Transcription
Netwrix Auditorfor NetAppQuick-Start GuideVersion: 9.969/7/2020
Legal NoticeThe information in this publication is furnished for information use only, and does not constitute acommitment from Netwrix Corporation of any features or functions, as this publication may describefeatures or functionality not applicable to the product release or version you are using. Netwrix makes norepresentations or warranties about the Software beyond what is provided in the License Agreement.Netwrix Corporation assumes no responsibility or liability for the accuracy of the information presented,which is subject to change without notice. If you believe there is an error in this publication, please reportit to us in writing.Netwrix is a registered trademark of Netwrix Corporation. The Netwrix logo and all other Netwrix productor service names and slogans are registered trademarks or trademarks of Netwrix Corporation. Microsoft,Active Directory, Exchange, Exchange Online, Office 365, SharePoint, SQL Server, Windows, and WindowsServer are either registered trademarks or trademarks of Microsoft Corporation in the United Statesand/or other countries. All other trademarks and registered trademarks are property of their respectiveowners.DisclaimersThis document may contain information regarding the use and installation of non-Netwrix products.Please note that this information is provided as a courtesy to assist you. While Netwrix tries to ensurethat this information accurately reflects the information provided by the supplier, please refer to thematerials provided with any non-Netwrix product and contact the supplier for confirmation. NetwrixCorporation assumes no responsibility or liability for incorrect or incomplete information provided aboutnon-Netwrix products. 2020 Netwrix Corporation.All rights reserved.2/37
Table of Contents1. Introduction1.1. Netwrix Auditor Features and Benefits2. Prerequisites and System Requirements5562.1. Supported Data Sources62.2. Requirements to Install Netwrix Auditor62.2.1. Hardware Requirements62.2.2. Software Requirements72.2.2.1. Using SSRS-based Reports83. Review Components Checklist93.1. Data Collecting Account94. Configure NetApp Filer for Monitoring4.1. Configure NetApp Clustered Data ONTAP 8 and ONTAP 9 for Monitoring11114.1.1. Prerequisites114.1.2. Configure ONTAPI Web Access124.1.3. Configure Firewall Policy134.1.4. Configure Event Categories and Log145. Install the Product166. Monitoring Plans186.1. Create a New Plan186.1.1. Settings for Data Collection186.1.2. Default SQL Server Instance196.1.3. Database Settings206.1.4. SMTP Server Settings226.1.5. Email Notification Recipients226.1.6. Monitoring Plan Summary226.2. Add Items for Monitoring6.2.1. NetApp6.2.1.1. Configure Scope2323253/37
6.3. Launch Data Collection Manually and Update Status277. Make Test Changes298. See How Netwrix Auditor Enables Complete Visibility308.1. Review an Activity Summary318.2. Review Overview Dashboard328.3. Review the All Changes Report338.4. Browse Data with Intelligence Search339. Related Documentation374/37
Netwrix Auditor for NetApp Quick-Start Guide1. Introduction1. IntroductionThis guide is intended for the first-time users of Netwrix Auditor for NetApp. It can be used for evaluationpurposes, therefore, it is recommended to read it sequentially, and follow the instructions in the order theyare provided. After reading this guide you will be able to:lInstall and configure Netwrix AuditorlCreate a monitoring plan to start auditing NetApp applianceslLaunch data collectionlSee how Netwrix Auditor enables complete visibilityNOTE: This guide only covers the basic configuration and usage options for auditing NetApp applianceswith Netwrix Auditor. For advanced installation scenarios and configuration options, as well as forinformation on various reporting possibilities and other product features, refer to Netwrix OnlineHelp Center.1.1. Netwrix Auditor Features and BenefitsNetwrix Auditor is a visibility platform for user behavior analysis and risk mitigation that enables controlover changes, configurations and access in hybrid IT environments to protect data regardless of itslocation. The platform provides security analytics to detect anomalies in user behavior and investigatethreat patterns before a data breach occurs.Netwrix Auditor includes applications for Active Directory, Active Directory Federation Services, Azure AD,Exchange, Office 365, Windows file servers, EMC storage devices, NetApp filer appliances, Nutanix Files,network devices, SharePoint, Oracle Database, SQL Server, VMware, Windows Server, and User Activity.Empowered with a RESTful API, the platform delivers visibility and control across all of your on-premises orcloud-based IT systems in a unified way.Major benefits:lDetect insider threats—on premises and in the cloudlPass compliance audits with less effort and expenselIncrease productivity of IT security and operations teamsTo learn how Netwrix Auditor can help your achieve your specific business objectives, refer to NetwrixAuditor Best Practices Guide.Netwrix Auditor for NetApp detects and reports on all changes made to NetApp Filer appliances both incluster- and 7-modes, including modifications of files, folders, shares and permissions, as well as failed andsuccessful access attempts.5/37
Netwrix Auditor for NetApp Quick-Start Guide2. Prerequisites and System Requirements2. Prerequisites and SystemRequirementsThis section lists the requirements for the systems that are going to be audited with Netwrix Auditor, andfor the computer where the product is going to be installed.To learn about Netwrix Auditor licenses, refer to the following Netwrix Knowledge Base article: NetwrixAuditor Licensing FAQs. To learn how to install a license, refer to Licenses.To learn about ports and protocols required for product operation, refer to Protocols and Ports Requiredfor Netwrix Auditor.To learn about security roles and permissions required for product operation, refer to Configure NetwrixAuditor Service Accounts.2.1. Supported Data SourcesThe table below lists systems that can be monitored with Netwrix Auditor for NetApp:Data sourceNetAppSupported VersionslNetApp ONTAP 9.0 – 9.7lNetApp Clustered Data ONTAP 8.2.1 – 8.2.3, 8.3, 8.3.1, 8.3.2NOTE: For NetApp storage systems, only CIFS configuration issupported.2.2. Requirements to Install Netwrix AuditorThis section provides the requirements for the computer where Netwrix Auditor is going to be installed.Refer to the following sections for detailed information:lHardware RequirementslSoftware Requirements2.2.1. Hardware RequirementsThis section provides rough estimations of the resources required for Netwrix Auditor PoC or evaluationdeployment. Consider that actual hardware requirements will depend on your monitored infrastructure,the number of users in your environment, and activities that occur in the infrastructure per day.6/37
Netwrix Auditor for NetApp Quick-Start Guide2. Prerequisites and System RequirementsThe metrics provided in this section are valid for clean installation on a server without any additional rolesor third part applications installed on it. The use of virtual machine is recommended.Below you can find rough estimations, calculated for evaluation of Netwrix Auditor for NetApp. Refer toNetwrix Online Help Center for complete information on the Netwrix Auditor hardware requirements.You can deploy Netwrix Auditor on a virtual machine running Microsoft Windows guest OS on thecorresponding virtualization platform, in particular:lVMware vSpherelMicrosoft Hyper-VlNutanix AHVNote that Netwrix Auditor supports only Windows OS versions listed in the Software Requirementssection.Hardware component Starter, evaluation, or small environmentProcessor2 coresRAM4 GBDisk space100 GB—System drive100 GB—Data drive (Long-Term Archive and SQL Server)Screen resolutionMinimum 1280 x 1024Recommended 1920 x 1080 or higher2.2.2. Software RequirementsThe table below lists the software requirements for the Netwrix Auditor installation:ComponentRequirementsOperating systemWindows Server OS:lWindows Server 2019lWindows Server 2016lWindows Server 2012 R2lWindows Server 2012Windows Desktop OS (64-bit):lWindows 107/37
Netwrix Auditor for NetApp Quick-Start Guide2. Prerequisites and System RequirementsComponentRequirementslWindows 8.1.NET Frameworkl.NET Framework 4.5 and above.InstallerlWindows Installer 3.1 and above2.2.2.1. Using SSRS-based ReportsSQL Server Reporting Services are needed for this kind of reports (see SQL Server Reporting Services). If youplan to export or print such reports, check the requirements below.ExportTo export SSRS-based reports, Internet Explorer must be installed on the machine where Netwrix Auditorclient runs.Internet Options must be configured to allow file downloads for the Local intranet zone:1. Select Internet Options and click Security.2. Select Local intranet zone and click Custom level.3. In the Settings list, locate Downloads File download and make sure the Enabled option isselected.PrintingTo print SSRS-based reports, SSRS Report Viewer and Netwrix Auditor Client require ActiveX Control to beinstalled and enabled on the local machine. See this Knowledge Base article for details.You can, for example, open any SSRS-based report using Internet Explorer and click Print. Internet Explorerwill prompt for installation of the additional components it needs for printing. Having them installed, youwill be able to print the reports from Netwrix Auditor UI as well.8/37
Netwrix Auditor for NetApp Quick-Start Guide3. Review Components Checklist3. Review Components ChecklistTo speed up the evaluation process, Netwrix recommends you to ensure that the following services andcomponents are up and running prior to the Netwrix Auditor installation.Service or componentRecommendationsNetwork and target systemsor servers that work as yourdata sourcesTest connectivity to your data source. Make sure you can access it by itsNetBIOS and FQDN name from the computer where you intend toinstall Netwrix Auditor—use the nslookup command-line tool to lookup domain names. Domain controllers must be accessible as well.SQL Server with ReportingServices(orAdvancedServices) 2008 or higher.Supported SQL Server versions are listed here.Consider maximum database size in different versions. Make yourchoice based on the size of the environment you are going to monitor,the number of users, and other factors. Remember that maximumdatabase size in Express editions may be insufficient.NOTE: Although Netwrix Auditor provides a convenient way todownload SQL Server 2014 Express edition right from theproduct, it is recommended to deploy SQL Server instance inadvance.If installed separately,connectivity.Test accountremembertotestSQLServerNetwrix recommends you to create a special account with extensiveprivileges. This account should have sufficient permissions to:lCollect audit data. See Data Collecting Account for moreinformation.lAccess data stored in the SQL Server instance:lThe account must be assigned the Database owner (dbowner) role and the dbcreator server role.lThe account must be assigned the Content Manager role onthe SSRS Home folder.lMake test changes in your environment.3.1. Data Collecting AccountThis is a service account that Netwrix Auditor uses to collect audit data from the monitored items(domains, OUs, servers, etc.). Netwrix recommends creating a dedicated service account for that purpose.9/37
Netwrix Auditor for NetApp Quick-Start Guide3. Review Components ChecklistDepending on the data source your monitoring plan will process, the account must meet thecorresponding requirements (see the table below).Starting with version 9.96, you can use group Managed Service Account (gMSA) as data collecting account.Currently, the following data sources are supported: Active Directory (also for Group Policy and LogonActivity), Windows Server, File Server (currently for Windows File Servers), SQL Server, SharePoint.For more details about gMSA usage, see Using Group Managed Service Account (gMSA).The gMSA should also meet the related requirements (see the table below).NOTE: The information in this section is outside the quick-start guide scope and is provided for referenceonly. For detailed instructions on how to configure the data collecting account to access youraudited platform or application, see Netwrix Auditor Online Help Center .Data sourceRequired rights and permissions:NetAppFor NetApp Auditing10/37
Netwrix Auditor for NetApp Quick-Start Guide4. Configure NetApp Filer for Monitoring4. Configure NetApp Filer forMonitoringYou can configure your file shares for monitoring in one of the following ways:lAutomatically when creating a monitoring plan. If so, your current audit settings will be periodicallychecked by Netwrix Auditor and adjusted if necessary.NOTE: To use this option for NetApp Clustered Data ONTAP 8 or ONTAP 9, make sure that auditconfiguration has been created (with vserver audit create command) for the targetsyste; enabling audit configuration is optional. See Configure NetApp Clustered Data ONTAP 8and ONTAP 9 for Monitoring for more information.lManually. See Netwrix Auditor Installation and Configuration Guide for more information.4.1. Configure NetApp Clustered Data ONTAP 8 andONTAP 9 for MonitoringTo configure Clustered Data ONTAP 8 and ONTAP 9 for monitoring, perform the following procedures:lPrerequisiteslConfigure ONTAPI Web AccesslConfigure Firewall PolicylConfigure Event Categories and Log4.1.1. PrerequisitesPerform the steps below before proceeding with audit configuration:1. Configure CIFS server and make sure it functions properly.NOTE: NFS file shares are not supported.2. Configure System Access Control List (SACL) on your file share.3. Set the Security Style for Volume or Qtree where the audited file shares are located to the "ntfs" or"mixed".4. Configure audit manually. For 8.3, review the Auditing NAS events on SVMs
6.2.1.NetApp Completethefollowingfields: Option Description General SpecifyNetAppfileserver ProvideaservernamebyenteringitsFQDN,NETBIOSorIPv4 istof computersinyournetwork. FileshareUNC pathtoaudit logs Selectoneofthefollowing: l llbe