a user-facing display name for the application, for example, Netwrix 1Secure Entra ID - Supported account types – Select **Accounts in this organizational directory only** -- Platform – Select the **Web** platform in the drop-down menu +- Platform – Select the **Web** platform in the dropdown menu - Redirect URL (optional) – Enter **https://auth.netwrix.com/login/callback** **Step 5 –** Click **Register**. The Overview page for the newly registered application opens. The following settings of the registered application are required while configuring Single Sign on (SSO) with Entra ID in 1Secure. -It is recommended to copy these settings and keep them safe. +Copy these settings and keep them safe. - Application (client) ID – A client ID for the registered application - Directory (tenant) ID – A tenant ID for the registered application diff --git a/docs/1secure/admin/notifications.md b/docs/1secure/admin/notifications.md index 1168fb4cab..d71e4e79aa 100644 --- a/docs/1secure/admin/notifications.md +++ b/docs/1secure/admin/notifications.md @@ -6,19 +6,18 @@ sidebar_position: 90 # Notifications -Netwrix 1Secure provides real-time notifications to the users, which report on various issues for -the user. This includes an agent update, issues with organizations, status of the organizations, -expired credentials, and others. +Netwrix 1Secure provides real-time notifications that report on various issues, including agent +updates, organization status changes, expired credentials, and others. | Icon | Description | | --------------------------------------------------------------------------------------- | ------------------------------------------------------- | -| ![selfupdate_icon](/images/1secure/admin/selfupdate_icon.webp) | Bell icon. Click the Bell icon to look for the updates. | +| ![selfupdate_icon](/images/1secure/admin/selfupdate_icon.webp) | Bell icon. Click the Bell icon to view available updates. | -Follow the steps to review notifications. +**To review notifications:** **Step 1 –** Click the **Bell** icon in the upper right corner of your screen. -**Step 2 –** You can select and fix any of the issues on the displayed panel. +**Step 2 –** Select and fix any of the issues on the displayed panel. ![notifications](/images/1secure/admin/notifications.webp) diff --git a/docs/1secure/admin/organizations/addingusers/addingusers.md b/docs/1secure/admin/organizations/addingusers/addingusers.md index 2a97dc0e4a..53bb511dbc 100644 --- a/docs/1secure/admin/organizations/addingusers/addingusers.md +++ b/docs/1secure/admin/organizations/addingusers/addingusers.md @@ -6,9 +6,8 @@ sidebar_position: 70 # Add Users -After you added the organization to your system, you may want to add users as part of your -organization, depending on the role you would like to provide them. The users in Netwrix 1Secure -include: +After you add the organization to your system, you can add users to your organization and assign +them a role. The users in Netwrix 1Secure include: - Administrator - Editor @@ -26,9 +25,8 @@ Image keys: ## Add Users to Managing Organization -The Users page allows a Managed Service Provider to provide the client's manager with access to -review reports or other activities. In this case, the MSP shall assign the Viewer rights to the -manager. +The Users page allows a Managed Service Provider (MSP) to give the client's manager access to +review reports or other activities. In this case, assign the Viewer rights to the manager. Follow the instructions to add a user. @@ -71,38 +69,37 @@ Users**. | Managing/Configuring agent Self-update | + | - | - | | Segregating access to child tenants for MSP users | + | - | - | -**Step 3 –** Select the Grant user temporary access check box if you need to allow access to +**Step 3 –** Select the Grant user temporary access checkbox if you need to allow access to specific user for certain period. For example, if you are a tenant administrator and you allowed a access to a member of your team who should edit 100 accounts before 08.03.2023, this member can manage these activities up to a certain -period and the administrator does not need to suspend the rights manually. +period and the administrator doesn't need to suspend the rights manually. ![Add Users pane](/images/1secure/admin/organizations/addusers.webp) -**Step 4 –** Select one or more organization groups from the **Select organization group(s) for the -user** drop-down menu. To specify multiple groups, select them one by one from the drop-down menu. +**Step 4 –** Select one or more organization groups from the **Select organization groups for the +user** dropdown menu. To specify multiple groups, select them one by one from the dropdown menu. -The user can only view and/or manage the organizations assigned to the group(s) you select here. +The user can only view and/or manage the organizations assigned to the groups you select here. :::note -Administrators have access to all tenancies regardless of the organization group(s). +Administrators have access to all tenancies regardless of the organization groups. ::: **Step 5 –** Click Add. -Follow the steps to review main options and statuses. +**To review main options and statuses:** **Step 1 –** To delete the user, select the **Bin icon** for that user. **Step 2 –** To edit the user data, select the **Edit icon** for that user. -In case the user received an invitation from your tenant and registered within a system, its status -shall be Verified. +If the user received an invitation from your tenant and registered, the status is Verified. -If the user has not registered within a system, the status will be Pending Verification. The -administrator may select Resend Invite to re-notify this user. +If the user has not registered, the status is Pending Verification. The administrator can select +Resend Invite to re-notify this user. ![Users List](/images/1secure/admin/organizations/users_status.webp) @@ -111,12 +108,12 @@ When logging in, the users see the Home screen, on which they can do the followi - Add organization here by selecting **Add Organization** - Find the organization by populating the **Filtering the keyword** field - Select the required filters from the **Alert**, **Health Status**, **Tag**, **Time Filter** - drop-down lists. These filters will apply to available organizations. + dropdown lists. These filters apply to available organizations. ## Add the Business Viewer Role :::note -This option is not available for End Customer Organizations. +This option isn't available for End Customer Organizations. ::: @@ -133,15 +130,15 @@ The Business viewer role: - ag-test1 -Business viewer cannot add reports on their own. When creating the report, tick the option **Share -with business users**. This way, all the business users can view the shared reports. See the +Business viewers can't add reports on their own. When creating the report, select the option **Share +with business users**. This way, all business users can view the shared reports. See the [ Custom Reports](/docs/1secure/admin/searchandreports/customreports.md) topic for additional information. -As you add the business viewer, the created reports shall be automatically displayed. +When you add the business viewer, the created reports are automatically displayed. ![Add Users pane](/images/1secure/admin/organizations/businessusers.webp) -Follow the steps to add the Business Viewer role. +**To add the Business Viewer role:** **Step 1 –** On the Managed Organizations page, select your organization and select to the **Users** tile. @@ -165,7 +162,7 @@ organization. :::note When logging in, if the Business Viewer account is registered with multiple organizations, -select the one you wish to access. +select the one you want to access. ::: @@ -183,14 +180,14 @@ The Co-Managing Administrator role: - Can view predefined reports - Can view custom reports -The Co-Managing Administrator role cannot add reports on their own. When creating the report, select +The Co-Managing Administrator role can't add reports on their own. When creating the report, select the option **Share with business users**. This way, all the business users can view the shared reports. See the [ Custom Reports](/docs/1secure/admin/searchandreports/customreports.md) topic for additional information. ![Add Users pane](/images/1secure/admin/organizations/comanagingadministrator.webp) -Follow the steps to add the Co-managing Administrator role. +**To add the Co-managing Administrator role:** **Step 1 –** On the Manage Organizations page, select your organization and click the **Users** tile. @@ -211,13 +208,13 @@ logged in organization. ## Delete a Managed Organization User -Follow the steps to delete a user from a managed organization. - :::note -User(s) can only be deleted from a managed organization by tenant administrators or -co-managing administrators. +Only tenant administrators or co-managing administrators can delete users from a managed +organization. ::: +**To delete a user from a managed organization:** + **Step 1 –** Click **Configuration** in the top bar. The Managed organizations page is displayed, that lists the managed organizations defined in 1Secure. diff --git a/docs/1secure/admin/organizations/addorganizations.md b/docs/1secure/admin/organizations/addorganizations.md index 8374ac9078..a07a8837a7 100644 --- a/docs/1secure/admin/organizations/addorganizations.md +++ b/docs/1secure/admin/organizations/addorganizations.md @@ -6,7 +6,7 @@ sidebar_position: 20 # Add Organizations -Follow the steps to add an organization. +**To add an organization:** **Step 1 –** On the Netwrix 1Secure Website, on the **Home** page, select the Add organization icon to add an organization. @@ -18,14 +18,14 @@ to add an organization. - Name – Specify a name for the organization - Timezone – Select a timezone for the organization - Country – Select a country for the organization -- Tags – Select tag(s) for the organization. Tags provide a way of adding metadata to the tenancies +- Tags – Select tags for the organization. Tags provide a way of adding metadata to the tenancies being managed. To specify multiple tags, select them one by one from the dropdown menu. -- Alert profile – Select an alert profile for the organization. Alert profiles enable you to group +- Alert profile – Select an alert profile for the organization. With alert profiles, you can group alert configurations and delivery notification settings together. -- Risk Profile – Select a risk profile for the organization. Risk profiles enable you to group +- Risk Profile – Select a risk profile for the organization. With risk profiles, you can group thresholds together. - Groups – Select a group for the organization. To assign an organization to multiple groups, select - the groups one by one from the drop-down menu. + the groups one by one from the dropdown menu. Click **Next**. @@ -61,7 +61,7 @@ See the [Add Sites to an Organization](/docs/1secure/admin/organizations/addsite ![addorganizationsagent](/images/1secure/admin/organizations/addorganizationsagent.webp) **Step 5 –** On the Configure source details (Step 3 of 4) window, follow the instructions to -install the agent. Please go to the [Install Agent](/docs/1secure/install/installagent.md) topic of the +install the agent. Go to the [Install Agent](/docs/1secure/install/installagent.md) topic of the online help. Click **Next**. :::note diff --git a/docs/1secure/admin/organizations/addsites.md b/docs/1secure/admin/organizations/addsites.md index d4794a3d71..b4f8e8d1f6 100644 --- a/docs/1secure/admin/organizations/addsites.md +++ b/docs/1secure/admin/organizations/addsites.md @@ -20,7 +20,7 @@ for the agent updates. ## Add a New Site -Follow the steps to add a site to your organization. +**To add a site to your organization:** **Step 1 –** Add your organization or add a source to the created organization. See the [Add Organizations](/docs/1secure/admin/organizations/addorganizations.md) topic for additional information. @@ -53,25 +53,25 @@ information. The site is now added. -You can now add the created sites to your source. +To add the created sites to your source: **Step 1 –** Add a source to the your organization. -**Step 2 –** Select your site from the drop-down list or click the **Add** icon, if your want to add +**Step 2 –** Select your site from the dropdown list or click the **Add** icon, if your want to add a new site. Click **Next**. ![sitesdropdown](/images/1secure/admin/organizations/sitesdropdown.webp) -**Step 3 –** Finish adding the source. Screens will vary depending on the source added. See the +**Step 3 –** Finish adding the source. Screens vary depending on the source. See the [Add a Source and Connectors for Active Directory](/docs/1secure/admin/organizations/sourcesandconnectors/activedirectory.md) or [Add a Source and Connectors for Computer](/docs/1secure/admin/organizations/sourcesandconnectors/computer.md)topic for additional information. ## View Sites and Agent Status -Now you can review the created site for your organization and check the agent status. +Review the created site for your organization and check the agent status. -Follow the steps to view the site for the organization. +**To view the site for the organization:** **Step 1 –** Navigate to Managed Organizations > "your organization" > Sites. @@ -79,7 +79,7 @@ Follow the steps to view the site for the organization. **Step 2 –** View the following details: -- Agent status – Agent status in color. See the [Statuses](docs\1secure\admin\statuses.md) topic for additional +- Agent status – Agent status in color. See the [Statuses](/docs/1secure/admin/statuses.md) topic for additional information - Server name – Server from which the data is collected - Last Connected – Last connection time with your agent in UTC diff --git a/docs/1secure/admin/organizations/billableaccounts.md b/docs/1secure/admin/organizations/billableaccounts.md index f95d1cd2c9..8a8999e9f0 100644 --- a/docs/1secure/admin/organizations/billableaccounts.md +++ b/docs/1secure/admin/organizations/billableaccounts.md @@ -43,7 +43,7 @@ The system calculates: The number of synced users from on-prem is registered against the on-prem tenant reference. Netwrix 1Secure uses the highest number out of on-prem users reported by the Agent and the number of hybrid users reported by the Microsoft Entra ID connector as the on-prem total. Then the Microsoft Entra ID -users, which are not synced with on-prem envinronment, are added. +users, which aren't synced with on-prem envinronment, are added. **Example:** @@ -60,7 +60,7 @@ percentage = users calculated in the environment / users for which the license i ## Omits From the Accounts -The accounts with the following attributes are not counted against a total number of Active +The accounts with the following attributes aren't counted against a total number of Active Directory accounts by default: - \*\System\Policies\{\*}\* diff --git a/docs/1secure/admin/organizations/managemyorganization.md b/docs/1secure/admin/organizations/managemyorganization.md index 684acc9d70..24a05522db 100644 --- a/docs/1secure/admin/organizations/managemyorganization.md +++ b/docs/1secure/admin/organizations/managemyorganization.md @@ -6,7 +6,7 @@ sidebar_position: 30 # Manage My Organization -After you added your organization, you can review or edit your profile on Configuration > My +After you add your organization, you can review or edit your profile on Configuration > My Organization page. ![myorganization](/images/1secure/admin/organizations/myorganization.webp) @@ -14,8 +14,8 @@ Organization page. - Optionally, specify Edit settings or Request Deletion for your Organization. :::note - If you are a Managed Service Provider or a parent tenant, your organization will be - deleted within 14 days. If you are a child tenant, your organization will be deleted within 2 + If you are a Managed Service Provider (MSP) or a parent tenant, your organization is + deleted within 14 days. If you are a child tenant, your organization is deleted within 2 days. ::: diff --git a/docs/1secure/admin/organizations/managingcredentials.md b/docs/1secure/admin/organizations/managingcredentials.md index cf56ac60e5..fb9606a3fa 100644 --- a/docs/1secure/admin/organizations/managingcredentials.md +++ b/docs/1secure/admin/organizations/managingcredentials.md @@ -10,13 +10,12 @@ In Netwrix 1Secure, you need to set up credentials while adding the sources for You can then review the credentials, edit, or delete them on the Configuration > Managed Organizations > Credentials tab, by selecting the organization. -This page allows to you review you the name of the source you created, its location (cloud or -on-prem), and type. You can edit or delete the credential by selecting the credential and then click -the **Edit** or **Delete** icon. +This page displays the name of each source you created, its location (cloud or on-prem), and its +type. To edit or delete a credential, select it and then click the **Edit** or **Delete** icon. | Icon | Description | | ---------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| ![alert_icon](/images/1secure/admin/organizations/alert_icon.webp) | Alert Icon. Click the Alert Icon to notify that the credentials have expired or been lost after reinstallation of the Netwrix Cloud Agent and must be entered again before they can be used. | +| ![alert_icon](/images/1secure/admin/organizations/alert_icon.webp) | Alert Icon. Click the Alert Icon to notify that the credentials have expired or were lost after reinstallation of the Netwrix Cloud Agent and require re-entry before use. | :::note You can delete a credential if no sources are using those credentials. diff --git a/docs/1secure/admin/organizations/organizationgroups.md b/docs/1secure/admin/organizations/organizationgroups.md index 9a58632246..171941adcd 100644 --- a/docs/1secure/admin/organizations/organizationgroups.md +++ b/docs/1secure/admin/organizations/organizationgroups.md @@ -11,13 +11,13 @@ assigned to it. Each group consists of assigned organizations and the users resp them. :::note -Administrators have access to all tenancies regardless of the organization group(s). +Administrators have access to all tenancies regardless of the organization groups. ::: ## Add an Organization Group -Follow the steps to add an organization group. +**To add an organization group:** **Step 1 –** Navigate to the **Configuration** > **Organization groups** page. @@ -31,11 +31,11 @@ Follow the steps to add an organization group. - Group name – Specify a name for the organization group - Select managed organizations – Select an organization to assign it to the group. To assign - multiple organizations, select them one by one from the drop-down menu. These organizations will - then be managed under the group. + multiple organizations, select them one by one from the dropdown menu. These organizations are + managed under the group. - Select users to manage this group – Select a user who is responsible for managing the organizations assigned to the group. To specify multiple users, select them one by one from the - drop-down menu. + dropdown menu. **Step 4 –** Click **Save**. @@ -52,7 +52,7 @@ page. Group names containing the string are displayed as you type. ## Modify an Organization Group -Follow the steps to modify an organization group. +**To modify an organization group:** **Step 1 –** Navigate to the **Configuration** > **Organization groups** page. @@ -68,7 +68,7 @@ Follow the steps to modify an organization group. ## Delete an Organization Group -Follow the steps to delete an organization group. +**To delete an organization group:** **Step 1 –** Navigate to the **Configuration** > **Organization groups** page. diff --git a/docs/1secure/admin/organizations/overview.md b/docs/1secure/admin/organizations/overview.md index 542c2dd015..748cded901 100644 --- a/docs/1secure/admin/organizations/overview.md +++ b/docs/1secure/admin/organizations/overview.md @@ -13,15 +13,15 @@ to the authorized administrators of a company or Managed Service Provider on the The topics in this section provide information for: adding your organization, adding users, adding data source, and other configurations for the Managed Service Provider. -After authorizing in a system, Managed Service Providers (MSP) need to configure their organization. +After logging in, Managed Service Providers (MSP) need to configure their organization. The Organization is the name of the company you use to log in. See the -[First Login to 1Secure](/docs/1secure/admin/login/login.md) topic for additional information. +[First Log In to 1Secure](/docs/1secure/admin/login/login.md) topic for additional information. -In system, there are parent tenants and child tenants. _Parent tenant_ or Managing Organization is -the MSP you are authorizing with. The MSP or parent tenant may have lots of clients or _child +In the system, there are parent tenants and child tenants. _Parent tenant_ or Managing Organization is +the MSP you log in with. The MSP or parent tenant may have many clients or _child tenants_ (Managed Organization), which you can review and add on the Managed Organization page. -Below you can see home pages of: +The following shows the home pages of: - Managing Organization diff --git a/docs/1secure/admin/organizations/sourcesandconnectors/activedirectory.md b/docs/1secure/admin/organizations/sourcesandconnectors/activedirectory.md index a1b362dd1d..521cff95f1 100644 --- a/docs/1secure/admin/organizations/sourcesandconnectors/activedirectory.md +++ b/docs/1secure/admin/organizations/sourcesandconnectors/activedirectory.md @@ -6,12 +6,12 @@ sidebar_position: 10 # Add a Source and Connectors for Active Directory -Follow the steps to add an Active Directory data source and connector(s) to your organization. +**To add an Active Directory data source and connectors to your organization:** **Step 1 –** Click **Configuration** in the top bar. The Managed organizations page is displayed, that lists the managed organizations defined in 1Secure. -**Step 2 –** Click an organization to define a data source and connector(s) for it. The properties +**Step 2 –** Click an organization to define a data source and connectors for it. The properties page for the organization is displayed with the Sources tab selected by default. **Step 3 –** On the Sources tab, click **Add** to add a source. The Select Data Source (Step 1 of 3) @@ -23,20 +23,20 @@ pane is displayed. ![Configure Source Details %28Step 2 of 3%29 pane](/images/1secure/admin/organizations/sourcesandconnectors/configuresourcedetails_step2-3.webp) -**Step 5 –** On the Configure source details (Step 2 of 3) pane, use the Site drop-down menu to +**Step 5 –** On the Configure source details (Step 2 of 3) pane, use the Site dropdown menu to select an existing site or add a new one. To add a new site, select the **Add new site** option from -the drop-down menu or click the **Add** icon. +the dropdown menu or click the **Add** icon. - When you choose to add a new site, you have to provide a name for it in the New site name field. Then click **Next** to proceed with configuring the agent for the site. See the [Install Agent](/docs/1secure/install/installagent.md) topic for details on configuring the agent, starting at Step 6. -- When you select an existing site from the drop-down menu, one of the following happens: +- When you select an existing site from the dropdown menu, one of the following happens: - - If the agent has not been configured for the site, the system will proceed with the agent + - If the agent has not been configured for the site, the system proceeds with the agent configuration when you click _Next_. See the [Install Agent](/docs/1secure/install/installagent.md) topic for details on configuring the agent, starting at Step 6. - - If the agent has already been configured for the site, the system will proceed with the Active + - If the agent has already been configured for the site, the system proceeds with the Active Directory source and connector settings when you click _Next_. **Step 6 –** Click **Next**. @@ -52,17 +52,17 @@ the drop-down menu or click the **Add** icon. create a source for. - Crawl Source – Toggle this option to ON to enable data collection for the source. - Service Account OUs – Specify organizational units (OUs) to exclude their service accounts from - billable domain accounts so that they are not audited. To specify an organizational unit (OU), + billable domain accounts so that they aren't audited. To specify an organizational unit (OU), enter its name and click the Add icon. To specify multiple organizational units, add them one by one. - Credentials – Displays the crdentials that have already been added, while also providing the option to add new credentials. Netwrix 1Secure uses these credentials to connect to the data source. You can select existing credentials or add new ones. To add new credentials, select **Add - new Credentials** from the drop-down menu or click the **Add** icon, then specify the following: + new Credentials** from the dropdown menu or click the **Add** icon, then specify the following: - Username – The username of an Active Directory account in Domain\Username format - Password – The password of the Active Directory account - - Display Name – Specify a name you want to show for your credentials. It will be displayed on + - Display Name – Specify a name to display for your credentials. The name appears on the Credentials tab of the Managed Organizations page. **Step 8 –**  Click **Next**. @@ -94,18 +94,18 @@ Directory. Specufy the following: additional information. :::warning - If Netwrix Auditor and Netwrix 1Secure audit the same domain, make sure that the + If Netwrix Auditor and Netwrix 1Secure audit the same domain, ensure that the network traffic compression service is enabled for only one of the products or neither product - for any of the audited services. It cannot be enabled for both products. + for any of the audited services. It can't be enabled for both products. ::: - Adjust audit settings automatically – Select this checkbox to adjust the audit settings - automatically. With this approach, 1Secure will check your current audit settings at each data - collection session and adjust them if necessary. See the + automatically. With this approach, 1Secure checks your current audit settings at each data + collection session and adjusts them if necessary. See the [Active Directory: automatic configuration](/docs/1secure/configuration/admanual/auto.md) topic for additional information. **Step 11 –** Click **Finish**. -The Active Directory data source and connector(s) have been configured. +The Active Directory data source and connectors have been configured. diff --git a/docs/1secure/admin/organizations/sourcesandconnectors/computer.md b/docs/1secure/admin/organizations/sourcesandconnectors/computer.md index 4f348435a3..1543c41ea8 100644 --- a/docs/1secure/admin/organizations/sourcesandconnectors/computer.md +++ b/docs/1secure/admin/organizations/sourcesandconnectors/computer.md @@ -6,12 +6,12 @@ sidebar_position: 30 # Add a Source and Connectors for Computer -Follow the steps to add a Computer data source and connector(s) to your organization. +**To add a Computer data source and connectors to your organization:** **Step 1 –** Click **Configuration** in the top bar. The Managed organizations page is displayed, that lists the managed organizations defined in 1Secure. -**Step 2 –** Click an organization to define a data source and connector(s) for it. The properties +**Step 2 –** Click an organization to define a data source and connectors for it. The properties page for the organization is displayed with the Sources tab selected by default. **Step 3 –** On the Sources tab, click **Add** to add a source. The Select Data Source (Step 1 of 3) @@ -23,20 +23,20 @@ pane is displayed. ![Configure Source Details %28Step 2 of 3%29 pane](/images/1secure/admin/organizations/sourcesandconnectors/configuresourcedetails_step2-3.webp) -**Step 5 –** On the Configure source details (Step 2 of 3) pane, use the Site drop-down menu to +**Step 5 –** On the Configure source details (Step 2 of 3) pane, use the Site dropdown menu to select an existing site or add a new one. To add a new site, select the **Add new site** option from -the drop-down menu or click the **Add** icon. +the dropdown menu or click the **Add** icon. - When you choose to add a new site, you have to provide a name for it in the New site name field. Then click **Next** to proceed with configuring the agent for the site. See the [Install Agent](/docs/1secure/install/installagent.md) topic for details on configuring the agent, starting at Step 6. -- When you select an existing site from the drop-down menu, one of the following happens: +- When you select an existing site from the dropdown menu, one of the following happens: - - If the agent has not been configured for the site, the system will proceed with the agent + - If the agent has not been configured for the site, the system proceeds with the agent configuration when you click _Next_. See the [Install Agent](/docs/1secure/install/installagent.md) topic for details on configuring the agent, starting at Step 6. - - If the agent has already been configured for the site, the system will proceed with the + - If the agent has already been configured for the site, the system proceeds with the Computer source and connector settings when you click _Next_. **Step 6 –** Click **Next**. @@ -49,13 +49,13 @@ the drop-down menu or click the **Add** icon. the following: - Endpoint – Specify the IP address, fully qualified domain name (FQDN), or NetBIOS name of the - computer to crawl. If you specify a FQDN, all computers within that domain will be crawled. + computer to crawl. If you specify a FQDN, 1Secure crawls all computers within that domain. - Source Name – Specify a name for the data source - Computer source group – Displays the computer source groups that have already been added, while also providing the option to add a new source group. Grouping sources, such as computers, allows them to share a common configuration and makes it easier to manage related sources together. Select an existing source group or add a new one. To add a new source group, - select **Add new computer source group** from the drop-down menu or click the **Add** icon, + select **Add new computer source group** from the dropdown menu or click the **Add** icon, then specify a name for the source group in the Add new computer source group field. - AD Container – Select this option to crawl the computers within an Active Directory container, @@ -63,7 +63,7 @@ the drop-down menu or click the **Add** icon. - Domain Name – Specify the FQDN of the domain the container exists in. - Container Name – Specify the name of the container to crawl its computers. - - Detection Interval – Specify the time interval (in hour(s) and minutes(s)) after which the + - Detection Interval – Specify the time interval (in hours and minutes) after which the source group will automatically detect the computers for auditing. - Source Group – Specify a name for the group to which the data source will belong. Grouping sources, such as computers, allows them to share a common configuration and makes it easier to @@ -73,12 +73,12 @@ the drop-down menu or click the **Add** icon. - Credentials – Displays the crdentials that have already been added, while also providing the option to add new credentials. Netwrix 1Secure uses these credentials to connect to the data source. You can select existing credentials or add new ones. To add new credentials, select **Add - new Credentials** from the drop-down menu or click the **Add** icon, then specify the following: + new Credentials** from the dropdown menu or click the **Add** icon, then specify the following: - Username – The name of a user account with the access rights to collect data from a computer or all computers in a domain. Provide the username in the Domain\UserAccount format. - Password – The password of the user account - - Display Name – Specify a name you want to show for your credentials. It will be displayed on + - Display Name – Specify a name to display for your credentials. The name appears on the Credentials tab of the Managed Organizations page. **Step 8 –**  Click **Next**. @@ -97,22 +97,22 @@ the following: additional information. :::warning - If Netwrix Auditor and Netwrix 1Secure audit the same domain, make sure that the + If Netwrix Auditor and Netwrix 1Secure audit the same domain, ensure that the network traffic compression service is enabled for only one of the products or neither product - for any of the audited services. It cannot be enabled for both products. + for any of the audited services. It can't be enabled for both products. ::: - Adjust audit settings automatically – Select this checkbox to adjust the audit settings - automatically. With this approach, 1Secure will check your current audit settings at each data - collection session and adjust them if necessary. See the + automatically. With this approach, 1Secure checks your current audit settings at each data + collection session and adjusts them if necessary. See the [Active Directory: automatic configuration](/docs/1secure/configuration/admanual/auto.md) topic for additional information. - Monitor User Hidden Shares – Select this checkbox to monitor the user hidden shares on the computer. :::note - The administrative hidden shares such as admin$ will not be monitored. + Administrative hidden shares such as admin$ aren't monitored. ::: diff --git a/docs/1secure/admin/organizations/sourcesandconnectors/entraid.md b/docs/1secure/admin/organizations/sourcesandconnectors/entraid.md index 4c8da956d2..5df0ecbf3d 100644 --- a/docs/1secure/admin/organizations/sourcesandconnectors/entraid.md +++ b/docs/1secure/admin/organizations/sourcesandconnectors/entraid.md @@ -6,12 +6,12 @@ sidebar_position: 20 # Add a Source and Connectors for Microsoft Entra ID -Follow the steps to add a Microsoft Entra ID data source and connector(s) to your organization. +**To add a Microsoft Entra ID data source and connectors to your organization:** **Step 1 –** Click **Configuration** in the top bar. The Managed organizations page is displayed, that lists the managed organizations defined in 1Secure. -**Step 2 –** Click an organization to define a data source and connector(s) for it. The properties +**Step 2 –** Click an organization to define a data source and connectors for it. The properties page for the organization is displayed with the Sources tab selected by default. **Step 3 –** On the Sources tab, click **Add** to add a source. The Select Data Source (Step 1 of 3) @@ -33,13 +33,13 @@ pane is displayed. for additional information. - Crawl Source – Toggle this option to ON to enable data collection for the source - Service Account Entra ID Groups – Specify Microsoft Entra ID groups to exclude their service - accounts from billable domain accounts so that they are not audited. To specify a Microsoft Entra + accounts from billable domain accounts so that they aren't audited. To specify a Microsoft Entra ID group, enter its name and click the **Add** icon. To specify multiple Microsoft Entra ID groups, add them one by one. - Credentials – Displays the crdentials that have already been added, while also providing the option to add new credentials. Netwrix 1Secure uses these credentials to connect to the data source. You can select existing credentials or add new ones. To add new credentials, select **Add - new Credentials** from the drop-down menu or click the **Add** icon, then specify the following: + new Credentials** from the dropdown menu or click the **Add** icon, then specify the following: - Client ID – The client ID of the app registered in Microsoft Entra ID. See the [App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/registerconfig/registerconfig.md) topic @@ -52,7 +52,7 @@ pane is displayed. it to the app registered in Microsoft Entra ID. See the [Upload a Certificate](/docs/1secure/configuration/registerconfig/registerconfig.md#upload-a-certificate) topic for additional information. - - Display Name – Specify a name you want to show for your credentials. It will be displayed on + - Display Name – Specify a name to display for your credentials. The name appears on the Credentials tab of the Managed Organizations page. **Step 6 –** Click **Next**. @@ -83,4 +83,4 @@ ID. Specify the following: **Step 8 –** Click **Finish**. -The Microsoft Entra ID data source and connector(s) have been configured. +The Microsoft Entra ID data source and connectors have been configured. diff --git a/docs/1secure/admin/organizations/sourcesandconnectors/exchangeonline.md b/docs/1secure/admin/organizations/sourcesandconnectors/exchangeonline.md index 2d4171bac9..063dd4ad2a 100644 --- a/docs/1secure/admin/organizations/sourcesandconnectors/exchangeonline.md +++ b/docs/1secure/admin/organizations/sourcesandconnectors/exchangeonline.md @@ -6,12 +6,12 @@ sidebar_position: 40 # Add a Source and Connectors for Exchange Online -Follow the steps to add an Exchange Online data source and connector(s) to your organization. +**To add an Exchange Online data source and connectors to your organization:** **Step 1 –** Click **Configuration** in the top bar. The Managed organizations page is displayed, that lists the managed organizations defined in 1Secure. -**Step 2 –** Click an organization to define a data source and connector(s) for it. The properties +**Step 2 –** Click an organization to define a data source and connectors for it. The properties page for the organization is displayed with the Sources tab selected by default. **Step 3 –** On the Sources tab, click **Add** to add a source. The Select Data Source (Step 1 of 3) @@ -35,7 +35,7 @@ pane is displayed. - Credentials – Displays the crdentials that have already been added, while also providing the option to add new credentials. Netwrix 1Secure uses these credentials to connect to the data source. You can select existing credentials or add new ones. To add new credentials, select **Add - new Credentials** from the drop-down menu or click the **Add** icon, then specify the following: + new Credentials** from the dropdown menu or click the **Add** icon, then specify the following: - Client ID – The client ID of the app registered in Microsoft Entra ID. See the [App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/registerconfig/registerconfig.md) topic @@ -48,7 +48,7 @@ pane is displayed. it to the app registered in Microsoft Entra ID. See the [Upload a Certificate](/docs/1secure/configuration/registerconfig/registerconfig.md#upload-a-certificate) topic for additional information. - - Display Name – Specify a name you want to show for your credentials. It will be displayed on + - Display Name – Specify a name to display for your credentials. The name appears on the Credentials tab of the Managed Organizations page. **Step 6 –** Click **Next**. diff --git a/docs/1secure/admin/organizations/sourcesandconnectors/overview.md b/docs/1secure/admin/organizations/sourcesandconnectors/overview.md index 33539a0a28..8fb4c95700 100644 --- a/docs/1secure/admin/organizations/sourcesandconnectors/overview.md +++ b/docs/1secure/admin/organizations/sourcesandconnectors/overview.md @@ -22,7 +22,7 @@ Using connectors, Netwrix 1Secure can: - Connect to your sources for analyzing and processing the data :::note -Before adding a data source, make sure its prerequisites are met. See the +Before adding a data source, ensure its prerequisites are met. See the [Requirements](/docs/1secure/requirements/prerequisitesfordatasources.md) topic for additional information. diff --git a/docs/1secure/admin/organizations/sourcesandconnectors/sharepointonline.md b/docs/1secure/admin/organizations/sourcesandconnectors/sharepointonline.md index 13b0e38fc6..0005aec1bb 100644 --- a/docs/1secure/admin/organizations/sourcesandconnectors/sharepointonline.md +++ b/docs/1secure/admin/organizations/sourcesandconnectors/sharepointonline.md @@ -6,12 +6,12 @@ sidebar_position: 50 # Add a Source and Connectors for SharePoint Online -Follow the steps to add a SharePoint Online source and connector(s) to your organization. +**To add a SharePoint Online source and connectors to your organization:** **Step 1 –** Click **Configuration** in the top bar. The Managed organizations page is displayed, that lists the managed organizations defined in 1Secure. -**Step 2 –** Click an organization to define a data source and connector(s) for it. The properties +**Step 2 –** Click an organization to define a data source and connectors for it. The properties page for the organization is displayed with the Sources tab selected by default. **Step 3 –** On the Sources tab, click **Add** to add a source. The Select Data Source (Step 1 of 3) @@ -35,7 +35,7 @@ pane is displayed. - Credentials – Displays the crdentials that have already been added, while also providing the option to add new credentials. Netwrix 1Secure uses these credentials to connect to the data source. You can select existing credentials or add new ones. To add new credentials, select **Add - new Credentials** from the drop-down menu or click the **Add** icon, then specify the following: + new Credentials** from the dropdown menu or click the **Add** icon, then specify the following: - Client ID – The client ID of the app registered in Microsoft Entra ID. See the [App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/registerconfig/registerconfig.md) topic @@ -48,7 +48,7 @@ pane is displayed. it to the app registered in Microsoft Entra ID. See the [Upload a Certificate](/docs/1secure/configuration/registerconfig/registerconfig.md#upload-a-certificate) topic for additional information. - - Display Name – Specify a name you want to show for your credentials. It will be displayed on + - Display Name – Specify a name to display for your credentials. The name appears on the Credentials tab of the Managed Organizations page. **Step 6 –** Click **Next**. @@ -75,7 +75,7 @@ Online. Specify the following: state-in-time data for personal OneDrives. - SharePoint Online Data Classification – Toggle the **SharePoint Online Data Classification** - switch to ON to allow 1Secure to read the documents in order to classify and label them based on + switch to ON to allow 1Secure to read the documents to classify and label them based on the type of data they contain. - Establish connection to your Classifier app – See the @@ -83,8 +83,13 @@ Online. Specify the following: topic for additional information. - Run OCR to improve classification of images (increases processing time) – Toggle this switch to ON to use Optical Character Recognition (OCR) to scan images for text, which helps to - classify the sensitive data more effectively. Note that this increases the processing time for - data classification. + classify the sensitive data more effectively. + +:::note +This increases the processing time for data classification. +::: + + - In the Sensitive Data Types to Classify area, specify how 1Secure would handle already classified documents and select which sensitive data types to detect as part of classification processing. @@ -97,20 +102,20 @@ Online. Specify the following: > the previously applied label takes precedence. > - Allow downgrading of existing Sensitivity Labels (if overwriting enabled) – Sensitivity > labels can range from less restrictive to more restrictive, such as Public > Sensitive < - > Highly Critical. When this switch is toggled ON, it allows 1Secure to overwrite the + > Highly Critical. When this switch is toggled ON, 1Secure can overwrite the > label for a document, even when this label is less restrictive than the existing one. - > When toggled OFF, 1Secure will not be able to overwrite the existing label with a less + > When toggled OFF, 1Secure cannot overwrite the existing label with a less > restrictive one, even if overwriting is enabled. For example, if a document is already > labeled as "Highly Critical", and 1Secure determines its sensitivity level as - > "Sensitive", it will not change it. + > "Sensitive", it does not change it. > - Select the Enabled checkbox for each data type you want 1Secure to identify and label > when classifying scanned documents. For example, you might enable PII but leave PCI DSS - > unchecked if it is not applicable to your organization. Available data types include + > unchecked if it isn't applicable to your organization. Available data types include > CCPA, CMMC, Credentials, Financial Records, GDPR, GDPR Restricted, GLBA, HIPAA, PCI DSS, > PHI, and PII. For each enabled data type, select a label from the Sensitivity Label - > drop-down menu. Once you map a label to a data type, that label will be applied to a + > dropdown menu. After you map a label to a data type, that label is applied to a > document that contains the respective data type. **Step 8 –** Click **Finish**. -The SharePoint Online data source and connector(s) have been configured. +The SharePoint Online data source and connectors have been configured. diff --git a/docs/1secure/admin/organizations/sourcesandconnectors/sqlserver.md b/docs/1secure/admin/organizations/sourcesandconnectors/sqlserver.md index a02f0068ab..61feb6e380 100644 --- a/docs/1secure/admin/organizations/sourcesandconnectors/sqlserver.md +++ b/docs/1secure/admin/organizations/sourcesandconnectors/sqlserver.md @@ -6,12 +6,12 @@ sidebar_position: 60 # Add a Source and Connectors for SQL Server -Follow the steps to add a SQL Server data source and connector to your organization. +**To add a SQL Server data source and connector to your organization:** **Step 1 –** Click **Configuration** in the top bar. The Managed organizations page is displayed, that lists the managed organizations defined in 1Secure. -**Step 2 –** Click an organization to define a data source and connector(s) for it. The properties +**Step 2 –** Click an organization to define a data source and connectors for it. The properties page for the organization is displayed with the Sources tab selected by default. **Step 3 –** On the Sources tab, click **Add** to add a source. The Select Data Source (Step 1 of 3) @@ -23,20 +23,20 @@ pane is displayed. ![Configure Source Details %28Step 2 of 3%29 pane](/images/1secure/admin/organizations/sourcesandconnectors/configuresourcedetails_step2-3.webp) -**Step 5 –** On the Configure source details (Step 2 of 3) pane, use the Site drop-down menu to +**Step 5 –** On the Configure source details (Step 2 of 3) pane, use the Site dropdown menu to select an existing site or add a new one. To add a new site, select the **Add new site** option from -the drop-down menu or click the **Add** icon. +the dropdown menu or click the **Add** icon. - When you choose to add a new site, you have to provide a name for it in the New site name field. Then click **Next** to proceed with configuring the agent for the site. See the [Install Agent](/docs/1secure/install/installagent.md) topic for details on configuring the agent, starting at Step 6. -- When you select an existing site from the drop-down menu, one of the following happens: +- When you select an existing site from the dropdown menu, one of the following happens: - - If the agent has not been configured for the site, the system will proceed with the agent + - If the agent has not been configured for the site, the system proceeds with the agent configuration when you click _Next_. See the [Install Agent](/docs/1secure/install/installagent.md) topic for details on configuring the agent, starting at Step 6. - - If the agent has already been configured for the site, the system will proceed with the SQL + - If the agent has already been configured for the site, the system proceeds with the SQL Server source and connector settings when you click _Next_. **Step 6 –** Click **Next**. @@ -54,12 +54,12 @@ the drop-down menu or click the **Add** icon. - Credentials – Displays the crdentials that have already been added, while also providing the option to add new credentials. Netwrix 1Secure uses these credentials to connect to the data source. You can select existing credentials or add new ones. To add new credentials, select **Add - new Credentials** from the drop-down menu or click the **Add** icon, then specify the following: + new Credentials** from the dropdown menu or click the **Add** icon, then specify the following: - Username – The username of the SQL Server account - Password – The password of the account - The newly added credentials are also displayed in the drop-down menu. + The newly added credentials are also displayed in the dropdown menu. **Step 8 –** Click **Next**. @@ -73,8 +73,8 @@ generate logon reports on SQL Server data. See the **Step 10 –** Choose one option from the following: - Audit all accounts – Select this option to audit all accounts within the connector -- Audit specific accounts – Select this option to audit only the specific account(s) within the - connector. After selecting this option, specify the account(s) to be audited in the field below. +- Audit specific accounts – Select this option to audit only specific accounts within the + connector. After selecting this option, specify the accounts to be audited in the field below. To specify an account, enter its name and click the Add icon. To audit multiple accounts, add them one by one. diff --git a/docs/1secure/admin/organizations/viewtabsanddashboard.md b/docs/1secure/admin/organizations/viewtabsanddashboard.md index 3921ff7efa..7c40fd16bd 100644 --- a/docs/1secure/admin/organizations/viewtabsanddashboard.md +++ b/docs/1secure/admin/organizations/viewtabsanddashboard.md @@ -19,7 +19,7 @@ The Managed organizations page has the following tabs: the [Sources and Connectors](/docs/1secure/admin/organizations/sourcesandconnectors/overview.md) topic for additional information. - Sites – View the sites and status of your Netwrix Cloud Agent. See the [Add Sites to an Organization](/docs/1secure/admin/organizations/addsites.md) and - [Update Netwrix Cloud Agent](docs\1secure\admin\updatenetwrixcloudagent.md) topic for additional information. + [Update Netwrix Cloud Agent](/docs/1secure/admin/updatenetwrixcloudagent.md) topic for additional information. - Credentials – Review and edit the credentials of your organization. See the[ Manage Credentials ](/docs/1secure/admin/organizations/managingcredentials.md)topic for additional information. - Users – Review or add Business Viewers or Co-managing Administrators to the audited organization. @@ -34,8 +34,8 @@ In addition to the tabs, the right upper corner of the page has the following op ## View the Dashboard for an Organization -Once you select **View dashboard** on your organization's tab, you can view the predefined -dashboards with the data applicable to your organization. These includes the following dashboards: +After you select **View dashboard** on your organization's tab, you can view the predefined +dashboards with data applicable to your organization. The following dashboards are available: - New investigation – Search incidents, create reports, and browse your data - [Risk Assessment Dashboard](/docs/1secure/admin/riskprofiles/riskassessmentdashboard.md) – Go to Risk Assessment diff --git a/docs/1secure/admin/overview.md b/docs/1secure/admin/overview.md index b56a086642..bbbaf5a739 100644 --- a/docs/1secure/admin/overview.md +++ b/docs/1secure/admin/overview.md @@ -7,11 +7,11 @@ sidebar_position: 50 # Overview Netwrix 1Secure is a Microsoft Azure-hosted, multi-tenant SaaS application that provides a single -location to manage both on-premises and cloud environments. The system collects data from the user environments and notifies you on any actions made to the organization. These could include deletion or adding accounts, working with group memberships, changes to the organization, etc. +location to manage both on-premises and cloud environments. The system collects data from user environments and notifies you of actions made to the organization, such as account deletions, account additions, group membership changes, and configuration changes. -With Netwrix 1Secure, Managed Service Providers can run various reports for your system, investigating incidents, suspicious activities, collected across the entire IT infrastructure. +With Netwrix 1Secure, Managed Service Providers can run reports to investigate incidents and suspicious activities collected across the entire IT infrastructure. Major benefits: - Detect system alerts — on premises and in the cloud -- Increase productivity of IT Managed Service Provider team -- Providing overall reports based on the search parameters +- Increase productivity of IT Managed Service Provider teams +- Generate reports based on search parameters diff --git a/docs/1secure/admin/riskprofiles/metrics_list.md b/docs/1secure/admin/riskprofiles/metrics_list.md index af5f1bea62..d4821d7b8d 100644 --- a/docs/1secure/admin/riskprofiles/metrics_list.md +++ b/docs/1secure/admin/riskprofiles/metrics_list.md @@ -12,7 +12,7 @@ certain profiles if they have been modified. | Risk Metric | Description | | --------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | User accounts with "Password never expires" (Enumerated) | Enabled user accounts whose passwords never expire might be in violation of your organization's security policy. | -| User accounts with "Password not required" (Enumerated) | Accounts that can be used to log on without a password are a high risk and require immediate attention. | +| User accounts with "Password not required" (Enumerated) | Accounts that allow log-on without a password are a high risk and require immediate attention. | | Disabled computer accounts (Enumerated) | Disabled computers often lack current patches and antivirus software, making them easy targets for cyberattacks if they are re-enabled. Periodically identifying and deleting these accounts will reduce this risk. | | Inactive user accounts (Enumerated) | Inactive user accounts can be taken over and misused, so you should periodically identify and disable them, and then remove them. | | Inactive computer accounts (Enumerated) | Inactive computer accounts can be misused, so you should periodically identify and disable them, and then remove them. | @@ -21,13 +21,13 @@ certain profiles if they have been modified. | Empty security groups (Enumerated) | Empty security groups with administrative privileges are a potential back door for attackers. Regularly identify and delete empty groups. | | Stale Guest Accounts (Enumerated) | Any guest users that have not logged in for "X" days. By default, the accounts that have not logged in for 35 days are shown. You can filter this data. | | User Accounts Created via Email Verified Self-Service Creation (Enumerated) | User accounts created with self-service account creation. Self-service account creation when not strictly verified, can allow unauthorized individuals to gain access to an organization's systems. This can lead to unauthorized data access, leakage of sensitive information, and the establishment of footholds for further attacks within the network. | -| User accounts with "No MFA Configured" (Enumerated) | User accounts which MFA is not configured with the admins of the organizations in Microsoft Entra ID. Without MFA, compromised credentials can lead directly to unauthorized entry, bypassing what is now considered a basic security standard. In the absence of MFA, even a strong password policy may not be sufficient to protect against phishing attacks and credential stuffing, which can lead to data breaches and system compromises. | +| User accounts with "No MFA Configured" (Enumerated) | User accounts which MFA isn't configured with the admins of the organizations in Microsoft Entra ID. Without MFA, compromised credentials can lead directly to unauthorized entry, bypassing what is now considered a basic security standard. In the absence of MFA, even a strong password policy may not be sufficient to protect against phishing attacks and credential stuffing, which can lead to data breaches and system compromises. | | Improper Number of Global Administrators (Binary) | Maintain strict control over the number of global administrators to minimize the risk of internal and external threats. Elevated privileges associated with such roles can lead to significant breaches if misused or compromised, disrupting business operations and potentially leading to substantial data loss or compliance violations. | -| Self-Serve Password Reset is Not Enabled (Binary) | Office 365's Self-Serve Password Reset feature enables users to reset their own password. It is recommended to allow users to reset their own passwords for the purpose of recovering their account in the event of accidental lockout or a security incident. | -| Unified Audit Log Search is Not Enabled (Binary) | Unified Audit Log Search allows for the centralized ingestion and searching of audit logs generated by Office 365 and can be a vital source of data for the investigation and detection of security incidents. It is recommended to enable unified audit log searching. | +| Self-Serve Password Reset — Disabled (Binary) | Office 365's Self-Serve Password Reset feature lets users reset their own passwords. Enable this feature so users can recover their accounts if they are accidentally locked out or a security incident occurs. | +| Unified Audit Log Search — Disabled (Binary) | Unified Audit Log Search provides centralized ingestion and searching of audit logs generated by Office 365 and is a vital data source for investigating and detecting security incidents. Enable unified audit log searching. | | Conditional Access Policies (Binary) | Insufficient Conditional Access and Security Defaults Configuration: The absence of Conditional Access policies coupled with disabled Microsoft Security Defaults creates a significant security vulnerability. This condition exposes the tenant to a variety of attacks due to inadequate protective measures. It is required for the organization to either enable Microsoft Security Defaults for common security features or establish fine-grained Conditional Access policies tailored to the organization’s specific security needs. Ensuring these security configurations are active and correctly set up is crucial to safeguard the tenant environment and user accounts from potential cyber threats. | | Conditional Access Policy Disables Admin Token Persistence (Binary) | Looks for Conditional Access policies that disable token persistence for users with admin roles and have a sign-in frequency that is less than or equal to nine hours. When an admin login has their token cached on the client, they are vulnerable for a Primary Refresh Token related attack. | | Dangerous Default Permissions (Binary) | By default, Azure tenants allow all users to access the Microsoft Entra ID blade, to read all other users’ accounts, create groups, and invite guests. These default settings extend to guest accounts as well, allowing guests to perform these same actions. Other default configurations allow for Self-Service creation of accounts from accepted mail domains. Amend dangerous default permissions, mitigating the risk of unauthorized data access and ensuring that only the necessary personnel have the appropriate level of access to sensitive systems and information. | -| Expired Domain Registrations Found (Binary) | Expired domains can be used for any attack vector that exploits an organization’s identity, such as account takeovers or phishing campaigns. Monitoring domain registration for the organization can help detect and alert on attempts to exploit this attack path. | +| Expired Domain Registrations Found (Binary) | Expired domains serve as an attack vector that exploits an organization’s identity, such as account takeovers or phishing campaigns. Monitoring domain registration for the organization can help detect and alert on attempts to exploit this attack path. | | MS Graph Powershell Service Principal Assignment Not Enforced (Binary) | Checks if the assignment for MsGraph Powershell is required. By default, Azure tenants allow all users to access Microsoft Graph PowerShell Module. This allows any authenticated user or guest the ability to abuse Dangerous Default Permissions, as well as enumerate the entire tenant. | | Third-Party Applications Allowed (Binary) | Third-party integrated applications are allowed to run in the organization's Office 365 environment if you authorize them to do so. This configuration is considered insecure because a user may grant permissions to a malicious application without fully understanding the security implications. A user who installs a malicious third-party application is in effect compromised. Additionally, there are documented cases of a malicious actor gaining access to sensitive information by enticing a user to allow a third-party integrated application to run within their O365 Tenant. | diff --git a/docs/1secure/admin/riskprofiles/riskassessmentdashboard.md b/docs/1secure/admin/riskprofiles/riskassessmentdashboard.md index 525b1bd1d9..795a8547d1 100644 --- a/docs/1secure/admin/riskprofiles/riskassessmentdashboard.md +++ b/docs/1secure/admin/riskprofiles/riskassessmentdashboard.md @@ -24,9 +24,8 @@ On the Risk Assessment dashboard, you can check: - Does your organization's security posture aligns with security frameworks like NIST? :::tip -Remember, each organization has a risk profile associated with it and the risk analysis of an -organization is based on the metrics included in the risk profile. See the -[Manage Risk Profiles](/docs/1secure/admin/riskprofiles/riskprofiles.md) topic for additional information. +Each organization has a risk profile associated with it, and the risk analysis of an organization is based on the metrics included in the risk profile. See the +[Manage Risk Profiles](/docs/1secure/admin/riskprofiles/riskprofiles.md) topic for additional information. ::: @@ -47,20 +46,19 @@ of the following: ## Filter Data -Multiple filters are available on this page to enable you to filter data as desired. You can apply -one or more filters at a time. +Multiple filters are available on this page. You can apply one or more filters at a time. -- Organizations – Select an organization from the drop-down menu located at the top left of the +- Organizations – Select an organization from the dropdown menu located at the top left of the dashboard. This option is only available to managing organization (MSP) users. -- Trend since – Select a time period from this drop-down menu to view the risk-related data for that - period. For example, if you select Last week, the data will reflect information for the last week. +- Trend since – Select a time period from this dropdown menu to view the risk-related data for that + period. For example, if you select Last week, the data reflects information for the last week. By default, Last month is selected. Options are: - Last week - Last month - Last 3 months -- Risk profile preview – Select a risk profile from the Risk profile preview drop-down menu +- Risk profile preview – Select a risk profile from the Risk profile preview dropdown menu **Card Filters** @@ -73,50 +71,50 @@ The following cards are available for filtering data: - Low – This card displays the number of low severity risks detected for the organization. Click it to view only the low severity risks on this page. - Since `