Merge pull request #257 from netwrix/dev

29th September 2025 Release

Author: james-s-anderson

.github/CODEOWNERS

@@ -152,3 +152,6 @@
 /sidebars/threatprevention/ @netwrix/threatprevention-docs
 /static/files/threatprevention/ @netwrix/threatprevention-docs
 /static/images/threatprevention/ @netwrix/threatprevention-docs
+
+# Knowledge base team
+/docs/kb/ @netwrix/kb-docs

docs/1secure/requirements/CloudAgentRequirements.md

@@ -18,6 +18,7 @@ For its correct installation Netwrix Cloud Agent needs the following software re
 
 - Windows Server OS (strongly recommended):
 
+    - Windows Server 2025
     - Windows Server 2022
     - Windows Server 2019
     - Windows Server 2016
@@ -49,4 +50,4 @@ Configuration.xml file, which is located on the agent host at:
 `C:\ProgramData\Netwrix Cloud Agent\AgentCore\ConfigServer\Configuration.xml`
 
 You must also open the outbound TCP port 443 on the server where the Netwrix Cloud Agent resides.
-See the [Install Agent](/docs/1secure/install/installagent.md) topic
+See the [Install Agent](/docs/1secure/install/installagent.md) topic

docs/auditor/10.8/admin/monitoringplans/azurefiles.md

@@ -1,56 +1,66 @@
 ---
-title: "Azure Files Monitoring Plan"
+title: "Azure Files"
 description: "Create and configure Azure Files monitoring plans in Netwrix Auditor v10.8"
 sidebar_position: 85
 ---
 
-# Azure Files Monitoring Plan
+# Azure Files
 
-Create monitoring plans for Azure Files to track file and folder changes across your Azure storage accounts.
+Create monitoring plans for Azure Files to track file and folder changes across your Azure storage accounts
 
 ## Prerequisites
 
+- **[Azure Application registered](/docs/auditor/10.8/configuration/azurefiles/overview.md#azure-application-registration)** with required **[permissions](/docs/auditor/10.8/configuration/azurefiles/overview.md#configure-api-permissions)**
+- **[Diagnostic Settings configured](/docs/auditor/10.8/configuration/azurefiles/overview.md#diagnostic-settings)** for storage accounts
 - **[Azure Files Configuration](/docs/auditor/10.8/configuration/azurefiles/overview.md)** completed
-- **Azure Application** registered with required permissions
-- **Diagnostic settings** enabled for storage accounts
+
 
 ## Create Monitoring Plan
 
 ### Step 1: Create New Monitoring Plan
 
-1. Navigate to **Home > Monitoring Plans**
-2. Click **Create New Monitoring Plan**
-3. Provide monitoring plan name
-4. Create audit database
-5. Configure email notification method
+1. In the **Netwrix Auditor**, go to **Home > Monitoring Plans > + Add Plan**
+2. Select **Azure Files**
+3. Configure:
+ - [Audit database (SQL)](/docs/auditor/10_8/admin/settings/auditdatabase)
+ - [Notifications (SMTP or Exchange Online)](/docs/auditor/10_8/admin/settings/notifications)
+ - Plan name and description
+ - Select **Add item now**
 
-### Step 2: Add Azure Files Data Source
 
-1. Click **Add Data Source**
-2. Select **Azure Files**
-3. Configure connection settings:
-   - **Tenant ID** (use ID, not tenant name)
-   - **Application ID**
-   - **Application Secret**
-   - **Subscription ID**
+### Step 2: Add Item for Monitoring
+
+- Option A – Storage Account → Enter **Storage Account Name, Subscription ID, Tenant Name, Application ID, Application Secret**
+- Option B – Subscription → Enter **Subscription Name, Subscription ID, Tenant Name, Application ID, Application Secret**
+
+**Tip:** If you have multiple storage accounts, use the subscription option for easier management
+
+
+### Step 3: Configure Monitoring Scope and Actions
+
+1. In the **Netwrix Auditor**, double-click your **Azure Files plan**
+2. Enable **Monitor this data source and collect activity data**
+
+3. Select actions:
+
+   - **Changes (Success/Fail)** → Track file creation, modification, deletion, and failed attempts
+     - **Successful** - Use this option to track changes to your data. It helps to find out who made changes to your files, including their creation and deletion
+     - **Failed** - Use this option to detect suspicious activity on Azure Files. It helps to identify potential intruders who tried to modify or delete files, etc., but failed to do it
+
+   - **Read Access (Success/Fail)** → Track file reads and unauthorized read attempts
+     - **Successful** - Show successful attempts to read files
+     - **Failed** - Use this option to track suspicious activity. Helps find out who was trying to access your private data without proper justification.Enabling this option on public shares will result in a high number of events generated on Azure Files and the amount of data written to the Long-Term Archive
 
-### Step 3: Configure Storage Accounts
+**Note:** Enabling read access auditing on public shares may generate high event volume
 
-Configure storage account settings (requires separate accounts):
-- **File Share Storage Account** - Contains the file shares to monitor
-- **Audit Log Storage Account** - Stores diagnostic logs (must be separate account)
-- **Resource Group** - Resource group containing the storage accounts
+**Tip:** Only enable read auditing where compliance requires it (e.g., HR, Finance)
 
-### Step 4: Configure Monitoring Options
+4. Add exclusions → e.g., service accounts that produce excessive logs
 
-Select monitoring options:
-- **Track changes** (successful/failed operations)
-- **Monitor read access** (optional - increases audit volume)
-- **User monitoring restrictions** (specify users to exclude from monitoring)
 - **Monitored object types** - Select from:
-  - Files
-  - Folders
-  - Shares
+ - Files
+ - Folders
+ - Shares
 - **Monitored actions** - Configure which file operations to track
 
 ### Step 5: Test Connection
@@ -64,7 +74,7 @@ Click **Test Connection** to verify:
 
 After creating the monitoring plan:
 1. **Verify data collection** is working
-2. **Configure reports** as needed
-3. **Set up alerts** for important events
+2. **[Configure reports](/docs/auditor/10_8/admin/reports/overview)** as needed
+3. **[Set up alerts](/docs/auditor/10_8/admin/alertsettings/create/)** for important events
 
-For configuration requirements, see [Azure Files Configuration](/docs/auditor/10.8/configuration/azurefiles/overview.md).
+For configuration requirements, see [Azure Files Configuration](/docs/auditor/10.8/configuration/azurefiles/overview.md)

docs/auditor/10.8/configuration/azurefiles/_category_.json

@@ -1,4 +1,10 @@
 {
   "label": "Azure Files",
-  "position": 15
-}
+  "position": 15,
+   "collapsed": true,
+  "collapsible": true,
+  "link": {
+    "type": "doc",
+    "id": "overview"
+  }
+}

docs/auditor/10.8/configuration/azurefiles/monitoredobjects.md

@@ -0,0 +1,23 @@
+---
+title: "Monitored Object Types, Actions, and Attributes"
+description: "Examine the list of actions that have been audited and reported by Azure Files data collector in the Netwrix Auditor 10.8"
+sidebar_position: 2
+---
+
+Examine the list of actions that have been audited and reported by Azure Files data collector in the Netwrix Auditor 10.8
+
+| Action | File | Folder | Share |
+|--------|------|--------|-------|
+| Added | + | + | + |
+| Add (failed attempt) | + | + | – |
+| Modified | + | + | + |
+| Modify (failed attempt) | + | + | – |
+| Moved | + | + | – |
+| Move (failed attempt) | + | + | – |
+| Read | + | – | – |
+| Read (failed attempt) | + | + | – |
+| Renamed | + | + | – |
+| Renamed (failed attempt) | – | – | – |
+| Removed | + | + | + |
+| Remove (failed attempt) | – | – | – |
+| Copied | – | – | – |