Netwrix Auditor

Sends alerts via email.

Sends scheduled log reports.

Keeps track of changes in Active Directory.

So far, we haven't experienced any issues with Netwrix Auditor.

Great reporting.

Easy setup for scheduled deliveries.

Easily readable reports.

Better alerting for errors in system.

Better alerting for occurrences that flag attention.

Better consistency checks to ensure data is current.

Data Tagging and Auditing

Identify the sensitive information

Ensure regulatory compliance

Better or more pre-defined incident response decisions

Full Domain Controller activity monitoring.

Video recording of system admins without and limit.

VMware user activity monitoring and auditing.

Audit user activity over network devices.

Windows File Server access monitoring and audit.

Cisco with IOS 16 and above is not supported under Network Devices.

System Up and Down Status.

Reporting.

Collecting logs

Providing alerts to email distribution list

Showing User videos

Collector service failures

Better GUI

best practice training

Custom Reporting

Canned Reports

Customer Support

Extending to Other Aspects of Microsoft Environment

Custom Reporting Features

Stream line of the user interface

more depth on One Drive Reporting

Monitor specific AD groups when a user is added/removed.

Password change notification for users.

Review logs in network devices.

Tech support is very good.

The GUI is quite basic and a little difficult to master getting information out of.

Training and how to resources are not great.

Initial installation and setup can be difficult.

The website trial shows off the features of the software while also teaching how to perform a user access audit.

The user interface is very clean, user-friendly, intuitive, and snappy.

The software comes with a lot of explanations for the built-in reports to help users understand what the report is used for.

The software also makes it really easy to monitor the organization, with alerts for unacceptable actions or for unusual behavior above thresholds.

Our IT department spent a long time working on getting some of the features and reports working, with some success, but many reports and features were never fixed after a whole year of working with support. Apparently Netwrix support was responsive, but their fixes often failed to work.

My experience with customer support was very negative. I had several instances of emails going unanswered, sometimes but not always because my contact left the company and our account was never handed over appropriately.

Technical issues can be time-consuming to diagnose because it's hard to tell if a report is loading slowly, or failing. I don't think this problem is unique to Netwrix, though.

Provides accurate information

Easy to generate reports

Easy to filter, after initial learning curve

Challenging to learn filter options when first using the product

Not much video training provided online for the product

Could have better training available (additional guides, videos)

Detect security threats.

Prove compliance.

Bit finicky at times.

Who has done the changes on systems

Password lockouts where it will tell you exactly where a person is locking which can be frustrating if it occurs too many times for one user.

It can show you things we rarely look at in our environment e.g on Active Directory things like duplicate group policy settings, empty security groups, computers which have not logged in in a long time thus helping you with your computer inventory.

Being able to get the actual device a user is locking in from Exchange Server because if a user is found to be locking out from an Exchange Server we have to look at Exchange Server IIS logs and parse through them using other tools like Log Parser looking for wrong password report. We need to use one product and that is Netwrix Auditor.

The software could also show when a server was restarted or rebooted.

Netwrix Auditor performs the audit collection process in a method that does not burden the systems it is auditing. It usually just pulls the log and event logs data from the machine it is auditing and then performs the extraction of the information in these files on the Netwrix Auditor server. This reducing the audit processes to only pulling log data from the server but does not keep the server busy processing the data.

Once the log data has been pulled from a server being audited, Netwrix will store the log data in a compressed form in its Long Term Archive. This allows the database to be kept smaller than the all the data being kept in the Log Term Archive and therefore makes creating reports much faster since the database is not as big as it could be.

Since Netwrix Auditor uses standard Microsoft SQL Server and SQL Server Reporting Services (SSRS) to perform reporting, working with the results of the audit is much easier. Anyone who knows SQL Server and SSRS can work with the data and create their own reports.

The predefined reports that come with Netwrix Auditor cover most of the items required to properly report on the status of a system. They have many predefined reports for FedRamp, PCI, HIPPA, and other compliance regulations.

Netwrix Auditor needs to improve its loading of Long Term Archive (LTA) data back into the database. I have been trying to load one month of LTA data back into the database for a few months now, but it can take a few days to successfully load just a few weeks of data. I have now started to attempt to load only two weeks of data at a time in the hopes that it will not destroy the data already loaded. I'm still working on this attempt. Netwrix Support told me that the only designed the reloading of LTA to work on a few days worth of data, but I need to be able to possibly seven years of data in the future. They are currently working on a solution to allow me to perform this task.

Netwrix needs to simply their database structure so it is easier to create your own reports. If they can't make the database structure any easier, they need to document it much more. The database documentation is very sparse and doesn't really state how you can use the database. There are many items I can find in the database but some items I have just given up on since it can be quite a task to find the data in the database.

Netwrix needs to release some form of internal documentation so clients can see what is happening during the audit data collection. I have specialists in certain areas of our systems, such as NetApp file server, ask me how it performs some of the auditing, and all I can say is "I'm not sure, I can ask but they probably won't be able to tell me."

Notifications on changes to sensitive accounts.

Detailed record of Group Policy changes.

HTML email reports

Netwrix Auditor sends out warnings to users when their passwords are close to expiring. This saves us some headache, because if they have any problems with changing their password, we can help them before they get locked out.

The notifications for multiple failed logons is a lifesaver. Very useful for spotting suspicious activity!

I love the way that you can create your own custom notifications and reports through the "Search" function. You can pick the "What", "Where", and "When" for the event you want to monitor and set up email email reports for them.

There is a bit of a learning curve. The interface is fairly intuitive, but I think there is room for improvement.

There is a LOT of functionality which can be quite overwhelming at first, but in and of itself, not a bad thing.

I think this software would benefit from a "Simple" mode and "Advanced" mode. This would ease the learning curve a bit.

The reporting features within Netwrix Auditor are by far the best feature, with a wide range of "pre-built" reports. The ability to create/generate your own reports makes it quite easy to look into the various items being monitored in the environment.

The set-up & ease of use of Netwrix is hard to match, not to mention the upgrades. To date, we've only had to contact support for one issue and it was an easy fix once we found the detailed information in their Knowledge Base.

Automation features within Netwrix help our daily tasks by ensuring we are not having to constantly monitor Netwrix, this is a huge time saver!

The only con I have is that sometimes technical support can be a bit delayed in getting back to us for issues, but it is only slightly so not a huge con by any means.

Ease of setup

Accurate reporting

Set and forget automated reporting

I can't honestly think of areas of improvement

Auditing account changes

Anomaly tracking

Easy setup

No areas at this point.

It alerts us to account lockouts and helped discover a firewall issue on one of our servers. The alerts and single interface have been very helpful.

I get a report on expired passwords and accounts which help me keep my directory tidy.

We can get access reports on files and folders which let us know when users are trying to access items they are not authorized to.

They have a screen capture function that I have never been able to get to work properly. However, I have never called their support on this issue so it is not necessarily a big ding against them. I am only mildly interested in this feature. We have enough network monitoring so I already know what my users are doing I don't need a capture.

The UI is very strong

Plenty of reports to generate

You can audit many applications including Active Directory, file server, SQL and Exchange/O365

We are very pleased with Netwrix

Automated alerts for changes to security within AD. It is able to sends alerts for just about any change within AD.

Tracing who changed what within AD. This can be found with AD, but Netwrix auditor makes it a lot more simple to find.

Enabling less technical people to have access to the auditing and security information that they need to manage the AD security model effectively. This product frees our technical teams from numerous minor requests for audit logs, tracking, investigations etc.

Stability is a concern. Despite running this for over one year, we have had issues with processor utilisation on several business critical servers including SQL servers that have meant that we have had to deinstall the product on those servers. No resolution, despite this being logged with the supplier for some 2 months.

Support from the US for UK clients is not up to standard, for the cost of the product and the cost of support we expected better. We are reconsidering our use of this product, despite its good level of reporting and automation of alerts.