Skip to main content
TrustRadius
Netwrix Auditor

Netwrix Auditor

Overview

What is Netwrix Auditor?

Netwrix Auditor is designed to enable auditing of the broadest variety of IT systems, including Active Directory, Exchange, file servers, SharePoint, SQL Server, VMware and Windows Server. It also supports monitoring of privileged user activity in all other systems. According to…

Read more
Recent Reviews

TrustRadius Insights

Netwrix Auditor has been widely used by various organizations to address a range of IT auditing and compliance needs. Many users have …
Continue reading
Read all reviews
Return to navigation

Pricing

View all pricing
N/A
Unavailable

What is Netwrix Auditor?

Netwrix Auditor is designed to enable auditing of the broadest variety of IT systems, including Active Directory, Exchange, file servers, SharePoint, SQL Server, VMware and Windows Server. It also supports monitoring of privileged user activity in all other systems. According to the…

Entry-level set up fee?

  • No setup fee
For the latest information on pricing, visithttps://www.netwrix.com/sign_in.html?rf…

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

67 people also want pricing

Alternatives Pricing

What is Cyral?

Cyral is a cloud-native Security-as-Code solution to protect the modern data layer. It allows engineering teams to observe, secure, and manage data endpoints in a cloud via a sidecar.

What is IDERA SQL Compliance Manager?

SQL Compliance Manager helps database administrators to monitor, audit, and alert on Microsoft SQL Server user activity and data changes. The vendor states it provides quick configuration of audit settings, a broad list of regulatory guideline templates for audit settings and reports, before and…

Return to navigation

Product Demos

Netwrix Auditor for Windows Server - Overview

YouTube

Netwrix Auditor for Active Directory - Overview

YouTube
Return to navigation

Product Details

What is Netwrix Auditor?

Netwrix Auditor is designed to enable auditing of the broadest variety of IT systems, including Active Directory, Exchange, file servers, SharePoint, SQL Server, VMware and Windows Server. It also supports monitoring of privileged user activity in all other systems.

According to the vendor, Netwrix Auditor eliminates these blind spots by delivering complete visibility into all changes to system configurations, content and permissions across the IT infrastructure. Moreover, Netwrix Auditor alerts organizations to changes that violate corporate security policies, enabling users to proactively detect suspicious user activity and prevent breaches.

Netwrix Auditor Features

  • Supported: Change Auditing of IT Systems
  • Supported: Configuration Auditing
  • Supported: Access Auditing

Netwrix Auditor Screenshots

Screenshot of Full visibility into changes to critical IT systemsScreenshot of Out-of-the-box Compliance ReportsScreenshot of Customized Reports On-Demand and Easy Data Search

Netwrix Auditor Video

Visit http://www.youtube.com/channel/UCEWr5nvGbkyyYdcXiwc-Zyg to watch Netwrix Auditor video.

Netwrix Auditor Competitors

Netwrix Auditor Technical Details

Deployment TypesOn-premise
Operating SystemsWindows
Mobile ApplicationNo
Supported CountriesUSA, UK, Australia, France, Germany, Hong Kong, Italy, Netherlands, Spain, Sweden, Switzerland, India, Belguim, Russia
Supported LanguagesEnglish, German, French, Russian, Italian

Netwrix Auditor Downloadables

Frequently Asked Questions

ManageEngine ADManager Plus are common alternatives for Netwrix Auditor.

Reviewers rate Support Rating highest, with a score of 8.6.

The most common users of Netwrix Auditor are from Mid-sized Companies (51-1,000 employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(53)

Community Insights

TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!

Netwrix Auditor has been widely used by various organizations to address a range of IT auditing and compliance needs. Many users have found it helpful in monitoring and identifying suspicious activity, generating comprehensive reports, and providing immediate response capabilities for incident management. For example, small organizations have benefited from Netwrix Auditor's ability to monitor failed logins, expiring passwords, and Windows file server activity, giving them peace of mind and enabling them to respond promptly to security threats. Additionally, companies have utilized the software to audit multiple systems including file servers, SQL servers, web servers, SharePoint servers, and Active Directory. This ensures access compliance and helps identify user file access patterns. The program is also being used by infrastructure departments to monitor changes to files, password updates, database changes, and GPO changes while accurately reporting on access to ITAR files. Furthermore, organizations have leveraged Netwrix Auditor for compliance reporting and analysis of activities in their domain, enabling greater insights into trends and occurrences across the entire organization. By utilizing this software solution, ICT departments can ensure compliance and housekeeping of servers by auditing system administrators' work. Likewise, IT departments have found value in conducting IT access rights audits with Netwrix Auditor as it provides visibility into network access while preventing unauthorized activity. The product is also employed by IS Access and IS Server Support teams to track changes for auditors, allowing visibility into modifications made to the internal AD. Moreover, organizations have utilized Netwrix Auditor to audit network accounts and gain visibility into AD modifications for compliance purposes and yearly tech audits. Beyond compliance needs, a law enforcement agency has used the software solution to prove the chain of custody of related files on file servers. Additionally, businesses have found Netwrix Auditor helpful in GDPR and ISO 27001 compliance analysis as it simplifies the detection and remediation of potential issues related to data protection regulations. For security departments within different organizations, Netwrix Auditor has been a valuable tool for tracking specific changes and addressing security problems, such as login failures and changes to user privileges. Research and innovation-focused organizations have also benefited from this product, as it ensures the security and confidentiality of information data while maintaining accessibility across branches. Furthermore, Netwrix Auditor has played a vital role in helping IS security teams monitor and manage changes to AD security setup, simplifying tasks, automating alerts, and increasing understanding of change within the AD environment. Lastly, users have leveraged the software to inspect technology environments comprehensively by generating alerts and daily reports on servers, network switches, locked accounts, file-level accesses, and more. Additionally, Netwrix Auditor logs user logins and sends email alerts for AD changes, providing users with timely notifications and ensuring transparency in the auditing process. With its robust features and capabilities, Netwrix Auditor has become an indispensable tool for organizations across various industries seeking to enhance their IT auditing practices. By offering comprehensive visibility into system activities, accurate reporting, and compliance monitoring, the software enables users to proactively address security threats, maintain regulatory compliance, and ensure the integrity of their IT infrastructure. Whether it's for small organizations looking for peace of mind or larger enterprises needing advanced auditing solutions, Netwrix Auditor proves to be a versatile and valuable asset in achieving effective IT governance.

Helpful Notifications: Several users have found Netwrix Auditor's ability to send warnings to users about expiring passwords and notifications for multiple failed logons to be helpful in preventing lockouts, spotting suspicious activity, and assisting with password changes.

Flexible Customization: Many reviewers appreciate the flexibility provided by Netwrix Auditor's 'Search' function, which allows them to create custom notifications and reports. This feature enables users to monitor specific events and set up email reports tailored to their needs.

Useful Alerts: Users highly value the alerts provided by Netwrix Auditor as they aid in identifying account lockouts, uncovering firewall issues, and offering insights into various aspects of the environment. The alerts are seen as a valuable tool for monitoring and maintaining system security effectively.

User Interface: Some users have expressed that the user interface of the Collector service could be improved to make it more intuitive and less overwhelming. They suggest that certain elements should be better organized and labeled clearly, as they currently find it confusing to navigate through the interface.

Technical Support: Several reviewers have mentioned experiencing slow response times from technical support when reporting issues with Netwrix Auditor. This has resulted in frustration and delays in problem resolution for these users. Prompt assistance is expected, especially for critical issues requiring immediate attention.

Documentation and Training: Users have raised concerns about the lack of comprehensive internal documentation and training materials provided by Netwrix. They feel that more detailed instructions, including videos and guides, would greatly help them learn how to effectively use Netwrix Auditor and maximize its potential within their organizations.

Based on user feedback, the following recommendations have been made for using Netwrix Auditor:

  • Use the virtual appliance option for quick deployment of Netwrix Auditor.
  • Get professional services to help set up Netwrix Auditor for data governance.
  • Plan and clean up Active Directory prior to implementing Netwrix Auditor for better system integration.
  • Understand how the audit trail works for Oracle databases before using Netwrix Auditor for Oracle DB auditing.
  • Install Netwrix on a dedicated server and configure reporting and alerts for maximum benefit.
  • Try out the free version of Netwrix first before purchasing.
  • Gain further insight and operate more efficiently with automated, canned, and customized reports in Netwrix Auditor.
  • Start with the trial version of Netwrix to ensure it meets all needs and supports the creation of custom reports.
  • Take advantage of the full featured trial license of Netwrix to learn about the product and its potential use case.
  • Implement Netwrix Auditor as an auditing tool, emphasizing its affordability.
  • Avoid using Netwrix Auditor if frequent server reboots are not desired and be aware that some users have found the GUI difficult to use.

Attribute Ratings

Reviews

(1-3 of 3)
Companies can't remove reviews or game the system. Here's why
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Netwrix Auditor is used mainly by the Security department. However, we often pull information from Netwrix Auditor for other IT departments. It addresses problems relating to figuring out who made specific changes and security problems. Being able to view login failures, changes to users privileges, and so much more information helps us stay on top of things.
  • Provides accurate information
  • Easy to generate reports
  • Easy to filter, after initial learning curve
  • Challenging to learn filter options when first using the product
  • Not much video training provided online for the product
  • Could have better training available (additional guides, videos)
Netwrix Auditor is great for reviewing events that occurred and tracking down the root cause of who/what made specific changes. It also works well for audits revolving around security and user accounts. The only situation I need to use a secondary product for is when I need to track down a specific IP or system. But that is only because of the licenses we have, if we purchased more we could get additional information out of the product.
  • Saves time for multiple IT departments
  • Resolves issues regarding who made a specific change
  • Ensures safety of company by easily providing information for audits
I find Netwrix Auditor to be more useful when reviewing security events. It works faster, is easier to gather information from, and easier to get help with support from issues. The only thing I prefer about Security Events Manger from Solarwinds is that they provide more training on their product. With additional training on Netwrix, users could get a lot more out of the product.
Customer support has always been fast and helpful when we run into any issues. The smaller issues are usually resolved within a day or two. It is great support and I feel like I am in good hands anytime an issue comes up. However, we don't run into many issues.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Being in the cutting-edge technological industry - visibility into what is happening in the IT environment is a core component of a solid security strategy for any research/innovation-oriented organization. With the implementation of Netwrix Auditor throughout the organization, we keep our entire information data secure and confidential and maintain the accessibility of that data from our branches.
  • Detect security threats.
  • Prove compliance.
  • Bit finicky at times.
Netwrix Auditor is a fantastic product that audits all of the items we need to audit. It will audit file servers, database server, Active Directory Servers, SharePoint servers and a whole lot more. We use it for all of these items and the price did not go up because we added more machine types.
  • It makes the job of our IT team easier.
  • Saving time required to prepare various reports.
Netwrix Auditor is a visibility and governance platform that allows you to monitor changes, configurations and access in IT infrastructure of important IT infrastructure components such as Active Directory, event logs, Exchange, Office 365, SQL Server, and others. Apart from that - what’s wonderful about this tool is that you can view before/after snapshots of your managed data. For instance, you can view Group Policy data as it existed before one of your colleagues made some blocking edits to the domain policy.
To deliver superior customer service experience to their clients they have clearly established workflow that ensures close cooperation of support representatives and software developers on all levels (Level 1-4 and Management Review). L1 is the primary point of contact that is assigned at the time the ticket is submitted or when calling for support. L2 Detailed investigation of issues. The person working at this level is usually a senior member of the R&D team of the Netwrix product associated with the ticket. L3 development is closely managed by a senior-level developer. The average response time for L3 is 3-4 business days, sometimes sooner. The job of L4 is to perform thorough testing of all hotfixes to make sure they fix what they are intended to fix, have seamless upgrade paths, and don't introduce any new problems affecting your Netwrix product and/or environment. Management Review that regularly performs reviews to ensure no delays occur and the ticket is handled according to their high standards of customer service.
ManageEngine OpManager, Wireshark, SolarWinds Remote Monitoring & Management
Score 9 out of 10
Vetted Review
Verified User
Incentivized
It is used by two departments, the User Department where I belong and the Security Team along with our Manager and CIO. It addresses auditing who did a change and what changes accounts are privileged do and can review a session of a user who logged into a server at maybe odd hours which could be suspicious.
  • Who has done the changes on systems
  • Password lockouts where it will tell you exactly where a person is locking which can be frustrating if it occurs too many times for one user.
  • It can show you things we rarely look at in our environment e.g on Active Directory things like duplicate group policy settings, empty security groups, computers which have not logged in in a long time thus helping you with your computer inventory.
  • Being able to get the actual device a user is locking in from Exchange Server because if a user is found to be locking out from an Exchange Server we have to look at Exchange Server IIS logs and parse through them using other tools like Log Parser looking for wrong password report. We need to use one product and that is Netwrix Auditor.
  • The software could also show when a server was restarted or rebooted.
When there have been changes to server configuration (User Activity logs this too) you are able to tell who has done them and where the changes were made. It is less appropriate in situations where there is an email missing in one's mailbox and they claim mail has been deleted as this is not captured.
  • Standby people no longer have to struggle to know where the user's account is locking.
  • Group policies were able to be troubleshot better due to being able to see duplicate settings from other group policies which avoided the clashing of group policies.
  • Removing clutter and risks on Active Directory e.g empty security groups, privileged accounts that shouldn't have privileges in the first place.
This was using its logs e.g IIS logs and loading them to Log Parser. Netwrix Auditor has all the audit tools you need, there are no fetching logs somewhere and loading to it manually. The reporting is robust and you can see an executive summary of risks in your environment in one screen. The software is modular which means you can add other systems e.g Sharepoint, SQL Server, etc as systems you want to monitor and have a one-stop-shop software for your organization without having disparate systems to audit other software packages.
They are very responsive and they can assist you remotely when you are stuck!!
10
Security Team - To do the auditing e.g users who hasn't logged for past 30 days, privilege account group membership changes, track what privilege users change and do (auditing Infrastructure Analysts)
Infrastructure Analysts - to do auditing on AD and Exchange Changes. Keep on check who is created and when they are disabled when a user is terminated, checking things like empty security groups to reduce clutter in AD including duplicate Group policies which can help troubleshoot our group policy issues
Help Desk - Use the tool to be sure where a user account locks out, to be on alert of any user they create and disable for termination. They are the user account creators in the organisation
Skills on managing all the modules we have - all minus SQL Server and Oracle Database
People whose main job is IT auditing which we dont have
Security training in things like intrusion detection
  • Easily see where an account is locking
  • Refer back to changes made if YOU MADE A MISTAKE IN THAT CONFIGURATION TO EASILY ROLL BACK!
  • Reconcile users who have left the organisation to check whether they are not on AD
  • Troubleshoot duplicates on Group Policies which can lead to problems. It works nicely
  • Clear old data and clutter, as far as 5 years ago (e.g old service accounts and old users who have left the organisation!)
  • After account is disabled (when a person is terminated) we use the report to delete them after 60 days and this is helpful in reconciling our user account inventory to make sure that terminated users are removed
  • Our privileged account users are kept on check, this makes sure that there are no unauthorized changes (we have a change management process)
  • We are able to see "problem users" who require account unlocks frequently and most are locked on the Exchange server from their devices by not updating new password, but to tell what device we have to use a 3rd party tool (Log Parser) with Exchange IIS logs
  • Better risk definitions on the product
We have renewed already the licensing of the product minus SQL Server and Oracle Database because the organisation believes the modules are very expensive and have identified a different product for auditing Databases
Other modules are very important like the User Activity monitor, AD queries that we can not get from the native AD itself or you have to run complicated powershell scripts!
Easy to use interface
Pre-defined Reports
Easy way to subscribe to important alerts e.g Privilege account group membership changes
No
  • Product Features
  • Product Usability
  • Product Reputation
Product features - There was so much to offer in terms of predefined queries from AD or Exchange or User Activity. Most Exchange and AD queries were difficult to get because native Microsoft tools required you to have knowledge of Powershell and complex Powershell queries. Netwrix Auditor takes care of that from the logs it gets from the Domain Controllers.
You didnt have to have knowledge of powershell
Queries were off the shelf
Could record user activity during internal investigations
Check first if sometimes you won't require another product to further dig deeper on an investigation. The one in question is as stated before when a user gets locked out (our threshold is 10 times of bad password) from a device e.g IPad the product won't tell you BUT will tell you it is from the Exchange Server and you don't have sufficient information, you only get the final piece of the puzzle by using a third party tool (Log Parser) and Exchange Server IIS log files to parse through for password errors and you get the answer including the device name and software version
  • Implemented in-house
Yes
It was initially used to check where accounts lock
Then other modules were licensed such as Exchange Server and further usage of the AD module, User Activity and this was difficult because there was a lot of trial and error and with the help of Netwrix Support then the software became user friendly to our eyes as we saw it and realised that it was actually easy to use. Therefore there were two phases 1. Setting up AD Maintenance Plan ourselves 2. The rest of the modules with the assistance of Netwrix Support
Change management was a small part of the implementation and was well-handled
Management was supportive looking at the fact that we chose the product from research on the Internet. Management also wanted to have a product that will help us with easy report generation for IT audits as mostly it was a manual process and the IT audit team felt we were taking long to provide information. Netwrix Auditor enabled us to get instant reporting for IT Audits and there is a very fast turn around time for IT Audit report requests
  • Lack of Training or Trialing before buying
  • Finding the product difficult at first as we didn't quite understand the way it really works e.g it has to get the event log from the Domain Controller
  • Learning the product through the Netwrix Support
  • Lack of interest from some team members in using it at the beginning
Make sure you trial the software and understand the fundamentals of each module that you are interested in
Make sure you get the buy in from both Management and most importantly your team members (the product users) for a successful implementation
Watch the webinars of the product from the product website
Yes
Because we don't have anyone clearly trained. The training is not done in the country BUT we do watch some training webinars on the Netwrix website. We do try first line of all else fails we escalate to Netwrix Support.
No
When the software was first installed and learned from the first support call and it was the initial response which didnt take long, it was how to trace where a user account is locking. We were not using the correct pre-defined report!
  • Pre-Defined Reports
  • User Activity Monitoring
  • Executive Dashboard
  • Ascertaining a device (e.g IPad, Samsung, iPhone) which user account is locking on
  • Executive Dashboard sometimes not accurate e.g last time user logged in
  • Database management
The product has user friend pre-defined queries which takes off the stress and horrors of having to query Active Directory with complex Powershell scripts!
You can subscribe to certain functions when they are done and you get an alert e.g privileged accounts actions and you don't need to have programming skills
The product has a desktop version of the software and donot have to login to the server all the time you need to use it.
You can see very fast the posture of your environment of the overview screen and deduce what exactly is wrong and what has to be done
Return to navigation