Skip to main content

Getting Started

Once Enterprise Auditor is installed, the following workflow will quickly enable users to begin auditing the organization’s IT infrastructure. See the Navigating the Console topic for additional information and data grid functionality.

Initial Configuration During First Launch

During the initial Enterprise Auditor Configuration Wizard, users are walked through configuring several key global settings:

  • Storage

    • Mandatory configuration during the first launch
    • Requires credential on the SQL® Server database which is used to create and modify the Enterprise Auditor database
    • Option to either create a new database or point to an existing database
    • If using Windows Authentication, the Schedule node must be configured also
    • See the Storage topic for additional information

  • Schedule

    • Only appears if the Storage Profile is configured to use Windows Authentication
    • If the Storage Profile is configured to use SQL Authentication, the setting is configured later
    • See the Schedule topic for additional information

  • Instant Job

    • Install the pre-configured solutions for which the organization is licensed
    • See the Instant Job Wizard topic for additional information

Global Settings Configured

The global Settings have an overall impact on the running of Enterprise Auditor jobs. They are managed through the Settings node at the top of the Navigation pane. The following global Settings require configuration from the start:

  • Connection – Configure the Default Connection Profile and additional Connection Profiles as needed for intended data collection
  • Schedule – Configure the Default Scheduled Service Account for scheduling Enterprise Auditor job execution, if not configured via the initial configuration wizard
  • Notification – Configure an SMTP server for Enterprise Auditor to use for sending email notifications

The other global Settings provide additional options for impacting how Enterprise Auditor functions:

  • Access – Enable and configure Role Based Access for a least privileged application of Enterprise Auditor and report viewing or the enable the REST API

    NOTE: If Role Based Access is enabled by accident, contact Netwrix Support for assistance in disabling it.

  • Application – Configure additional settings not included in the other nodes

  • Exchange – Configure Microsoft® Exchange Server connections

CAUTION: Do not configure data retention at the global level without ensuring History is supported by ALL solutions to be run.

  • History – Configure data retention and log retention settings
  • Host Discovery – Configure Host Discovery task settings
  • Host Inventory – Configure Host Inventory settings
  • Reporting – Configure reporting options, if necessary
  • Sensitive Data – Flag false positive within discovered potential sensitive data files
  • ServiceNow – Configure the ServiceNow Action Module authentication credentials
  • Storage – Configure additional SQL Server database Storage Profiles

See the Global Settings topic for additional information.

Discover Hosts for Enterprise Auditor

Within the terminology of Enterprise Auditor, hosts are the machines being targeted during data collection. Hosts can be discovered or manually introduced to Enterprise Auditor. Known hosts are then inventoried to populate dynamic host lists. Host discovery is done at the Host Discovery  node. Hosts are manually introduced at the Host Management node.

Host management consists of maintaining up-to-date host inventories and host lists which can be assigned to job groups or jobs as targeted hosts. See the Host Management topic for additional information.

Enterprise Auditor Job Workflow

Once the global Settings are configured and hosts have been introduced to Enterprise Auditor, it is time to begin auditing. This requires an understanding of the relationship between solutions, job groups, jobs, queries, analysis, actions, and reports.

The Enterprise Auditor job is the fundamental unit. Jobs are responsible for all data collection queries, analysis tasks, notification tasks, action tasks, and report generation. When Jobs are designed to work together, they are housed within job groups to control the order of job execution. Solutions are pre-configured job groups which have been designed to target specific types of environments to audit for specific data sets, typically the most common types of information desired.

See the Jobs Tree topic for additional information.