Skip to content

Netwrix Threat Manager 3.2 GA docs #887

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
edwin-narus merged 15 commits into from
May 13, 2026
Merged

Netwrix Threat Manager 3.2 GA docs #887

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
5430d49
Create 3.2 version
Apr 30, 2026
2678f2b
Add ThreatManager 3.2 upgrade docs and images
Apr 30, 2026
1a7601e
Add new ADCS threats
edwin-narus May 11, 2026
4937918
Update Service Accounts for Threat Manager
edwin-narus May 11, 2026
62b0be3
Update install overview
May 11, 2026
4c4ca38
Update port documents to remove 636
May 11, 2026
7ee53aa
Create 3.2 version
Apr 30, 2026
12bb444
Add ThreatManager 3.2 upgrade docs and images
Apr 30, 2026
01d58ea
Update Service Accounts for Threat Manager
edwin-narus May 11, 2026
2ecdb47
Update install overview
May 11, 2026
ed43c76
Update port documents to remove 636
May 11, 2026
bed172a
Merge from dev
May 11, 2026
e76e0ed
Merge from dev
May 11, 2026
fd7d8c1
Fix merge
May 11, 2026
e5c934a
fix(vale): auto-fix style issues (Vale + Dale)
github-actions[bot] May 11, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 2 additions & 15 deletions docs/threatmanager/3.0/requirements/ports.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@ sidebar_position: 50

The following figure shows Netwrix Threat Manager architecture and component interactions.


![threatmanagerserver](/images/threatmanager/3.0/requirements/threatmanagerserver.webp)

Configure appropriate firewall rules to allow these connections.
Expand All @@ -22,18 +21,7 @@ applications that provide the data stream:
| ----------------------- | -------- | ----- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Inbound | UDP | 10000 | Syslog messaging File System event data stream from Activity Monitor agent hosts |
| Inbound | TCP | 10001 | Advanced Message Queuing Protocol (AMQP) Active Directory event data stream from Activity Monitor agent hosts Active Directory event data stream from Threat Prevention agent hosts File System event data stream from Threat Prevention agent hosts |
| Bidirectional | TCP | 8080 | Access Analyzer Console hosts |

## Application Services Firewall Rules

The following firewall settings are required for communication for the Threat Manager services:

| Communication Direction | Protocol | Ports | Description |
| ----------------------- | -------- | --------------------------------- | -------------------------------------------------------------------------------- |
| Bidirectional | TCP | 55555 | Active Directory authentication for the application console |
| Bidirectional | TCP | 55556 | Active Directory authentication for the application console |
| Bidirectional | TCP | 55557 | Local host communication from the Event Service to the Job Service agent hosts |
| Bidirectional | TCP | Dynamically Configured on Startup | Local host communication from the Event Service to the Job Service agent hosts |
| Bidirectional | TCP | 8080 | Access Analyzer Console Hosts |

## Database Firewall Rules

Expand All @@ -48,7 +36,7 @@ recommended or the default.

| Communication Direction | Protocol | Ports | Description |
| ----------------------- | -------- | ----- | ------------------------------------------------------------------------------------- |
| Outbound | TCP | 5432 | Local Host and Remote communication from the PostgreSQL to the Threat Manager server. |
| Outbound | TCP | 5435 | Local Host and Remote communication from the PostgreSQL to the Threat Manager server. |

## Application Console Access Firewall Rules

Expand Down Expand Up @@ -76,7 +64,6 @@ Active Directory domain controllers:
| Outbound | TCP | 88 | Kerberos-sec |
| Outbound | TCP | 135 | The endpoint mapper tells the client which randomly assigned port a service (FRS, AD replication, MAPI, etc.) is listening on |
| Outbound | TCP | 389 | LDAP |
| Outbound | TCP | 636 | SSL LDAP |
| Outbound | TCP | 9389 | Active Directory Web Services |
| Outbound | TCP | Various | The port that 135 reports. Used to bulk translate AD object names between formats.(Ephemeral Ports) |

Expand Down
21 changes: 5 additions & 16 deletions docs/threatmanager/3.1/requirements/ports.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ sidebar_position: 50

# Ports Requirements

The following figure shows the Netwrix Threat Manager architecture and component interactions.
The following figure shows Netwrix Threat Manager architecture and component interactions.

![threatmanagerserver](/images/threatmanager/3.0/requirements/threatmanagerserver.webp)

Expand All @@ -19,21 +19,10 @@ applications that provide the data stream:

| Communication Direction | Protocol | Ports | Description |
| ----------------------- | -------- | ----- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Inbound | UDP | 10000 | Syslog messaging File System event data stream from Activity Monitor agent hosts |
| Inbound | TCP | 10001 | AMPQ Active Directory event data stream from Activity Monitor agent hosts Active Directory event data stream from Threat Prevention agent hosts File System event data stream from Threat Prevention agent hosts |
| Inbound | UDP | 10000 | Syslog messaging File System event data stream from Activity Monitor agent hosts |
| Inbound | TCP | 10001 | Advanced Message Queuing Protocol (AMQP) Active Directory event data stream from Activity Monitor agent hosts Active Directory event data stream from Threat Prevention agent hosts File System event data stream from Threat Prevention agent hosts |
| Bidirectional | TCP | 8080 | Access Analyzer Console Hosts |

## Application Services Firewall Rules

The following firewall settings are required for communication for the Threat Manager services:

| Communication Direction | Protocol | Ports | Description |
| ----------------------- | -------- | --------------------------------- | -------------------------------------------------------------------------------- |
| Bidirectional | TCP | 55555 | Active Directory log in to the application console |
| Bidirectional | TCP | 55556 | Active Directory log in to the application console |
| Bidirectional | TCP | 55557 | Local host communication from the Event Service to the Job Service agent hosts |
| Bidirectional | TCP | Dynamically Configured on Startup | Local host communication from the Event Service to the Job Service agent hosts |

## Database Firewall Rules

The following firewall settings are required for communication between the Threat Manager server and
Expand All @@ -47,7 +36,7 @@ recommended or the default.

| Communication Direction | Protocol | Ports | Description |
| ----------------------- | -------- | ----- | ------------------------------------------------------------------------------------- |
| Outbound | TCP | 5432 | Local Host and Remote communication from the PostgreSQL to the Threat Manager server. |
| Outbound | TCP | 5435 | Local Host and Remote communication from the PostgreSQL to the Threat Manager server. |

## Application Console Access Firewall Rules

Expand Down Expand Up @@ -75,7 +64,7 @@ Active Directory domain controllers:
| Outbound | TCP | 88 | Kerberos-sec |
| Outbound | TCP | 135 | The endpoint mapper tells the client which randomly assigned port a service (FRS, AD replication, MAPI, etc.) is listening on |
| Outbound | TCP | 389 | LDAP |
| Outbound | TCP | 636 | SSL LDAP |
| Outbound | TCP | 9389 | Active Directory Web Services |
| Outbound | TCP | Various | The port that 135 reports. Used to bulk translate AD object names between formats.(Ephemeral Ports) |

## Remote Action Service Firewall Rules
Expand Down
10 changes: 10 additions & 0 deletions docs/threatmanager/3.2/administration/_category_.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
{
"label": "Administration",
"position": 40,
"collapsed": true,
"collapsible": true,
"link": {
"type": "doc",
"id": "overview"
}
}
10 changes: 10 additions & 0 deletions docs/threatmanager/3.2/administration/configuration/_category_.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
{
"label": "Configuration Menu",
"position": 20,
"collapsed": true,
"collapsible": true,
"link": {
"type": "doc",
"id": "overview"
}
}
10 changes: 10 additions & 0 deletions docs/threatmanager/3.2/administration/configuration/integrations/_category_.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
{
"label": "Integrations Interface",
"position": 30,
"collapsed": true,
"collapsible": true,
"link": {
"type": "doc",
"id": "overview"
}
}
Loading
Loading